| |
| |||||||
Log-Analyse und Auswertung: Spyhunter opfer...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.06.2008, 21:08
| #1 |
 |  Spyhunter opfer... nun , auf der suche nach einem besseren programm hab ich mir dieses ding( Spyhunter) eingefangen , sitz schon den ganzen tag daran zu versuchen eine lösung zu finden... bisher hat es sich nicht geäussert , ausser dass es nach der deinstallation und dem löschen auf wundersame art und weise nach dem neustart wieder in meinem programmordner rumgeistert. ich habe mir kaspersky und counterspy zugelegt , aber beide finden nach merhmaligen scans gar nichts. Ok ehrlich gesagt konnte ich das system nicht vollständig mit kaspersky scannen , da es bei 38% stecken bleibt und der rechner ( und kaspersky auch ) nach ner satten halben stunde das handtuch werfen... aber ich nehme mal an das ist ein ganz anderes problem. ich hoffe mal ihr könnt mir weiterhelfen und ich hab soweit keine grossen regelverstösse beim post begangen... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:12, on 29.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Windows\system32\WTablet\TabUserW.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\schtasks.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Windows\ehome\ehtray.exe C:\Users\*\Program Files\DNA\btdna.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Windows\ehome\ehmsas.exe C:\hp\kbd\kbd.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\ICQ6\ICQ.exe C:\Program Files\Azureus\Azureus.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MS*Ncom R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\***\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe O4 - Global Startup: SCALEO wake up.lnk = ? O4 - Global Startup: Windows Home Server.lnk = ? O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe O23 - Service: Windows Home Server-Connectordienst (WHSConnector) - Unknown owner - C:\Program Files\Windows Home Server\WHSConnector.exe (file missing) -- End of file - 9793 bytes Vielen vielen dank für eure hilfe und eure zeit schonmal im voraus. Geändert von drachior (29.06.2008 um 21:28 Uhr) |
|
29.06.2008, 21:54
| #2 |
| /// the machine /// TB-Ausbilder    | Spyhunter opfer... edit
__________________an undoreal weiterreich  edit
__________________ |
|
29.06.2008, 21:54
| #3 |
| /// AVZ-Toolkit Guru | Spyhunter opfer... Halli hallo.
__________________[EDIT:] Hi schrauber. 
__________________ Geändert von undoreal (29.06.2008 um 22:04 Uhr) |
|
29.06.2008, 21:55
| #4 |
| /// the machine /// TB-Ausbilder | Spyhunter opfer... Hi undoreal ich lass Dir den Vortritt 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2008, 21:11
| #5 |
| | Spyhunter opfer... 03 Blacklight log 06/29/08 23:46:34 [Info]: BlackLight Engine 1.0.70 initialized 06/29/08 23:46:34 [Info]: OS: 6.0 build 6001 (Service Pack 1) 06/29/08 23:46:34 [Note]: 7019 4 06/29/08 23:46:34 [Note]: 7005 0 06/29/08 23:50:43 [Note]: 7006 0 06/29/08 23:50:43 [Note]: 7027 0 06/29/08 23:50:43 [Note]: 7035 0 06/29/08 23:50:43 [Note]: 7026 0 06/29/08 23:50:43 [Note]: 7026 0 06/29/08 23:50:46 [Note]: FSRAW library version 1.7.1024 06/29/08 23:51:26 [Note]: 4015 39271 06/29/08 23:51:26 [Note]: 4027 39271 1310720 06/29/08 23:51:26 [Note]: 4020 39133 1310720 06/29/08 23:51:26 [Note]: 4022 39133 06/29/08 23:51:39 [Note]: 4015 38243 06/29/08 23:51:39 [Note]: 4027 38243 720896 06/29/08 23:51:39 [Note]: 4020 37912 655360 06/29/08 23:51:39 [Note]: 4018 37912 655360 06/30/08 00:01:13 [Note]: 7007 0 04 Combofix ComboFix 08-06-20.4 - media 2008-06-30 0:39:17.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1099 [GMT 2:00] ausgeführt von:: C:\Users\media\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\media\AppData\Local\Microsoft\Windows\Temporary Internet Files\ENCounterSpyConsumer.2.5.1043.0.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-05-28 bis 2008-06-29 )))))))))))))))))))))))))))))) . 2008-06-29 17:38 . 2008-06-29 17:38 0 --a------ C:\Windows\System32\SBRC.dat 2008-06-29 17:38 . 2008-06-29 17:38 0 --a------ C:\Windows\System32\SBFC.dat 2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\Users\****\AppData\Roaming\Sunbelt Software 2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\Users\All Users\Sunbelt Software 2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\ProgramData\Sunbelt Software 2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-06-29 15:27 . 2008-06-29 15:35 96,966 --a------ C:\Windows\System32\drivers\klin.dat 2008-06-29 15:27 . 2008-06-29 15:35 88,774 --a------ C:\Windows\System32\drivers\klick.dat 2008-06-29 15:26 . 2008-06-29 18:33 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-06-29 15:26 . 2008-06-29 18:33 <DIR> d-------- C:\ProgramData\Kaspersky Lab 2008-06-29 15:26 . 2008-06-29 15:26 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-06-29 15:26 . 2008-06-29 20:12 3,433,504 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-06-29 15:26 . 2008-06-30 00:41 466,976 --ahs---- C:\Windows\System32\drivers\fidbox2.dat 2008-06-29 15:26 . 2008-06-29 20:01 24,752 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-06-29 15:26 . 2008-06-30 00:40 2,536 --ahs---- C:\Windows\System32\drivers\fidbox2.idx 2008-06-29 15:10 . 2008-06-29 15:10 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-06-29 15:10 . 2008-06-29 15:10 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-06-29 12:39 . 2008-06-29 12:39 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-29 11:28 . 2008-06-29 11:28 <DIR> d-------- C:\Users\All Users\Azureus 2008-06-29 11:28 . 2008-06-29 11:28 <DIR> d-------- C:\ProgramData\Azureus 2008-06-29 11:23 . 2008-06-29 23:30 <DIR> d-------- C:\Users\***\AppData\Roaming\Azureus 2008-06-29 11:23 . 2008-06-29 14:13 <DIR> d-------- C:\Program Files\Azureus 2008-06-28 20:35 . 