Virenfund

sebi · 11 Dezember 2009

Jetz hats mich auch erwischt.
Ich hab heute den virentest durchlaufen lassen. Der hat erstaunlicherweise was gefunden: Viren un Trojaner im Ordner Windows.old und den Local/Temp dateien. Ich hab aber nie einen doppelklick gemacht und auch sofort gelöscht (desinfizieren war nicht möglich). Ich habe kein merkwürdiges Verhalten bemerkt, kein starten der HD oder Fenster die sich öffnen oder so. Kaspersky meldet keine Bedrohungen mehr. Vor 2 tagen war aber mal meine virendatenbank kaputt. ich hab sie neu heruntergfeladen.
Die gelöschten Dateien sind alles wma oder exe Dateien. Keine Ahnug wo die exe herkommen (steht aber selfupdate im Ordnernahmen).

Ich mach kein E-Banking oder filesharing auf dem PC.

Ich bitte um eure Meinung.

sebi · 11 Dezember 2009

Ein teil hat sich als Fehlalarm herausgestellt. (Viren)
Die Trojaner sind in DAteien im Müllkübel in einer alten windows-installation. Seit monaten nicht mehr benutzt.
was meint ihr ?

Larusso · 12 Dezember 2009

Hy,

Schicke mir bitte einmal den Bericht von Kaspersky mit den Funden.

Larusso · 12 Dezember 2009

Hallo Sebi. Ich betreue prinzipiell nicht via PN.

Sehen wir uns dein System einmal genauer an, ob es an Malware liegt.
Bitte arbeite jeden Schritt der Reihe nach ab.
Sollte es Probleme geben, stoppen und hier so genau als möglich berichten.
Bitte alles in Deinen Admin Konto ausführen, nicht in einen eingeschränkten Benutzerkonto.

Vista und Win7 User: Bitte alle Tools mit Rechtsklick: als Admin Starten ausführen.

Manche Logfiles sind ziemlich lange, bitte in mehrere Posts aufteilen.

schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die

Textbox.

Code:

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf

.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tagshttp://www.hijackthis-forum.de/hija...stelle-ich-ein-logfile-update.html#post154284 in Deinen Thread

schritt 2

Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Rootkitscan mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

Bitte poste in Deiner nächsten Antwort
Logfiles von OTL
Log von RootRepeal

sebi · 12 Dezember 2009

OTL log:

Code:

OTL logfile created on: 12.12.2009 23:02:01 - Run 1
OTL by OldTimer - Version 3.1.16.0     Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440.76 Gb Total Space | 218.19 Gb Free Space | 49.50% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.20 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 139.58 Gb Free Space | 29.97% Space Free | Partition Type: NTFS
 
Computer Name: SEBASTIAN-PC
Current User Name: Sebastian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[COLOR=#E56717]========== Processes (SafeList) ==========[/COLOR]
 
PRC - [2009.12.12 23:00:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Downloads\OTL.exe
PRC - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009.09.27 16:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009.09.27 15:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.08.18 20:54:11 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009.07.09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.04.11 07:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2008.10.28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008.10.28 15:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008.01.19 08:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
 
 
[COLOR=#E56717]========== Modules (SafeList) ==========[/COLOR]
 
MOD - [2009.12.12 23:00:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Downloads\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.04.25 17:22:22 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
MOD - [2008.04.25 17:21:50 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll
 
 
[COLOR=#E56717]========== Win32 Services (SafeList) ==========[/COLOR]
 
SRV - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.09.27 16:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009.09.27 15:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.18 20:54:11 | 00,201,992 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009.07.09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.04.30 11:23:26 | 00,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.12.12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.11.19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.11.04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008.03.25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.03.25 20:25:50 | 00,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008.01.19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006.11.08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[COLOR=#E56717]========== Standard Registry (SafeList) ==========[/COLOR]
 
 
[COLOR=#E56717]========== Internet Explorer ==========[/COLOR]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 F0 97 BF A2 1E CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[COLOR=#E56717]========== FireFox ==========[/COLOR]
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "http://www.bing.ch/"
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 16:14:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.07 16:14:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.09.12 17:03:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009.08.18 20:37:27 | 00,000,000 | ---D | M]
 
