| |
| |||||||
Log-Analyse und Auswertung: Google-Treffer werden teilweise weitergeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.04.2009, 15:53
| #1 |
| |  Google-Treffer werden teilweise weitergeleitet Hallo zusammen, leider habe ich mir auf meinem System irgendein bösartiges Tool eingefangen... Im IE 7 werden Google-Suchergebnisse auf alle möglichen Seiten weitergeleitet. Dies tritt aber nicht bei allen Links auf. 1) CCleaner habe ich ausgeführt 2) Malwarebytes Anti-Malware ebenfalls ausgeführt mit folgendem LOG: Code:
ATTFilter Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1945
Windows 5.1.2600 Service Pack 3
14.04.2009 15:56:29
mbam-log-2009-04-14 (15-56-29).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 169063
Laufzeit: 1 hour(s), 12 minute(s), 49 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:00:05, on 14.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\4t Tray Minimizer\4t-min.exe C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.heise.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.40.253:888 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *i.***.de;*.de;*dmz.***.de;localhost;127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe --startup O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\ Malwarebytes Anti-Malware \mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: 4t Tray Minimizer.lnk = C:\Programme\4t Tray Minimizer\4t-min.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CE7092-C8CD-4973-8417-F52C572048B5}: NameServer = 192.168.40.2,192.168.40.4 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9143 bytes Code:
ATTFilter 4t Tray Minimizer Free 4.21
Abendblatt.de iSaver
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Media Player
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Software Update
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Avira AntiVir Personal - Free Antivirus
AVIVO Codecs
Awasu Personal Edition 2.2
CamStudio
CamStudio Lossless Codec
CCleaner (remove only)
ClearType Tuning Control Panel Applet
C-Media WDM Audio Driver
Compatibility Pack für 2007 Office System
Desktop Sidebar
FastStone Capture 5.3
FreeMind
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
HP Color LaserJet 3550
ICQ6
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Lycos
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 German Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
microTOOL in-Step 3.5 Personal Edition
Miranda IM 0.7.8
MozBackup 1.4.6
Mozilla Firefox (3.0.7)
Mozilla Thunderbird (2.0.0.21)
MSXML 6.0 Parser (KB933579)
Opera 9.51
Projektplan für Excel
Psi (remove only)
QuickTime
Security Update für Microsoft .NET Framework 2.0 (KB928365)
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Suite Specific
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
VIA Integrated Setup Wizard
VIA Rhine-Family Fast-Ethernet Adapter
Virtual Earth 3D (Beta)
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (DEU)
Windows Workflow Foundation
Windows Workflow Foundation DE Language Pack
Windows XP Service Pack 3
WinRAR Archivierer
XML Paper Specification Shared Components Language Pack 1.0
VIELEN DANK !!! |
|
14.04.2009, 16:05
| #2 |
  | Google-Treffer werden teilweise weitergeleitet Hallo und
__________________ Endlich liest jemand unsere Anleitung und arbeitet sie ohne Aufforderung ab.  GMER - Rootkit Detection
ciao, andreas
__________________ |
|
15.04.2009, 08:23
| #3 |
| | Google-Treffer werden teilweise weitergeleitet Hallo Andreas,
__________________danke für den netten Willkommensgruß ;-) GMER hab ich nun über Nacht laufen lassen... und das ist dabei rausgekommen: Code:
ATTFilter GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-15 09:22:17
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT F7A7E32E ZwCreateKey
SSDT F7A7E324 ZwCreateThread
SSDT F7A7E333 ZwDeleteKey
SSDT F7A7E33D ZwDeleteValueKey
SSDT F7A7E342 ZwLoadKey
SSDT F7A7E310 ZwOpenProcess
SSDT F7A7E315 ZwOpenThread
SSDT F7A7E34C ZwReplaceKey
SSDT F7A7E347 ZwRestoreKey
SSDT F7A7E338 ZwSetValueKey
SSDT F7A7E31F ZwTerminateProcess
Code 24B1686F KeFindConfigurationNextEntry
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[292] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[292] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[292] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[292] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[292] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\winlogon.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\winlogon.exe[684] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\lsass.exe[740] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[936] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[936] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[936] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[936] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[936] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[1024] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[1024] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[1024] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[1024] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[1024] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\alg.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\alg.exe[1092] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\alg.exe[1092] WS2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\alg.exe[1092] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\alg.exe[1092] WS2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\alg.exe[1092] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1132] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1132] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1132] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1132] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1132] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1212] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1212] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1212] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1212] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1212] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Dokumente und Einstellungen\cweiss\Desktop\Trallala.