2008-06-28 20:35 <DIR> d-------- C:\Users\***\Program Files 2008-06-28 20:29 . 2008-06-28 20:29 225 --a------ C:\Windows\Brpfx04a.ini 2008-06-28 20:29 . 2008-06-28 20:29 93 --a------ C:\Windows\brpcfx.ini 2008-06-28 20:29 . 2008-06-28 20:29 50 --a------ C:\Windows\System32\bridf06a.dat 2008-06-28 20:27 . 2006-12-04 19:29 56,320 --a------ C:\Windows\System32\brinsstr.dll 2008-06-28 20:25 . 2008-06-28 20:25 <DIR> d-------- C:\Users\All Users\Brother 2008-06-28 20:25 . 2008-06-28 20:25 <DIR> d-------- C:\ProgramData\Brother 2008-06-28 20:25 . 2008-06-28 20:27 <DIR> d-------- C:\Program Files\Brother 2008-06-28 20:25 . 2006-04-13 17:12 163,840 --a------ C:\Windows\System32\NSSearch.dll 2008-06-28 20:25 . 2004-12-10 16:35 147,456 --a------ C:\Windows\brunin03.dll 2008-06-28 20:25 . 2006-01-17 01:03 126,976 --a------ C:\Windows\System32\BrfxD05a.dll 2008-06-28 20:25 . 2002-11-26 13:43 106,496 --a------ C:\Windows\System32\BrMuSNMP.dll 2008-06-28 20:25 . 2006-08-21 06:19 61,440 --a------ C:\Windows\System32\BrMfNt.dll 2008-06-28 20:25 . 2001-11-15 01:00 6,224 --a------ C:\Windows\CVRPAGE.bmp 2008-06-28 20:25 . 2008-06-28 20:29 66 --a------ C:\Windows\Brfaxrx.ini 2008-06-28 20:25 . 2003-11-28 18:57 0 --a------ C:\Windows\brdfxspd.dat 2008-06-28 19:47 . 2008-06-28 20:30 425 --a------ C:\Windows\BRWMARK.INI 2008-06-28 19:47 . 2008-06-28 20:30 27 --a------ C:\Windows\BRPP2KA.INI 2008-06-28 19:44 . 2008-06-28 19:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-28 17:21 . 2008-06-28 17:21 <DIR> d-------- C:\Program Files\portalgraphics 2008-06-28 17:08 . 2008-06-30 00:32 <DIR> d-------- C:\Users\***\AppData\Roaming\DNA 2008-06-28 17:08 . 2008-06-29 14:13 <DIR> d-------- C:\Users\***\AppData\Roaming\BitTorrent 2008-06-28 17:08 . 2008-06-28 17:08 <DIR> d-------- C:\Program Files\DNA 2008-06-28 17:08 . 2008-06-28 17:08 <DIR> d-------- C:\Program Files\BitTorrent 2008-06-28 13:04 . 2008-06-28 13:04 <DIR> d-------- C:\PerfLogs 2008-06-28 12:13 . 2008-01-08 13:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE 2008-06-28 12:13 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss 2008-06-28 12:12 . 2008-01-15 11:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe 2008-06-28 12:12 . 2008-01-07 19:30 2,156,544 --a------ C:\Windows\System32\RtkAPO.dll 2008-06-28 12:12 . 2008-01-15 19:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys 2008-06-28 12:12 . 2007-11-07 17:31 1,191,936 --a------ C:\Windows\RtlUpd.exe 2008-06-28 12:12 . 2008-01-09 18:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll 2008-06-28 12:12 . 2007-11-13 12:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl 2008-06-28 12:12 . 2007-07-25 09:33 135,168 --a------ C:\Windows\System32\SRSWOW.dll 2008-06-28 12:12 . 2008-01-14 16:18 29,696 --a------ C:\Windows\System32\RtkCoInst.dll 2008-06-28 12:11 . 2008-06-28 12:11 <DIR> d-------- C:\Users\***\AppData\Roaming\WinBatch 2008-06-26 23:21 . 2008-06-26 23:21 <DIR> d-------- C:\Users\All Users\InstallShield 2008-06-26 23:21 . 2008-06-26 23:21 <DIR> d-------- C:\ProgramData\InstallShield 2008-06-26 23:17 . 2008-06-26 23:17 <DIR> d-------- C:\Program Files\gPotato.eu 2008-06-26 23:17 . 2005-08-11 15:29 73,728 --a------ C:\Windows\System32\ISUSPM.cpl 2008-06-26 19:34 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe 2008-06-26 19:34 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll 2008-06-26 19:32 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-06-26 19:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-06-26 19:30 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-06-26 19:30 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-06-26 19:30 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-06-26 19:30 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-06-26 19:30 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-06-26 19:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-06-26 19:30 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-06-26 19:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-06-26 19:30 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-06-26 19:30 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-06-26 19:01 . 2008-06-26 19:01 <DIR> d-------- C:\Users\All Users\ArcSoft 2008-06-26 19:01 . 2008-06-26 19:01 <DIR> d-------- C:\ProgramData\ArcSoft 2008-06-26 18:55 . 2008-06-26 18:55 <DIR> d-------- C:\Users\***\AppData\Roaming\Panasonic 2008-06-25 22:12 . 2008-06-29 14:14 <DIR> d-------- C:\Users\***\AppData\Roaming\gtk-2.0 2008-06-25 22:06 . 2008-06-25 22:06 <DIR> d-------- C:\Users\***\.thumbnails 2008-06-25 22:00 . 2008-06-29 14:42 <DIR> d-------- C:\Users\***\.gimp-2.4 2008-06-25 22:00 . 2008-06-25 22:00 <DIR> d-------- C:\Program Files\GIMP-2.0 2008-06-25 21:01 . 2008-06-25 21:02 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-06-25 20:00 . 2008-06-25 20:00 26 --a------ C:\UpdaterforApp.ini 2008-06-25 19:59 . 2008-06-25 20:00 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2008-06-25 19:59 . 2005-02-23 14:58 11,776 --a------ C:\Windows\System32\drivers\afc.sys 2008-06-25 19:58 . 2008-06-25 19:59 <DIR> d-------- C:\Windows\System32\MediaImpression Slideshow 2008-06-25 19:58 . 2008-06-25 19:58 <DIR> d-------- C:\Program Files\ArcSoft 2008-06-25 19:58 . 2007-03-07 16:05 126,976 --a------ C:\Windows\System32\MediaImpression Slideshow.scr 2008-06-25 19:54 . 2008-06-25 19:54 <DIR> d-------- C:\Users\***\AppData\Roaming\InstallShield 2008-06-25 19:54 . 2008-06-25 20:35 <DIR> d-------- C:\Program Files\Panasonic 2008-06-25 19:54 . 2005-03-07 19:44 45,056 --a------ C:\Windows\System32\PhDi2.sys 2008-06-25 18:56 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-25 18:56 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-25 18:56 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-25 18:56 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-25 18:56 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-25 18:56 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-25 18:56 . 