[2009.08.19 17:01:17 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2009.12.11 21:10:43 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\uril4hyp.default\extensions
[2009.12.11 21:10:39 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\uril4hyp.default\extensions\fsonlinescanner@f-secure.com
[2009.08.19 17:01:03 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.30 23:59:14 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.07.30 23:59:14 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.30 23:59:14 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.19 13:40:41 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.07.30 23:59:14 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

sebi · 12 Dezember 2009

2 Teil

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.05.02 14:36:24 | 00,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.08.16 20:33:31 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009.12.11 21:22:45 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2009.12.08 20:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2009.12.08 20:33:44 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Microsoft Games
[2009.12.05 15:07:17 | 00,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Google
[2009.10.03 10:54:35 | 00,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe12CD.dll

========== Files - Modified Within 14 Days ==========

[2009.12.12 23:01:19 | 02,097,152 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat
[2009.12.12 22:51:04 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A19E2154-D2C3-45F8-92FB-A0D12EACFAB5}.job
[2009.12.12 22:03:38 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.12 22:03:38 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.12 20:15:35 | 09,418,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.12.12 19:55:07 | 00,076,760 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009.12.12 19:38:49 | 01,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.12 19:38:49 | 00,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.12 19:38:49 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.12 19:38:49 | 00,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.12 19:38:49 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.12 19:26:15 | 00,328,564 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.12.12 19:26:14 | 00,328,564 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.12.12 18:03:39 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.11 23:56:33 | 00,720,928 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009.12.11 23:34:11 | 00,004,592 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2009.12.11 20:52:07 | 00,001,886 | ---- | M] () -- C:\Windows\System32\%LocalXml%
[2009.12.10 21:39:44 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.10 21:39:21 | 34,868,22400 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.09 21:17:55 | 00,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000002.regtrans-ms
[2009.12.09 21:17:55 | 00,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000001.regtrans-ms
[2009.12.09 21:17:55 | 00,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TM.blf
[2009.12.09 21:17:48 | 03,140,818 | -H-- | M] () -- C:\Users\Sebastian\AppData\Local\IconCache.db
[2009.12.09 21:12:54 | 00,062,976 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.08 20:38:57 | 00,001,036 | ---- | M] () -- C:\Users\Sebastian\Desktop\age3y.exe - Verknüpfung.lnk
[2009.12.08 20:26:47 | 00,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2009.11.29 12:55:00 | 00,524,288 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{d5fd0768-a077-11de-860d-001cc02084c7}.TMContainer00000000000000000001.regtrans-ms
[2009.11.29 12:55:00 | 00,065,536 | -HS- | M] () -- C:\Users\Sebastian\ntuser.dat{d5fd0768-a077-11de-860d-001cc02084c7}.TM.blf

========== Files Created - No Company Name ==========

[2009.12.11 20:52:07 | 00,001,886 | ---- | C] () -- C:\Windows\System32\%LocalXml%
[2009.12.08 20:38:57 | 00,001,036 | ---- | C] () -- C:\Users\Sebastian\Desktop\age3y.exe - Verknüpfung.lnk
[2009.12.08 20:26:47 | 00,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires III.lnk
[2009.12.04 18:45:37 | 00,524,288 | -HS- | C] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000002.regtrans-ms
[2009.12.04 18:45:37 | 00,524,288 | -HS- | C] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TMContainer00000000000000000001.regtrans-ms
[2009.12.04 18:45:37 | 00,065,536 | -HS- | C] () -- C:\Users\Sebastian\ntuser.dat{c3404811-e0fc-11de-b089-001cc02084c7}.TM.blf
[2009.10.11 11:58:26 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.10 17:05:23 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.19 17:59:36 | 00,001,669 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.08.19 17:41:32 | 00,062,976 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.18 20:41:51 | 00,328,564 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.18 20:24:52 | 00,328,564 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.17 19:11:42 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.16 14:39:25 | 00,001,356 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996.04.03 20:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009.11.15 17:17:02 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Image Zone Express
[2009.10.03 10:58:56 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\MyPhoneExplorer
[2009.11.15 16:06:07 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Printer Info Cache
[2009.08.21 18:36:07 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SPORE
[2009.08.19 17:08:57 | 00,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Thunderbird
[2009.12.09 21:18:07 | 00,023,666 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.12.12 22:51:04 | 00,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A19E2154-D2C3-45F8-92FB-A0D12EACFAB5}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008.01.19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

sebi · 12 Dezember 2009

3. Teil

[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 08:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.08.16 18:46:54 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2009.08.16 18:46:54 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.08.16 18:46:53 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008.01.19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
< End of report >
[/CODE]