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Dokumente und Einstellungen\cweiss\Desktop\Trallala.exe[1252] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\Dokumente und Einstellungen\cweiss\Desktop\Trallala.exe[1252] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\Dokumente und Einstellungen\cweiss\Desktop\Trallala.exe[1252] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\Dokumente und Einstellungen\cweiss\Desktop\Trallala.exe[1252] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\Dokumente und Einstellungen\cweiss\Desktop\Trallala.exe[1252] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1396] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1396] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1396] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1396] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1396] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\spoolsv.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\spoolsv.exe[1568] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\spoolsv.exe[1568] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\spoolsv.exe[1568] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\spoolsv.exe[1568] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\spoolsv.exe[1568] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10013658
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1672] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100135A0
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1672] WS2_32.dll!send 71A14C27 5 Bytes JMP 10012E84
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1672] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100126A0
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1672] WS2_32.dll!recv 71A1676F 5 Bytes JMP 10012624
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1672] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10013554
.text C:\WINDOWS\system32\cisvc.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\cisvc.exe[1828] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\cisvc.exe[1828] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\cisvc.exe[1828] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\cisvc.exe[1828] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\cisvc.exe[1828] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Programme\Java\jre6\bin\jqs.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Programme\Java\jre6\bin\jqs.exe[2000] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\Programme\Java\jre6\bin\jqs.exe[2000] WS2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\Programme\Java\jre6\bin\jqs.exe[2000] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\Programme\Java\jre6\bin\jqs.exe[2000] WS2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\Programme\Java\jre6\bin\jqs.exe[2000] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\Explorer.EXE[2352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\Explorer.EXE[2352] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\Explorer.EXE[2352] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\Explorer.EXE[2352] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\Explorer.EXE[2352] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\Explorer.EXE[2352] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2596] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023658
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2596] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100235A0
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2596] ws2_32.dll!send 71A14C27 5 Bytes JMP 10022E84
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2596] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100226A0
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2596] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10022624
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[2596] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023554
.text C:\Programme\Java\jre6\bin\jusched.exe[2612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Programme\Java\jre6\bin\jusched.exe[2612] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\Programme\Java\jre6\bin\jusched.exe[2612] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\Programme\Java\jre6\bin\jusched.exe[2612] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\Programme\Java\jre6\bin\jusched.exe[2612] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\Programme\Java\jre6\bin\jusched.exe[2612] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\ctfmon.exe[2684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\ctfmon.exe[2684] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\ctfmon.exe[2684] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\ctfmon.exe[2684] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\ctfmon.exe[2684] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\ctfmon.exe[2684] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe[2780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe[2780] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe[2780] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe[2780] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe[2780] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe[2780] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\cidaemon.exe[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\cidaemon.exe[2860] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\cidaemon.exe[2860] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\cidaemon.exe[2860] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\cidaemon.exe[2860] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\cidaemon.exe[2860] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\cidaemon.exe[2988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\cidaemon.exe[2988] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\cidaemon.exe[2988] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\cidaemon.exe[2988] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\cidaemon.exe[2988] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\cidaemon.exe[2988] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3856] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3856] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3856] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3856] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3856] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3856] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3864] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!connect 71A14A07 5 Bytes JMP 100035A0
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!send 71A14C27 5 Bytes JMP 10002E84
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100026A0
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!recv 71A1676F 5 Bytes JMP 10002624