2007-07-04 00:16 1,820 --a------ C:\Windows\System32\rasctrnm.h 2008-06-25 00:49 . 2008-06-25 00:49 988,216 --a------ C:\Windows\System32\winload.exe 2008-06-25 00:49 . 2008-06-25 00:49 927,288 --a------ C:\Windows\System32\winresume.exe 2008-06-25 00:49 . 2008-06-25 00:49 615,992 --a------ C:\Windows\System32\ci.dll 2008-06-25 00:49 . 2008-06-25 00:49 378,368 --a------ C:\Windows\System32\srcore.dll 2008-06-25 00:49 . 2008-06-25 00:49 318,464 --a------ C:\Windows\System32\rstrui.exe 2008-06-25 00:49 . 2008-06-25 00:49 46,592 --a------ C:\Windows\System32\setbcdlocale.dll 2008-06-25 00:49 . 2008-06-25 00:49 40,960 --a------ C:\Windows\System32\srclient.dll 2008-06-25 00:49 . 2008-06-25 00:49 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-06-25 00:49 . 2008-06-25 00:49 14,848 --a------ C:\Windows\System32\srdelayed.exe 2008-06-25 00:49 . 2008-06-25 00:49 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-06-25 00:48 . 2008-06-25 00:48 2,032,128 --a------ C:\Windows\System32\win32k.sys 2008-06-25 00:47 . 2008-06-25 00:47 295,936 --a------ C:\Windows\System32\gdi32.dll 2008-06-25 00:47 . 2008-06-25 00:47 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-25 00:47 . 2008-06-25 00:47 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-06-25 00:46 . 2008-06-25 00:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-25 00:46 . 2008-06-25 00:46 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-25 00:45 . 2008-06-25 00:45 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-25 00:44 . 2008-06-25 00:44 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-25 00:44 . 2008-06-25 00:44 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-24 23:58 . 2008-06-24 23:58 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-06-24 23:58 . 2003-07-20 20:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd 2008-06-24 23:58 . 2005-01-04 11:43 4,682 --a------ C:\Windows\System32\npptNT2.sys 2008-06-24 23:53 . 2008-06-24 23:53 <DIR> d-------- C:\Program Files\GameTribe 2008-06-24 20:43 . 2008-05-16 14:01 1,079,840 --a------ C:\Windows\System32\nvcpluir.dll 2008-06-24 20:43 . 2008-05-16 14:01 768,544 --a------ C:\Windows\System32\nvcplui.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-28 11:13 174 --sha-w C:\Program Files\desktop.ini 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Mail 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Journal 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Defender 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Calendar 2008-06-28 10:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-28 10:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-28 10:12 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-06-28 10:12 --------- d-----w C:\Program Files\Realtek 2008-06-26 21:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-24 22:46 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-24 22:46 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-06-24 22:46 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-06-24 22:46 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-06-24 22:46 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-24 18:49 --------- d-----w C:\ProgramData\NVIDIA 2008-06-24 18:03 --------- d-----w C:\ProgramData\Symantec 2008-06-24 18:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-24 17:54 --------- d-----w C:\Program Files\Symantec 2008-06-24 17:14 --------- d-----w C:\Program Files\Google 2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll 2008-04-16 12:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe 1999-07-07 00:00 6 --sh--r C:\Windows\@@desktop.dat . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] 2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "PMCRemote"="" [] "PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 09:15 109640] "BitTorrent DNA"="C:\Users\***\Program Files\DNA\btdna.exe" [2008-06-28 20:35 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe] "CCUTRAYICON"="FactoryMode" [] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704] "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 14:14 98616] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 20:20 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09 698864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 01:05 73728] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 15:37 44168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO -viewer-.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-06-25 19:54:48 40960] Pinnacle Streaming Server.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-09-21 14:25:42 577536] SCALEO wake up.lnk - C:\Windows\Installer\{3B6FCED6-9386-49A9-A29A-EF187EA2B45F}\_7C5631BC68D980D6396125.exe [2008-06-17 14:20:32 15086] Windows Home Server.lnk - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-06-17 14:21:24 536608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{41134CCE-B0EF-4E12-9377-CDCAE22E565E}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{2B630E57-C424-43AD-B94C-6B07FB6D6FA5}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{4CB29CAB-BE3B-479F-8513-592B64D9988D}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{88E7850D-98B5-4229-9C92-6340A5735A16}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{F3F6087F-6464-4095-A511-DE5FD5667308}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{3F5C4072-286C-47BD-8CB1-5B6912C93DDA}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{FB127690-0EF4-41DD-B615-681AEB93330F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{4E4DA056-8AD4-4572-8370-9B916F3B65C5}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{F8D5621C-E20F-4C47-933B-539EEF956C1D}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server "{A5150296-787A-4375-8EB7-7EAD0C7B6E1D}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server "{E3B02D7F-CDF5-4632-A25D-16185B12D97C}"= UDP:C:\Program Files\Windows Home Server\Discovery.exe:Windows Home Server-Connector "{34117E69-30EE-4566-B875-781CE0C6CFD0}"= TCP:C:\Program Files\Windows Home Server\Discovery.exe:Windows Home Server-Connector "{D6480137-4B15-4072-8AA2-91D2A4F90D90}"= UDP:C:\Program Files\DNA\btdna.exe NA"{66D61BFF-2F6E-4D26-A963-66D53D622F04}"= TCP:C:\Program Files\DNA\btdna.exe NA"{6EA8CB64-AF29-4702-B212-0277C91786A4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{C9B58C78-A434-45F2-B9CF-2C18B5F09547}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{FEE9427D-D296-42FE-A6F6-B7809BF6CB78}C:\\users\\***\\program files\\dna\\btdna.exe"= UDP:C:\users\***\program files\dna\btdna.exe:btdna.exe "UDP Query User{4D53C999-49C7-4CCC-95E8-FF954207C8E5}C:\\users\\***\\program files\\dna\\btdna.exe"= TCP:C:\users\***\program files\dna\btdna.exe:btdna.exe "TCP Query User{70DC6675-0A97-4705-924C-20F25B2D1290}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{DEB15A85-1C3B-46B4-9190-E40565D8FB71}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{9D8CBF88-0ADB-45D3-8F35-4D9800431BE6}"= Disabled:UDP:C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe:FSC Remote Control "{C394B8AF-6B03-4A1A-929A-3ABDC45E18EA}"= Disabled:TCP:C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe:FSC Remote Control [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10] R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 14:14] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32] R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 17:19] R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 11:49] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11] S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13] S2 WHSConnector;Windows Home Server-Connectordienst;"C:\Program Files\Windows Home Server\WHSConnector.exe" [] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\Windows\system32\Drivers\BrSerIf.sys [2006-09-03 00:53] S3 Ltn_stk7070P;PCTV based TV tuner device;C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41] S3 Ltn_stkrc;PCTV Infrared Receiver;C:\Windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd73ae2-9987-11db-a955-806e6f6e6963}] \shell\AutoRun\command - F:\Manual.exe *Newly Created Service* - CATCHME *Newly Created Service* - SBAPIFS . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net Rootkit scan 2008-06-30 00:41:23 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-06-30 0:42:10 ComboFix-quarantined-files.txt 2008-06-29 22:42:07 7 Verzeichnis(se), 454,896,361,472 Bytes frei 15 Verzeichnis(se), 465,025,654,784 Bytes frei 284 --- E O F --- 2008-06-28 10:52:50 |
|
30.06.2008, 21:16
| #6 |
| | Spyhunter opfer... 07 ESET online scanner hat sich nach mehr als einer stunde beim versuchn des druckens gewehrt (mangelndes active x package , obwohl ich vor dem scan bereits die installation mit administratorrechten bestätigt habe.und ich hab das ergebnisfenster durch blödheit refreshed... und weg war es. jedoch hatte er ehe nichts gefunden. wenns doch wichtig ist , werd ichs natürlich nochmals durchlaufen lassen 09 SilentRunners "Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat! Operating System: Windows Vista Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS] "PMCRemote" = "(empty string)" [file not found] "PMCLoader" = "C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks" [null data] "BitTorrent DNA" = ""C:\Users\***\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."] "SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "hpsysdrv" = "c:\hp\support\hpsysdrv.exe" ["Hewlett-Packard Company"] "KBD" = "C:\HP\KBD\KbdStub.EXE" [null data] "OsdMaestro" = ""C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"" ["OsdMaestro"] "RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"] "CCUTRAYICON" = "FactoryMode" [file not found] "HP Health Check Scheduler" = "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [null data] "SunJavaUpdateReg" = ""C:\Windows\system32\jureg.exe" -delete" ["Sun Microsystems, Inc."] "HP Software Update" = "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"] "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS] "ArcSoft Connection Service" = "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" ["ArcSoft Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "BrMfcWnd" = "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" ["Brother Industries, Ltd."] "ControlCenter3" = "C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" ["Brother Industries, Ltd."] "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"] "SBCSTray" = "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" ["Sunbelt Software"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "PCDrProfiler" = "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r" ["PC-Doctor, Inc."] "Launcher" = "C:\Windows\SMINST\launcher.exe" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"] {9A065C65-4EE7-4DDD-9918-F129089A894A}\(Default) = (no title provided) -> {HKLM...CLSID} = "BrowserHelper Class" \InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF" -> {HKLM...CLSID} = "ShellViewRTF" \InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] "{D73E76A3-F902-45BD-8FC8-95AE8E014671}" = "Home Server Banner" -> {HKLM...CLSID} = "Home Server Banner" \InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS] "{C1B5F1C3-6B6A-4890-A0CB-EAF0DF160E69}" = "Home Server Help Band" -> {HKLM...CLSID} = "Home Server Help Band" \InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS] "{9A065C65-4EE7-4DDD-9918-F129089A894A}" = "Home Server Browser Object" -> {HKLM...CLSID} = "BrowserHelper Class" \InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für den Schutz des Web-Datenverkehrs" -> {HKLM...CLSID} = "Statistik für den Schutz des Web-Datenverkehrs" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"] Default executables: -------------------- HKLM\SOFTWARE\Classes\.scr\(Default) = "scrfile" <<!>> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\(Default) = ""%1" %*" [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} "EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Windows\web\wallpaper\awave.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\****\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ArcSoftMediaImpressionArrival\ "Provider" = "ArcSoft MediaImpression" "InvokeProgID" = "MediaImpressionImport" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\MediaImpressionImport\shell\open\command\(Default) = "C:\Program Files\ArcSoft\Software Suite\MediaImpression\MediaImpression.exe -runtype {1} -cmd {A1FF7DD9-F5CE-400b-8464-D7C155D64C57} -param {%1}" ["ArcSoft, Inc."] DVDPlayPlayDVDMovieOnArrival\ "Provider" = "HP DVD Play BD & HD DVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithDVDPlay" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithDVDPlay\Command\(Default) = ""C:\Program Files\HP\DVDPlay\DVDPlay.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."] DVDPlayPlayVideoCDMovieOnArrival\ "Provider" = "HP DVD Play BD & HD DVD" "InvokeProgID" = "VCD" "InvokeVerb" = "PlayWithDVDPlay" HKLM\SOFTWARE\Classes\VCD\shell\PlayWithDVDPlay\Command\(Default) = ""C:\Program Files\HP\DVDPlay\DVDPlay.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."] HPAutoplayPSE\ "Provider" = "HP Photosmart Essential 2.01" "InvokeProgID" = "HpqPSApl.Autoplay" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"] LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "c:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] P2GCDBurningOnArrival\ "Provider" = "Power2Go" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPower2Go" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["Cyberlink"] P2GDVDBurningOnArrival\ "Provider" = "Power2Go" "InvokeProgID" = "BlankDVD" "InvokeVerb" = "OpenWithPower2Go" HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["Cyberlink"] PanasonicPhoebe5PhotoArrival\ "Provider" = "Panasonic PHOTOfunSTUDIO -viewer-" "InvokeProgID" = "Shell.AutoplayForPhoebe5" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Shell.AutoplayForPhoebe5\shell\open\command\(Default) = "C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\phoebe5.exe /Autoplay %L" ["Matsushita Electric Industrial Co., Ltd."] Power2GoPlayCDAudioOnArrival\ "Provider" = "Power2Go" "InvokeProgID" = "AudioCD" "InvokeVerb" = "PlayWithPower2Go" HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["Cyberlink"] PPCDBurningOnArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"] PPDCameraArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"] PPDVArrival\ "Provider" = "PowerProducer" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WIA_{520CE73A-EFD4-4C4E-89A1-81D43F2CCCBA}\ "Provider" = "ControlCenter3" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Brother\ControlCenter3\brctrcen.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- D:\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] D:\boot\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] D:\hp\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] D:\PRELOAD\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] D:\SOURCES\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] D:\Windows\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] Startup items in "***" & "All Users" startup folders: ------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "PHOTOfunSTUDIO -viewer-" -> shortcut to: "C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe" ["Matsushita Electric Industrial Co., Ltd."] "Pinnacle Streaming Server" -> shortcut to: "C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe /Start" ["Pinnacle Systems"] "SCALEO wake up" -> shortcut to: "C:\Windows\Installer\{3B6FCED6-9386-49A9-A29A-EF187EA2B45F}\_7C5631BC68D980D6396125.exe /nosplash" [null data] "Windows Home Server" -> shortcut to: "C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 24 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{D73E76A3-F902-45BD-8FC8-95AE8E014671}" = (no title provided) -> {HKLM...CLSID} = "Home Server Banner" \InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für den Schutz des Web-Datenverkehrs" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Classes\CLSID\{C1B5F1C3-6B6A-4890-A0CB-EAF0DF160E69}\(Default) = "Home Server Help Band" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Statistik für den Schutz des Web-Datenverkehrs" {E59EB121-F339-4851-A3BA-FE49C35617C2}\ "ButtonText" = "ICQ6" "MenuText" = "ICQ6" "Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcSoft Connect Daemon, ACDaemon, "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe" ["ArcSoft Inc."] Automatische WLAN-Konfiguration, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]} Automatisches LiveUpdate - Scheduler, Automatisches LiveUpdate - Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] CNG-Schlüsselisolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS] DQLWinService, DQLWinService, ""C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"" [null data] Extensible Authentication-Protokoll, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]} HP Chasis Button Service, HPBtnSrv, "c:\hp\HPEZBTN\HPBtnSrv.exe" [null data] HP Health Check Service, HP Health Check Service, ""c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data] Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""c:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"] SSTP-Dienst, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]} Sunbelt CounterSpy Antispyware, SBCSSvc, ""C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe"" ["Sunbelt Software"] TabletService, TabletService, "C:\Windows\system32\Tablet.exe" ["Wacom Technology, Corp."] Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows Media Center-Empfängerdienst, ehRecvr, "C:\Windows\ehome\ehRecvr.exe" [MS] Windows Media Center-Planerdienst, ehSched, "C:\Windows\ehome\ehsched.exe" [MS] Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]} ---------- (launch time: 2008-06-30 18:20:01) |