Code:

OTL Extras logfile created on: 12.12.2009 23:02:01 - Run 1
OTL by OldTimer - Version 3.1.16.0     Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440.76 Gb Total Space | 218.19 Gb Free Space | 49.50% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.20 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 139.58 Gb Free Space | 29.97% Space Free | Partition Type: NTFS
 
Computer Name: SEBASTIAN-PC
Current User Name: Sebastian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On

sebi · 12 Dezember 2009

last, not least

Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D0B1C2-590D-497B-90F6-FD091A6329C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B8A74E3-1A2D-49D1-8D58-C7F8383AD8E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E7FEED8-A990-4220-8487-879033E9DBBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CE266B7-1F70-452A-AA0B-9B435079DE02}" = lport=139 | protocol=6 | dir=in | app=system |
"{7801A8A1-4CE6-4DF4-98D5-DE78D0812893}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B6880B46-A208-4518-BC7A-8CA71943ADB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1984F2C-9E16-4FD2-B488-1143BD0E6E55}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3005301-E0BC-4D61-8CBA-4F80B1B49C83}" = rport=137 | protocol=17 | dir=out | app=system |
"{E86995E5-E810-4D0A-A68B-63F4F5527794}" = rport=445 | protocol=6 | dir=out | app=system |
"{F3EC8E8A-FD80-469E-9393-B9F9BCFE53D5}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EB843F-B0E8-4F43-804E-08E4FC178F6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23A5F575-CE53-482E-891D-295C9BE7B070}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{3BE470D2-B8DF-4DAB-8D0C-D302FB748990}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{414668F2-7807-4BDA-88BC-0D9B533D22DD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{416B0A1A-A9EB-4D62-BF04-A06AAB9A13B7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C293452-B348-488A-AAC2-DB6A4725ECBD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5F0DF80A-D194-4F32-90E4-3223AEF541CD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{63BF197C-3B7E-4C95-B814-DC97B537715A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{64389A3E-1ABD-4608-B050-D631104F3A7C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{773C2C41-4635-4A35-A70C-1043FB0715B4}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |

sebi · 12 Dezember 2009

"{7F7D866B-7D83-46D7-B5B8-0B32599788B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8202C0C5-B941-4D35-AEF3-DBB97C7E18FB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CD3B4E4-BACE-4A58-AA8D-98341E333160}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{8EA864D1-B390-4ABD-A375-A82F365FB133}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2F570BD-72D0-45F8-B6F6-EAF974B7952C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B38D5CCF-B9A4-417B-9F4A-CAB0E8B69667}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{E2DAA53A-12A5-47BC-B3DE-ED25CCE8AC18}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F46E4B28-95F9-42DE-B5D9-8370D8B7F2E5}" = protocol=6 | dir=in | app=c:\program files\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"TCP Query User{6D17796F-2142-4975-AFC0-9587F5AB5B69}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{C2C67FAD-0F78-473D-B199-43BDEA4F8CFA}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{89D50EEF-DFD2-437D-BC04-EC712693722F}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{DD7C5430-E859-4A04-9580-E4CC04AD5043}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.007.00
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DCAF959E-BE84-4E56-91B1-3E962AED5BF4}" = Dolby Control Center Link
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Basic)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"SMBus" = Intel(R) SMBus
"SystemRequirementsLab" = System Requirements Lab

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.11.2009 14:48:42 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
0x4aa91411, fehlerhaftes Modul nvSCPAPI.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4abff864, Ausnahmecode 0xc0000005, Fehleroffset 0x10025414, Prozess-ID 0x9ac,
Anwendungsstartzeit 01ca62366a022a00.

Error - 22.11.2009 10:56:31 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HPWUCli.exe, Version 5.0.8.1, Zeitstempel 0x4a8ed2cd,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x01ba1671, Prozess-ID 0x162c, Anwendungsstartzeit 01ca6b83b08206cf.

Error - 22.11.2009 14:20:47 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
0x4aa91411, fehlerhaftes Modul nvSCPAPI.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4abff864, Ausnahmecode 0xc0000005, Fehleroffset 0x100174e0, Prozess-ID 0x11b0,
Anwendungsstartzeit 01ca6b9860390c9e.