.text C:\Programme\ATI Technologies\ATI.ACE\cli.exe[3864] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003554
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
15.04.2009, 13:17
| #4 |
| | Google-Treffer werden teilweise weitergeleitet AVira Antivir wirft mir jetzt bei einem Systemscan noch folgenden Trojaner aus: TR/PSW.Delf.23040 in C:\WINDOWS\kyshod.ahh Was kann ich jetzt tun? Hängt das mit dem Google-Redirect zusammen? |
|
15.04.2009, 14:33
| #5 |
| | Google-Treffer werden teilweise weitergeleitet So und hier auch noch der ZHPDiag-Log: Code:
ATTFilter Rapport de ZHPDiag v1.18 par Nicolas Coolman Enregistré le 15.04.2009 15:29:09 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v7.0.5730.11 OPIE: Opera 9.51 MFIE: Mozilla Firefox (3.0.8) ---\\ Processus lancés SOUNDMAN.EXE C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe C:\Programme\iSaver\iSaverCtrl.exe C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\services.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\lsass.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\spoolsv.exe ---\\ Plugin du navigateur Opera (P1) P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npdsplay.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin2.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin3.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin4.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin5.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin6.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npqtplugin7.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\NPSWF32.dll P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\NPSWF32_FlashUtil.exe P1 - OPN:Opera Plugin Navigator - C:\Programme\Opera\Program\Plugins\npwmsdrm.dll ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikibuy.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *i.freinet.de;*freinet.de;*dmz.freinet.de;localhost;127.0.0.1 ---\\ Browser Helper Objects de navigateur(O2) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: 1 - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe --startup O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [] O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1" ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302 O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe,1040 O9 - Extra 'Tools' menuitem: ICQ Lite - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\ICQLite\ICQLite.exe,1040 O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll,1000 O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll,1000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe,1040 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe,1040 O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302 ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com" ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ---\\ Piratage de domaine (Lop.com) (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CE7092-C8CD-4973-8417-F52C572048B5}: 192.168.40.2,192.168.40.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{C2CE7092-C8CD-4973-8417-F52C572048B5}: 192.168.40.2,192.168.40.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{C2CE7092-C8CD-4973-8417-F52C572048B5}: 192.168.40.2,192.168.40.4 ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiStartupEvent - C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll O20 - AppInit_DLLs:NVDESK32.DLL ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Software Updater (gusvc) - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Programme\Java\jre6\bin\jqs.exe -service -config C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe ---\\ Enumération des composants Active Desktop (O24) O24 - Desktop Component 0: Die derzeitige Homepage - file:About:Home ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Browseranpassungen - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE O40 - ASIC: (no name) - Microsoft Base Smart Card Crypto Provider Package - (not file) O40 - ASIC: KB890923 - {04d6265d-6b5d-41c3-9e7c-48be15919643} - (not file) O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: Security Update for Microsoft .NET Framework 2.0 (KB922770) - {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - (not file) O40 - ASIC: Vektorgrafik-Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file) O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Adobe Shockwave Director 11.0 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file) O40 - ASIC: Adobe Shockwave Director 11.0 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file) O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll O40 - ASIC: Dynamic HTML-Datenbindung für Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file) O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file) O40 - ASIC: Erweitertes Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Macromedia Shockwave Director 10.1 - {54139EF7-39CA-6943-4675-D08C7531612F} - (not file) O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file) O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub O40 - ASIC: Microsoft Windows Media Player - {6D0AF5DA-5391-05E1-F491-C842124B49EB} - (not file) O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file) O40 - ASIC: Webordner - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file) O40 - ASIC: Adressbuch 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install O40 - ASIC: Security Update for Microsoft .NET Framework 2.0 (KB928365) - {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - (not file) O40 - ASIC: .NET Framework - {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - (not file) O40 - ASIC: Windows Desktop-Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file) O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: Security Update for Microsoft .NET Framework 2.0 (KB917283) - {967B098A-042D-4367-BAC9-8BC11684174F} - (not file) O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file) O40 - ASIC: Taskplaner - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file) O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: .NET Framework - {E78BFA60-5393-4C38-82AB-E8019E464EB4} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) O40 - ASIC: RootsUpdate - {EF289A85-8E57-408d-BE47-73B55609861A} - (not file) |
|
15.04.2009, 14:34
| #6 |
| | Google-Treffer werden teilweise weitergeleitet und TEIL 2 des Logs: Code:
ATTFilter ---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (no object) (aeaudio) - C:\WINDOWS\system32\drivers\aeaudio.sys