|
30.06.2008, 21:19
| #7 |
| | Spyhunter opfer... 10 ESCAN ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2008.03.07 Microsoft Windows [Version 6.0.6001] Bootmodus: Normal eScan Version: 9.9.2 Sprache: German C:\Users\****\AppData\Local\Temp\MWAV.LOG ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Spyware (Vorsicht: Oft Fehlalarm!) ~~~~~~~~~~~ MicroWorld AntiVirus und Antispyware Toolkit. C:\Program Files\SUPERAntiSpyware, 29-Jun-2008 [Ordner] Antiviren- und Antispywaredatenbanken werden heruntergeladen... MicroWorld AntiVirus und Antispyware Toolkit. Scannen Spyware: Deaktiviert ** {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL Result: ERROR!!! File C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2008 - 01-55-14.SBU: Scanning Failure!!! ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ laufende Prozesse - commandline ~~~~~~~~~~~~~~~~~~~~~~ System Idle Process - System - smss.exe - \SystemRoot\System32\smss.exe csrss.exe - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 csrss.exe - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe - wininit.exe winlogon.exe - winlogon.exe services.exe - C:\Windows\system32\services.exe lsass.exe - C:\Windows\system32\lsass.exe lsm.exe - C:\Windows\system32\lsm.exe svchost.exe - C:\Windows\system32\svchost.exe -k DcomLaunch svchost.exe - C:\Windows\system32\svchost.exe -k rpcss svchost.exe - C:\Windows\System32\svchost.exe -k secsvcs svchost.exe - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted svchost.exe - C:\Windows\system32\svchost.exe -k netsvcs svchost.exe - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted svchost.exe - C:\Windows\system32\svchost.exe -k LocalService wisptis.exe - /QuitInfo:0000028C;00000290; /AddRef; TabTip.exe - /QuitInfo:000002A0;00000288; svchost.exe - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork svchost.exe - C:\Windows\system32\svchost.exe -k NetworkService svchost.exe - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted SBCSSvc.exe - "C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe" wisptis.exe - /QuitInfo:00000468;00000498; /AddRef; TabTip.exe - /QuitInfo:00000494;000004A4; explorer.exe - C:\Windows\Explorer.EXE firefox.exe - "C:\Program Files\Mozilla Firefox\firefox.exe" cmd.exe - cmd /c ""C:\Users\****\Desktop\find.bat" " cscript.exe - cscript C:\escan\prclst.vbs //nologo WmiPrvSE.exe - C:\Windows\system32\wbem\wmiprvse.exe ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ ERROR!!! Invalid Entry CCUTRAYICON = FactoryMode (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken ERROR!!! Invalid Entry \??\C:\ComboFix\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme. Action Taken: No Action Taken ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\EagleNT.sys in SYSTEM\CurrentControlSet\Services\EagleNT. Action Taken: No Action Taken ERROR!!! Invalid Entry system32\DRIVERS\ipinip.sys in SYSTEM\CurrentControlSet\Services\IpInIp. Action Taken: No Action Taken ERROR!!! Invalid Entry system32\DRIVERS\nwlnkflt.sys in SYSTEM\CurrentControlSet\Services\NwlnkFlt. Action Taken: No Action Taken ERROR!!! Invalid Entry system32\DRIVERS\nwlnkfwd.sys in SYSTEM\CurrentControlSet\Services\NwlnkFwd. Action Taken: No Action Taken ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\sbapifs.sys in SYSTEM\CurrentControlSet\Services\SBAPIFS. Action Taken: No Action Taken ERROR!!! Invalid Entry "C:\Program Files\Windows Home Server\WHSConnector.exe" in SYSTEM\CurrentControlSet\Services\WHSConnector. Action Taken: No Action Taken ERROR!!! ScanFile fails for C:\Boot\BCD ERROR!!! ScanFile fails for C:\Boot\BCD.LOG ERROR!!! ScanFile fails for C:\hp\bin\MSOffice\HOMESTUDENTR.WW\HOMESRWW.CAB ERROR!!! ScanFile fails for C:\hp\bin\MSOffice\OFFICE.DE-DE\OFFICELR.CAB ERROR!!! ScanFile fails for C:\hp\HPQWare\DTSHORTCUTS\KO_KR\??.lnk ERROR!!! ScanFile fails for C:\hp\HPQWare\DTSHORTCUTS\ZH_HK\?????eBay!.lnk ERROR!!! ScanFile fails for C:\hp\HPQWare\Favs\KO_KR\HP\??.url ERROR!!! ScanFile fails for C:\hp\HPQWare\Favs\ZH_HK\HP\?????eBay!.url ERROR!!! ScanFile fails for C:\hp\HPQWare\StartMenuLink\KO_KR\??.lnk ERROR!!! ScanFile fails for C:\hp\HPQWare\StartMenuLink\ZH_HK\?????eBay!.lnk ERROR!!! ScanFile fails for C:\pagefile.sys Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearches.7z: Scanning Failure!!! ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~1.7Z Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearchesDe.7z: Scanning Failure!!! ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~2.7Z ERROR!!! ScanFile fails for C:\PROGRA~2\KASPER~1\KASPER~1\german\KISDE~1.MSI ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c254e9ef72fad4733981eaed6398d865_25b7efea-28ec-4258-be4c-57619970c9b8 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e89e09f16e178508cd30d7a1f54b19c8_25b7efea-28ec-4258-be4c-57619970c9b8 ERROR!!! ScanFile fails for C:\Users\****\AppData\Local\DOWNLO~1\{8B9A1~1\DEKARO~1.MSI ERROR!!! ScanFile fails for C:\Users\****\AppData\Local\Microsoft\Windows\UsrClass.dat ERROR!!! ScanFile fails for C:\Users\****\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Result: ERROR!!! File C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2008 - 01-55-14.SBU: Scanning Failure!!! ERROR!!! ScanFile fails for C:\Users\****\AppData\Roaming\SUPERA~1.COM\SUPERA~1\QUARAN~1\QUARAN~1.SBU ERROR!!! ScanFile fails for C:\Users\****\Downloads\175.19_geforce_winvista_32bit_international_whql.exe ERROR!!! ScanFile fails for C:\Users\****\Downloads\Final_Fantasy_Tactics_A2_Grimoire_of_the_Rift_EUR_MULTi4_NDS-EXiMiUS.rar ERROR!!! ScanFile fails for C:\Users\****\Downloads\kis8.0.0.357de.exe ERROR!!! ScanFile fails for C:\Users\****\ntuser.dat ERROR!!! ScanFile fails for C:\Users\****\ntuser.dat.LOG1 ERROR!!! ScanFile fails for C:\Users\****\ntuser.dat.LOG2 ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 ERROR!!! ScanFile fails for C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\windows6.0-kb936330-X86-express.cab ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\edb.log ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb ERROR!!! ScanFile fails for C:\Windows\System32\config\components ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\default ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\COMPONENTS ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\DEFAULT ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SAM ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SECURITY ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SOFTWARE ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SYSTEM ERROR!!! ScanFile fails for C:\Windows\System32\config\sam ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\security ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\software ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG2 ERROR!!! ScanFile fails for C:\Windows\System32\config\system ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ERROR!!! ScanFile fails for D:\hp\apps\APP14819\pcdr\Setup.exe ERROR!!! ScanFile fails for D:\hp\Drv\APP26734\src\Win32\Data1.cab ERROR!!! ScanFile fails for D:\hp\Drv\APP26734\src\Win64\Data1.cab ERROR!!! ScanFile fails for D:\PRELOAD\74DEv3PrA22.wim ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc Zeilen die nicht dem Standard entsprechen: C:\Windows\System32\drivers\etc\hosts: C:\Windows\System32\drivers\etc\hosts:127.0.0.1 localhost C:\Windows\System32\drivers\etc\hosts:::1 localhost ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zahl der gescannten Objekte: 117760 Zahl der kritischen Objekte: 0 Zahl der desinfizierten Objekte: 0 Zahl der umbenannten Dateien: 0 Zahl der gelöschten Objekte: 0 Zahl der Fehler: 12 Zeit verstrichen: 02:13:49 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Speicherüberprüfung: Aktiviert Registrierungsdatenbank-Überprüfung: Aktiviert Überprüfung des Startordners: Aktiviert Überprüfung des Systemordners: Aktiviert Überprüfung der Dienste: Aktiviert Überprüfung der Laufwerke: Deaktiviert Überprüfung aller Laufwerke:Aktiviert Überprüfung der Ordner: Deaktiviert Batchstart: 21:01:42,07 Batchende: 21:01:45,33 11 Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:11:46, on 30.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode with network support Running processes: C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h*****p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h*****p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h*****p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h*****p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h*****p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*****\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe O4 - Global Startup: SCALEO wake up.lnk = ? O4 - Global Startup: Windows Home Server.lnk = ? O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - h*****p://www.eset.eu/OnlineScanner.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll, O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe O23 - Service: Windows Home Server-Connectordienst (WHSConnector) - Unknown owner - C:\Program Files\Windows Home Server\WHSConnector.exe (file missing) -- End of file - 7729 bytes 11 Iclean 0iclean log 30.06.2008 21:06:26 Windows Vista SP1, Kernel functions unavailable Processes --------- 328 - \SystemRoot\System32\smss.exe - \SystemRoot\System32\smss.exe 388 - C:\Windows\system32\csrss.exe - Client-Server-Laufzeitprozess 424 - C:\Windows\system32\csrss.exe - Client-Server-Laufzeitprozess 432 - C:\Windows\system32\wininit.exe - Windows-Startanwendung 476 - C:\Windows\system32\winlogon.exe - Windows-Anmeldeanwendung 504 - C:\Windows\system32\services.exe - Anwendung für Dienste und Controller 516 - C:\Windows\system32\lsass.exe - Local Security Authority Process 524 - C:\Windows\system32\lsm.exe - Lokaler Sitzungs-Manager-Dienst 676 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 732 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 768 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 852 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 880 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 920 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 948 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 1112 - C:\Windows\SYSTEM32\WISPTIS.EXE - Microsoft Tablet PC Input Component 1120 - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - Tablet PC Input Panel Accessory 1172 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 1400 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 1424 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste 1436 - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe - Scan Service (Signed) 1804 - C:\Windows\SYSTEM32\WISPTIS.EXE - Microsoft Tablet PC Input Component 1812 - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - Tablet PC Input Panel Accessory 1928 - C:\Windows\Explorer.EXE - Windows-Explorer 808 - C:\Program Files\Mozilla Firefox\firefox.exe - Firefox (Signed) 1524 - C:\Users\***\Downloads\Neuer Ordner\iclean.exe - Interactive Cleaner Services -------- C:\Windows\system32\svchost.exe=BFE