Error - 23.11.2009 16:00:57 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm CoJBiBGame_x86.exe, Version 1.0.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 13d8 Anfangszeit: 01ca6c7760858148 Zeitpunkt
der Beendigung: 76

Error - 23.11.2009 16:01:53 | Computer Name = Sebastian-PC | Source = Application Hang | ID = 1002
Description = Programm CoJBiBGame_x86.exe, Version 1.0.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 166c Anfangszeit: 01ca6c77ad69b8df Zeitpunkt
der Beendigung: 94

Error - 29.11.2009 08:10:21 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
0x4aa91411, fehlerhaftes Modul nvSCPAPI.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4abff864, Ausnahmecode 0xc0000005, Fehleroffset 0x10025414, Prozess-ID 0x1314,
Anwendungsstartzeit 01ca70eceb021550.

Error - 29.11.2009 08:10:28 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
0x4aa91411, fehlerhaftes Modul nvSCPAPI.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4abff864, Ausnahmecode 0xc0000005, Fehleroffset 0x100060a3, Prozess-ID 0x1074,
Anwendungsstartzeit 01ca70ecefa5c75f.

Error - 08.12.2009 15:16:46 | Computer Name = Sebastian-PC | Source = VSS | ID = 8194
Description =

Error - 08.12.2009 15:29:32 | Computer Name = Sebastian-PC | Source = VSS | ID = 8194
Description =

Error - 12.12.2009 13:10:39 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
0x4aa91411, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00039753, Prozess-ID 0x1020, Anwendungsstartzeit
01ca7b4e012a346a.

[ System Events ]
Error - 11.12.2009 13:43:42 | Computer Name = Sebastian-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 11.12.2009 13:43:52 | Computer Name = Sebastian-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 11.12.2009 13:44:03 | Computer Name = Sebastian-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 11.12.2009 16:00:20 | Computer Name = Sebastian-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 11.12.2009 16:29:21 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.12.2009 16:43:00 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2009 13:21:33 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2009 13:34:44 | Computer Name = Sebastian-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 12.12.2009 16:26:18 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.12.2009 17:02:30 | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7031
Description =

< End of report >
[/CODE]

sebi · 13 Dezember 2009

zu rootrepeal:
Ich krieg einen Fehler:
could not initialize drivers, contact author !

Larusso · 14 Dezember 2009

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

sebi · 17 Dezember 2009

Das Programm verursacht einen BSOD auf meinem System.
Der online-scan von F-Secure hat auch nichts auf meinem System gefunden. Was hälst du von den Logs ?

Larusso · 18 Dezember 2009

Wurden die Tools mit Rechtsklick "als Admin starten" gestartet?

Rootkitsuche mit SysProt

Lade dir SysProt auf den Desktop und starte das Tool
Gehe dort auf den Reiter "Log"
Setze nun einen Haken bei:
- Kernel Modules
- Kernel Hooks
- Hidden Files
- Und unten bei "Hidden Objects Only"
Drücke nun auf "Create Log"
Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort "Scan All Drives"
Wenn der Scan abgeschlossen ist, beende SysProt.
Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

sebi · 20 Dezember 2009

Das kann ich nicht herunterladen.
ja ich hab alle Tools als admin laufen lassen.

Larusso · 20 Dezember 2009

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte füge das C:\ComboFix.txt Log in deiner nächsten Antwort ein, so dass wir diese analysieren können.

sebi · 26 Dezember 2009

Hab ich gemcht. Doch danach konnte ich meinen Virenschutz nicht mehr starten (NACH deaktivieren aller Schilde + Scanner) !
Ich hab dann mein System neu installiert. DAnke trotzdem für die hilfe.

Wie sahen eigentlich die Logs aus ?

Larusso · 26 Dezember 2009

So fand ich jetzt nichts. Der Grund für Combofix war das alle Tools iwie geblockt aussehen :)

Fragen zur Absicherung ?

Virenfund

sebi

Stammgast

sebi

Stammgast

Larusso

Stammgast

Larusso

Stammgast

sebi

Stammgast

sebi

Stammgast

sebi

Stammgast

sebi

Stammgast

sebi

Stammgast

sebi

Stammgast

Larusso

Stammgast

sebi

Stammgast

Larusso

Stammgast

sebi

Stammgast

Larusso

Stammgast

sebi

Stammgast

Larusso

Stammgast