O41 - Driver: Microsoft Kernel-Echounterdrückung (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Umgebung für die AFD-Netzwerkunterstützung (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: Service for Avance AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: AMD K7-Prozessortreiber (AmdK7) - C:\WINDOWS\System32\DRIVERS\amdk7.sys
O41 - Driver: Asynchroner RAS -Medientreiber (AsyncMac) - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: Protokoll für ATM ARP-Client (Atmarpc) - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
O41 - Driver: Audiostubtreiber (audstub) - C:\WINDOWS\System32\DRIVERS\audstub.sys
O41 - Driver: avgio (avgio) - C:\Programme\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\WINDOWS\system32\DRIVERS\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver (bcm4sbxp) - C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
O41 - Driver: C-Media WDM Audio Interface (cmuda) - C:\WINDOWS\system32\drivers\cmuda.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Treiber für die Verwaltung logischer Datenträger (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel-DLS-Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: VIA Rhine-Family Fast-Ethernet Adapter Driver Service (FET5X86V) - C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
O41 - Driver: VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber (FETNDIS) - C:\WINDOWS\system32\DRIVERS\fetnd5.sys
O41 - Driver: VIA Rhine Family Fast Ethernet Adapter Driver Service (FETNDISB) - C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
O41 - Driver: Gameport-Enumerator (gameenum) - C:\WINDOWS\system32\DRIVERS\gameenum.sys
O41 - Driver: Standardpaketklassifizierung (Gpc) - C:\WINDOWS\System32\DRIVERS\msgpc.sys
O41 - Driver: Microsoft HID Class-Treiber (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: i8042-Tastatur- und PS/2-Mausanschluss-Treiber (i8042prt) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
O41 - Driver: Filtertreiber für IP-Verkehr (IpFilterDriver) - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP/IP-Tunneltreiber (IpInIp) - C:\WINDOWS\System32\DRIVERS\ipinip.sys
O41 - Driver: Übersetzer für IP-Netzwerkadressen (IpNat) - C:\WINDOWS\System32\DRIVERS\ipnat.sys
O41 - Driver: IPSEC-Treiber (IPSec) - C:\WINDOWS\System32\DRIVERS\ipsec.sys
O41 - Driver: IR-Enumeratordienst (IRENUM) - C:\WINDOWS\System32\DRIVERS\irenum.sys
O41 - Driver: Microsoft Kernel-Waveaudiomixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Maus-HID-Treiber (mouhid) - C:\WINDOWS\System32\DRIVERS\mouhid.sys
O41 - Driver: Redirector für WebDav-Client (MRxDAV) - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft-Systemverwaltungs-BIOS-Treiber (mssmbios) - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
O41 - Driver: RAS-NDIS-TAPI-Treiber (NdisTapi) - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS-Benutzermodus-E/A-Protokoll (Ndisuio) - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
O41 - Driver: RAS-NDIS-WAN-Treiber (NdisWan) - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS-Schnittstelle (NetBIOS) - C:\WINDOWS\System32\DRIVERS\netbios.sys
O41 - Driver: NetBios über TCP/IP (NetBT) - C:\WINDOWS\System32\DRIVERS\netbt.sys
O41 - Driver: NTSIM (NTSIM) - C:\WINDOWS\system32\ntsim.sys
O41 - Driver: Filtertreiber für IPX-Verkehr (NwlnkFlt) - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
O41 - Driver: Treiber für IPX-Verkehrsweiterleitung (NwlnkFwd) - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
O41 - Driver: WAN-Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\System32\DRIVERS\raspptp.sys
O41 - Driver: QoS-Paketplaner (PSched) - C:\WINDOWS\System32\DRIVERS\psched.sys
O41 - Driver: Treiber für direkte Parallelverbindung (Ptilink) - C:\WINDOWS\System32\DRIVERS\ptilink.sys
O41 - Driver: Treiber für automatische RAS-Verbindung (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: WAN-Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
O41 - Driver: Remotezugriff-PPPOE-Treiber (RasPppoe) - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
O41 - Driver: Parallelanschluss (direkt) (Raspti) - C:\WINDOWS\System32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\System32\DRIVERS\rdbss.sys
O41 - Driver: Treiber für Terminalserver-Geräteumleitung (rdpdr) - C:\WINDOWS\System32\DRIVERS\rdpdr.sys
O41 - Driver: Filtertreiber für digitale CD-Audiowiedergabe (redbook) - C:\WINDOWS\System32\DRIVERS\redbook.sys
O41 - Driver: (no object) (s3m) - C:\WINDOWS\System32\DRIVERS\s3m.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\System32\DRIVERS\secdrv.sys
O41 - Driver: Serenum-Filtertreiber (serenum) - C:\WINDOWS\System32\DRIVERS\serenum.sys
O41 - Driver: (no object) (smwdm) - C:\WINDOWS\system32\drivers\smwdm.sys
O41 - Driver: Microsoft Kernel-Audiosplitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Filtertreiber für Systemwiederherstellung (sr) - C:\WINDOWS\System32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\System32\DRIVERS\srv.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Software-Bus-Treiber (swenum) - C:\WINDOWS\System32\DRIVERS\swenum.sys
O41 - Driver: Microsoft Kernel GS Wavetablesynthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Microsoft Kernel-Systemaudiogerät (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: TCP/IP-Protokolltreiber (Tcpip) - C:\WINDOWS\System32\DRIVERS\tcpip.sys
O41 - Driver: Microsoft AGPv3.5-Filter (uagp35) - C:\WINDOWS\system32\DRIVERS\uagp35.sys
O41 - Driver: Microcode Updatetreiber (Update) - C:\WINDOWS\System32\DRIVERS\update.sys
O41 - Driver: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller (usbehci) - C:\WINDOWS\System32\DRIVERS\usbehci.sys
O41 - Driver: USB2-aktivierter Hub (usbhub) - C:\WINDOWS\System32\DRIVERS\usbhub.sys
O41 - Driver: USB-Scannertreiber (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: USB-Massenspeichertreiber (USBSTOR) - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
O41 - Driver: Miniporttreiber für universellen Microsoft USB-Hostcontroller (usbuhci) - C:\WINDOWS\System32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP Filter (viaagp1) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys
O41 - Driver: (no object) (viasraid) - C:\WINDOWS\system32\DRIVERS\viasraid.sys
O41 - Driver: RAS-IP-ARP-Treiber (Wanarp) - C:\WINDOWS\System32\DRIVERS\wanarp.sys
O41 - Driver: Treiber für Microsoft WINMM-WDM-Audiokompatibilität (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: 4t Tray Minimizer Free 4.21
O42 - Logiciel: Ad-Aware SE Personal
O42 - Logiciel: Adobe AIR
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Adobe SVG Viewer 3.0
O42 - Logiciel: ATI - Dienstprogramm zur Deinstallation der Software
O42 - Logiciel: ATI Display Driver
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: Awasu Personal Edition 2.2
O42 - Logiciel: FreeMind
O42 - Logiciel: C-Media WDM Audio Driver
O42 - Logiciel: CamStudio Lossless Codec
O42 - Logiciel: CamStudio
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Adobe Media Player
O42 - Logiciel: FastStone Capture 5.3
O42 - Logiciel: Google Updater
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: VIA Integrated Setup Wizard
O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 10 (KB911565)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 10 (KB917734)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
O42 - Logiciel: Security Update für Microsoft .NET Framework 2.0 (KB928365)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB936782)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB938464)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
O42 - Logiciel: Hotfix für Windows Media Player 11 (KB939683)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB941569)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB946648)
O42 - Logiciel: Hotfix für Windows Internet Explorer 7 (KB947864)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950760)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950762)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950974)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951066)
O42 - Logiciel: Update für Windows XP (KB951072-v2)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951376)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951376-v2)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951698)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951748)
O42 - Logiciel: Update für Windows XP (KB951978)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player (KB952069)
O42 - Logiciel: Hotfix für Windows XP (KB952287)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB952954)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB953839)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB954154)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954211)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954459)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954600)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB955069)
O42 - Logiciel: Update für Windows XP (KB955839)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956391)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956802)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956803)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956841)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957095)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957097)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958644)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958687)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958690)
O42 - Logiciel: Wichtiges Update für Windows Media Player 11 (KB959772)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960225)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960715)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
O42 - Logiciel: Update für Windows XP (KB967715)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Microsoft .NET Framework 2.0 Language Pack - DEU
O42 - Logiciel: Microsoft .NET Framework 3.0
O42 - Logiciel: Microsoft .NET Framework 3.0 German Language Pack
O42 - Logiciel: microTOOL in-Step 3.5 Personal Edition
O42 - Logiciel: Miranda IM 0.7.8
O42 - Logiciel: MozBackup 1.4.6
O42 - Logiciel: Mozilla Firefox (3.0.8)
O42 - Logiciel: Mozilla Thunderbird (2.0.0.21)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Projektplan für Excel
O42 - Logiciel: Psi (remove only)
O42 - Logiciel: Spybot - Search & Destroy 1.4
O42 - Logiciel: VIA Rhine-Family Fast-Ethernet Adapter
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: WinRAR Archivierer
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0
O42 - Logiciel: Adobe Creative Suite 2
O42 - Logiciel: ATI HYDRAVISION
O42 - Logiciel: MSXML 6.0 Parser (KB933579)
O42 - Logiciel: Opera 9.51
O42 - Logiciel: Google Earth
O42 - Logiciel: QuickTime
O42 - Logiciel: Java(TM) 6 Update 13
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 2
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 4
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 6
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 7
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 8
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 9
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 11
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1
O42 - Logiciel: Java(TM) 6 Update 2
O42 - Logiciel: Java(TM) 6 Update 3
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: ATI Parental Control & Encoder
O42 - Logiciel: Windows Communication Foundation
O42 - Logiciel: Desktop Sidebar
O42 - Logiciel: ATI Problem Report Wizard
O42 - Logiciel: ICQ6
O42 - Logiciel: Windows Genuine Advantage v1.3.0254.0
O42 - Logiciel: ATI Catalyst Control Center
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Windows Workflow Foundation DE Language Pack
O42 - Logiciel: Windows Workflow Foundation
O42 - Logiciel: HP Color LaserJet 3550
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Abendblatt.de iSaver
O42 - Logiciel: Adobe Common File Installer
O42 - Logiciel: Compatibility Pack für 2007 Office System
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft Office Project Professional 2003
O42 - Logiciel: Microsoft Office Visio Professional 2003
O42 - Logiciel: Windows Presentation Foundation Language Pack (DEU)
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Adobe Bridge 1.0
O42 - Logiciel: Windows Presentation Foundation
O42 - Logiciel: Suite Specific
O42 - Logiciel: AVIVO Codecs
O42 - Logiciel: ClearType Tuning Control Panel Applet
O42 - Logiciel: Virtual Earth 3D (Beta)
O42 - Logiciel: Microsoft .NET Framework 1.1 German Language Pack
O42 - Logiciel: Adobe Help Center 1.0
O42 - Logiciel: Lycos
O42 - Logiciel: Adobe Stock Photos 1.0
O42 - Logiciel: SoundMAX
|
|
15.04.2009, 14:36
| #7 |
| | Google-Treffer werden teilweise weitergeleitet und der letzte Teil: Code:
ATTFilter
---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\deploytk.dll -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->12.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\java.exe -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\javacpl.cpl -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\javaw.exe -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\javaws.exe -->09.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\jupdate-1.6.0_13-b03.log -->01.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\LegitCheckControl.dll -->10.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->25.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->16.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc007.dat -->30.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->30.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh007.dat -->30.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->30.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->30.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WgaLogon.dll -->10.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->15.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntdd.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntflt.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntmgr.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avipbb.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ssmdrv.sys -->13.02.2009
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\4T-MIN.EXE-15BF4657.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROBAT.EXE-03161C48.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROBAT_SL.EXE-054EDF5E.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACROTRAY.EXE-05895215.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-1FD9105B.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-1D2DB8A2.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCONFIG.EXE-18FA6095.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGNT.EXE-39CD89BF.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGUARD.EXE-16DEE89A.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVIRA_ANTIVIR_PERSONAL_DE.EXE-27294563.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-31D7686A.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVSCAN.EXE-25724B6E.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-24612965.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-2F6C3C95.pf -->30.03.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CIDAEMON.EXE-27AE97A4.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CLI.EXE-02B0DB56.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CLISTART.EXE-1EE1D5BF.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-38DC7BD9.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXCEL.EXE-0DC93B7A.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FACT.EXE-17075325.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-36CE3796.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-19F5FCF4.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GUARDGUI.EXE-147E0160.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPER.EXE-244ABC1F.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1CB4CC24.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HPBPSTTP.EXE-23EE8F1A.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-088E6308.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-336185CB.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ISAVERCTRL.EXE-21296AF6.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVAW.EXE-299184A7.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUSCHED.EXE-336229D9.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-18C35786.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-093375A8.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-38BA6BAA.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM.EXE-30CE9A11.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAMGUI.EXE-23355D53.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PRESETUP.EXE-135DD7AE.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PSI.EXE-3285FAD9.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-2D7EEF34.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-26C2C861.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2BF3472E.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CC4444A.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-37EEC05D.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F22660F.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SCHED.EXE-3062DD8B.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-0575735A.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-152B4929.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1E90DF1F.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOUNDMAN.EXE-19745A34.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPUPDSVC.EXE-21B36524.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\STATUSCLIENT.EXE-06C1E003.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEATIMER.EXE-38E505A8.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\THUNDERBIRD.EXE-031A6371.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TRALLALA.EXE-373E4638.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-22C83997.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-3398FCD6.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATER.EXE-2CC488FB.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VCREDIST_X86.EXE-070676FF.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGANOTIFYPACKAGEINNER.EXE-24665926.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGASETUP.EXE-0291EC7D.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGASETUP.EXE-060A30C0.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWSXP-KB905474-DEU-X86.EX-01F1244D.pf -->14.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->15.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->15.04.2009
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Programme\QuickTime\QuickTimePlayer.exe"="C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
O47 - AAKE:Key Export - "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
---\\ Déni du service LSA (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll
---\\ Contrôle du Safe Boot (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys
---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iyuv"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.uyvy"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yuy2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvu9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvyu"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\System32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"MIDI2"="SYNCOR11.DLL"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.CSCD"="camcodec.dll"
O52 - TDSD:HKLM\...\Drivers32\"aux"="C:\WINDOWS\system32\..\kyshod.ahh"
End of the scan:
|
|
15.04.2009, 15:35
| #8 |
| | Google-Treffer werden teilweise weitergeleitet 1.) Treten die Umleitungen in beiden Browsern auf? 2.) Falls du noch irgendetwas hast, dass du mit dem Computer verbindest, wie Speicherkarten, USB-Sticks, externe Festplatten, ... dann stecke alles an. ComboFix Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
15.04.2009, 17:03
| #9 |
| | Google-Treffer werden teilweise weitergeleitet Hallo Andreas, zu 1) nein - die Weiterleitungen treten im Moment gar nicht mehr auf Antivir hatte sich aber städnig gemeldet mit TR/PSW.Delf.23040 in C:\WINDOWS\kyshod.ahh zu 2) alles nach Anweisung durchgeführt Folgendes Log von ComboFix: Code:
ATTFilter ComboFix 09-04-15.08 - ***** 15.04.2009 17:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2048.1574 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\*****\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\setup.ini . ((((((((((((((((((((((( Dateien erstellt von 2009-03-15 bis 2009-04-15 )))))))))))))))))))))))))))))) . 2009-04-15 11:30 . 2009-04-15 11:30 -------- d-----w c:\programme\Avira 2009-04-15 11:30 . 2009-04-15 11:30 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2009-04-15 07:18 . 2009-04-15 07:19 -------- d-----w c:\programme\QuickTime 2009-04-15 07:18 . 2009-04-15 07:18 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer 2009-04-15 07:16 . 2009-04-15 07:16 -------- d-----w c:\programme\Apple Software Update 2009-04-15 07:16 . 2009-04-15 07:16 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple 2009-04-14 12:41 . 2009-04-14 12:41 -------- d-----w c:\dokumente und einstellungen\*****\Anwendungsdaten\Malwarebytes 2009-04-14 12:41 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-14 12:41 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-14 12:40 . 2009-04-14 12:41 -------- d-----w c:\programme\ Malwarebytes Anti-Malware 2009-04-14 12:40 . 2009-04-14 12:40 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-04-14 11:57 . 2009-04-14 11:57 -------- d-----w c:\programme\CCleaner 2009-04-14 07:24 . 2009-04-14 07:24 -------- d-----w c:\programme\TeaTimer (Spybot - Search & Destroy) 2009-04-14 07:24 . 2009-04-14 07:24 -------- d-----w c:\programme\SDHelper (Spybot - Search & Destroy) 2009-04-14 07:24 . 2009-04-14 07:24 -------- d-----w c:\programme\Misc. Support Library (Spybot - Search & Destroy) 2009-04-14 07:23 . 2009-04-14 07:23 -------- d-----w c:\programme\File Scanner Library (Spybot - Search & Destroy) 2009-03-30 07:27 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 15:46 . 2005-06-17 10:54 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-04-15 15:37 . 2005-07-25 13:00 3836 ----a-w C:\statusclient.log 2009-04-15 15:37 . 2005-05-31 10:38 -------- d-----w c:\programme\Mozilla Thunderbird 2009-04-15 08:19 . 2008-03-10 14:44 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater 2009-04-14 07:32 . 2005-06-17 10:54 -------- d-----w c:\programme\Spybot - Search & Destroy 2009-04-01 07:41 . 2005-06-16 10:37 -------- d-----w c:\programme\Java 2009-03-30 07:14 . 2003-04-02 12:00 83794 ----a-w c:\windows\system32\perfc007.dat 2009-03-30 07:14 . 2003-04-02 12:00 456622 ----a-w c:\windows\system32\perfh007.dat 2009-03-09 03:19 . 2008-12-15 08:56 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-09 14:04 . 2003-04-02 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2008-09-10 13:53 . 2005-06-14 10:12 69488 ----a-w c:\dokumente und einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2007-12-04 17:11 . 2007-05-08 12:04 198208 ----a-w c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2005-07-15 12:21 . 2005-07-15 12:21 139 ----a-w c:\dokumente und einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "updateMgr"="c:\programme\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient 2.6"="c:\programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440] "TomcatStartup 2.5"="c:\programme\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-10 188416] "iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2006-02-23 772608] "Acrobat Assistant 7.0"="c:\programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-06-18 46592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-4-17 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=NVDESK32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.CSCD"= camcodec.dll [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^*****^Startmenü^Programme^Autostart^4t Tray Minimizer.lnk] path=c:\dokumente und einstellungen\*****\Startmenü\Programme\Autostart\4t Tray Minimizer.lnk backup=c:\windows\pss\4t Tray Minimizer.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 10:08 209153 ----a-w c:\programme\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 --sha-r c:\programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\QuickTime\\QuickTimePlayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\ICQ6\\ICQ.exe"= R3 s3m;s3m;c:\windows\system32\DRIVERS\s3m.sys [2001-08-17 166720] S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-10-31 77312] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289] . Inhalt des "geplante Tasks" Ordners 2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-04-15 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-10 08:20] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.wikibuy.de/ uInternet Settings,ProxyOverride = *i.******.de;*****.de;*dmz.****.de;localhost;127.0.0.1 uInternet Settings,ProxyServer = 192.168.40.253:888 TCP: {C2CE7092-C8CD-4973-8417-F52C572048B5} = 192.168.40.2,192.168.40.4 FF - ProfilePath - c:\dokumente und einstellungen\******\Anwendungsdaten\Mozilla\Firefox\Profiles\b2c2w7wg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.wikibuy.de FF - plugin: c:\programme\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programme\Virtual Earth 3D\npVE3D.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-15 17:48 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2009-04-15 17:52 ComboFix-quarantined-files.txt 2009-04-15 15:51 Vor Suchlauf: 7.993.659.392 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 11.302.105.088 Bytes frei 130 --- E O F --- 2009-04-14 14:09 |
|
15.04.2009, 17:19
| #10 |
| | Google-Treffer werden teilweise weitergeleitet Beim nächsten Mal bitte nicht im ComboFix-Log editieren. Das macht das Scripten unmöglich bzw. gefährlich. Danke. 1.) Deinstalliere vorab:
Code:
ATTFilter KILLALL::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"SoundMan"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
Folder::
c:\programme\Apple Software Update
c:\programme\TeaTimer (Spybot - Search & Destroy)
c:\programme\SDHelper (Spybot - Search & Destroy)
c:\programme\Misc. Support Library (Spybot - Search & Destroy)
c:\programme\File Scanner Library (Spybot - Search & Destroy)
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
c:\programme\Google Updater
c:\programme\Spybot - Search & Destroy
File::
C:\WINDOWS\kyshod.ahh
c:\windows\system32\perfc007.dat
c:\windows\system32\perfh007.dat
c:\windows\system32\deploytk.dll
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Google Software Updater.job
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
11.06.2009, 16:39
| #11 |
 | Google-Treffer werden teilweise weitergeleitet Hallo, da ich die SuFu benutzt habe, denke ich, ich brauche für dasselbe Problem nicht noch einen Thread eröffnen, daher Poste ich mal eben meine Logs: HJT: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:21, on 11.06.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Programme\Windows Defender\MSASCui.exe C:\Programme\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Windows\System32\rundll32.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Programme\Logitech\QuickCam\Quickcam.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\No-IP\DUC20.exe C:\Programme\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Windows Sidebar\Sidebar.exe C:\Programme\ICQ6.5\ICQ.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Windows Sidebar\Sidebar.exe C:\Programme\Windows Live\Contacts\wlcomm.exe C:\Programme\CircleDock0.9.2Alpha8.2\CircleDock.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Users\Viper\Desktop\e5et5r7z.exe C:\Windows\system32\SearchFilterHost.exe C:\Programme\HijackThis\45egedgdg.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1 O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Startup] C:\Programme\Windows Sidebar Styler\Startup.bat O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.bat O4 - HKCU\..\Run: [CircleDock] C:\Programme\CircleDock0.9.2Alpha8.2\CircleDock.exe O4 - HKCU\..\Run: [cmdkill] C:\Users\Viper\Desktop\cmdkill.bat O4 - HKCU\..\Run: [CircleDock193] C:\Programme\CircleDock0.9.2Alpha8.2\CircleDock.bat O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: No-IP DUC.lnk = C:\Programme\No-IP\DUC20.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D38B8B71-FFAC-4647-A3F3-AD59D672652A}: NameServer = 85.255.112.122,85.255.112.154 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.122,85.255.112.154 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.122,85.255.112.154 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.122,85.255.112.154 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlackfishSQL - CodeGear - C:\Programme\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe -- End of file - 11295 bytes Installed Apps: Code:
ATTFilter 2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 8.0 Professional Edition
AccessDiver v4.402
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
AutoIt v3.3.0.0
Avira AntiVir Personal - Free Antivirus
AVM FRITZ!DSL
BDE_ENT
BlueJ 2.5.0
Bonjour
Boost Libraries for C++Builder 2009
Boost Libraries for C++Builder 2009
Cain & Abel v4.9.31
Camtasia Studio 5
Camtasia Studio 6
CCleaner (remove only)
CDDRV_Installer
Choice Guard
C-Media PCI Audio Driver
CodeGear Delphi and C++Builder 2009 Database Pack
CodeGear Delphi and C++Builder 2009 Database Pack
Connect
DivX
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Fraps (remove only)
Free Video to Mp3 Converter version 3.1
Hex Workshop v6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB945282)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946040)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946308)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946344)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947540)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947789)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB948127)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB951708)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB945282)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946040)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946308)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947540)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947789)
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB948127)
Hotfusion 0.8.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Kameras 9.0
HP Solution Center 9.0
Icon Searcher 3.50
ICQ6.5
IrfanView (remove only)
IsoBuster 2.4
iTunes
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 11
KhalInstallWrapper
kuler
Logitech GamePanel Software 3.01
Logitech QuickCam
Logitech SetPoint
Logitech® Camera-Treiber
Messenger Plus! Live
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server 2008-Browser
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
Microsoft SQL Server VSS Writer
Microsoft Virtual PC 2007 SP1
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MVision
Nero 9
neroxml
No-IP.com DUC (remove only)
NVIDIA Drivers
OEM Logo and Information
PDF Settings CS4
PE Explorer 1.99 R5
Photoshop Camera Raw
Pixel Bender Toolkit
Privoxy 3.0.6
QuickTime
S4 League_EU
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype™ 4.0
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Steam
Suite Shared Configuration CS4
SUPER © Version 2009.bld.35 (Jan 5, 2009)
TeamViewer 4
Tor 0.2.0.34
TuneUp Utilities 2009
UltraISO Premium V9.31
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Vegas Movie Studio Platinum 9.0
VIA Plattform-Geräte-Manager
Vidalia 0.1.10
VistaBootPRO 3.3
VLC media player 0.9.8a
Warsow 0.42
WindowBlinds
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live-Uploadtool
Windows Media Player Firefox Plugin
Windows Sidebar Styler
WinPcap 4.0.2
WinRAR archiver
World of Warcraft
Xfire (remove only)
Xvid 1.2.1 final uninstall
Zattoo 3.3.3 Beta
http://blkchockr.dk-serv.de/GMER.txt Ich hoffe auf schnelle Hilfe und schon mal Danke im Voraus  MfG, BlkChockr Edit: Achja ich musste HijackThis umbennen, konnte sonst nicht ausgeführt werden... =/ |
|
11.06.2009, 17:08
| #12 | |
| | Google-Treffer werden teilweise weitergeleitet Hallo und Zitat:
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu Google-Treffer werden teilweise weitergeleitet |
| adobe, antivir, antivir guard, avira, bho, components, desktop, excel, explorer, firefox, flash player, format, helper, hijack, hijackthis, hkus\s-1-5-18, ie 7, internet, internet explorer, konvertieren, log, malwarebytes anti-malware, pdf, pdf-datei, plug-in, problem, programme, registrierungsschlüssel, seiten, software, super, system, windows internet, windows internet explorer, windows xp |
Linear-Darstellung