C:\Windows\system32\svchost.exe=CryptSvc =DcomLaunch C:\Windows\system32\svchost.exe=Dhcp C:\Windows\system32\svchost.exe=EapHost C:\Windows\system32\svchost.exe=Eventlog C:\Windows\system32\svchost.exe=IKEEXT C:\Windows\system32\lsass.exe=KeyIso C:\Windows\system32\svchost.exe=LanmanWorkstation C:\Windows\system32\svchost.exe=lmhosts C:\Windows\system32\svchost.exe=MpsSvc C:\Windows\system32\svchost.exe=Netman C:\Windows\system32\svchost.exe=netprofm C:\Windows\system32\svchost.exe=NlaSvc C:\Windows\system32\svchost.exe=nsi C:\Windows\system32\svchost.exe=PlugPlay C:\Windows\system32\svchost.exe=PolicyAgent C:\Windows\system32\svchost.exe=ProfSvc =RpcSs c:\program files\sunbelt software\counterspy\sbcssvc.exe=SBCSSvc C:\Windows\system32\svchost.exe=TabletInputService C:\Windows\system32\svchost.exe=WinDefend C:\Windows\system32\svchost.exe=Winmgmt C:\Windows\system32\svchost.exe=Wlansvc Registry -------- 000=HKCU\Run: BitTorrent DNA="c:\users\***\program files\dna\btdna.exe" 000=HKCU\Run: ehTray.exe=c:\windows\ehome\ehtray.exe 000=HKCU\Run: PMCLoader=c:\program files\pinnacle\tvcenter pro\pmcloader.exe 000=HKCU\Run: PMCRemote= 000=HKCU\Run: SUPERAntiSpyware=c:\program files\superantispyware\superantispyware.exe 000=HKLM\Run: Adobe Reader Speed Launcher="c:\program files\adobe\reader 8.0\reader\reader_sl.exe" 000=HKLM\Run: ArcSoft Connection Service=c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe 000=HKLM\Run: AVP="c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" 000=HKLM\Run: BrMfcWnd=c:\program files\brother\brmfcmon\brmfcwnd.exe 000=HKLM\Run: CCUTRAYICON=factorymode 000=HKLM\Run: ControlCenter3=c:\program files\brother\controlcenter3\brctrcen.exe 000=HKLM\Run: HP Health Check Scheduler=c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe 000=HKLM\Run: HP Software Update=c:\program files\hp\hp software update\hpwuschd2.exe 000=HKLM\Run: hpsysdrv=c:\hp\support\hpsysdrv.exe 000=HKLM\Run: KBD=c:\hp\kbd\kbdstub.exe 000=HKLM\Run: NvCplDaemon=c:\windows\system32\nvcpl.dll 000=HKLM\Run: NvMediaCenter=c:\windows\system32\nvmctray.dll 000=HKLM\Run: OsdMaestro="c:\program files\hewlett-packard\on-screen osd indicator\osd.exe" 000=HKLM\Run: RtHDVCpl=c:\windows\rthdvcpl.exe 000=HKLM\Run: SBCSTray=c:\program files\sunbelt software\counterspy\sbcstray.exe 000=HKLM\Run: SunJavaUpdateReg="c:\windows\system32\jureg.exe" -delete 001=Firewall bypass: C:\Program Files\BitTorrent\bittorrent.exe=c:\program files\bittorrent\bittorrent.exe 020=SSODL: WebCheck=(null) 030=BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=(null) () 030=BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}=c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll (IEVkbdBHO Class) 030=BHO: {9A065C65-4EE7-4DDD-9918-F129089A894A}=c:\program files\windows home server\whsdeskbands.dll (BrowserHelper Class) 030=BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}=(null) () 031=Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}=(null) 031=Toolbar: ITBar7Layout=(null) 031=Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}=(null) Startup Folders --------------- Common: desktop.ini Common: photofunstudio -viewer-.lnk -> C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE Common: pinnacle streaming server.lnk -> C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE Common: scaleo wake up.lnk -> C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe Common: windows home server.lnk -> C:\Program Files\Windows Home Server\WHSTrayApp.exe Personal: desktop.ini |
|
30.06.2008, 21:31
| #8 |
| | Spyhunter opfer... 06 MalewareBytes(hat einen trojaner im launcher eines bekannten online games entdeckt..?keine ahnung obs was zu sagen hat .)Malwarebytes' Anti-Malware 1.19 Datenbank Version: 905 Windows 6.0.6001 Service Pack 1 03:37:26 30.06.2008 mbam-log-6-30-2008 (03-37-26).txt Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 141447 Scan Dauer: 18 minute(s), 31 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine Malware Objekte gefunden) Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: C:\Program Files\gPotato.eu\Rappelz\Launcher.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. --------------------------------------------- bisher hat sich nichts spyhunterdateitechnisch im programmordner getan , bisher nicht wieder aufgetaucht. ich hoffe mal dass der rechner nun wieder stabil ist? Ich habe natürlich immernoch systemwiederherstellung aus und "kein java" auf dem rechner , aber wenn das ganze behoben ist kann man dann ganz nnormal wieder java installieren oder sind bestimmte versionen tabu....? |
|
01.07.2008, 16:56
| #9 |
| | Spyhunter opfer... tut mir leid , ich wollte eigentlich den lezten beitrag editieren , statt einen neuen zu posten , aber da ist auf einmal kein button weit und breit dafür mehr zu finden. also , kleines update , hier ein CounterSpy log: Scan History Details Start Date: 01.07.2008 17:08:16 End Date: 01.07.2008 17:42:13 Total Time: 33 Min 57 Sec Detected security risks KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Registry entries detected HKEY_USERS\S-1-5-21-1801194352-3344109957-2580172721-1001\SOFTWARE\KAZAA HKEY_USERS\S-1-5-21-1801194352-3344109957-2580172721-1001\SOFTWARE\KAZAA\LocalContent Trojan-Downloader.Win32.Agent.aww Trojan Downloader more information... Status: Deleted Files detected C:\Windows\swxcacls.exe ich hab übrigens nie kazaa besessen und hab bisher auch noch nichts ausser den von euch empfohlenen progs runtergeladen. und counterspy hat das programm vorher nicht angezeigt... hab mich wohl zu früh gefreut. |
|
01.07.2008, 17:53
| #10 | |
| /// AVZ-Toolkit Guru | Spyhunter opfer...Zitat:
 Immer schön alles aktuell halten! Ich vermisse noch ein SUPERAntiSpyware log..
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
01.07.2008, 18:15
| #11 |
| | Spyhunter opfer... ah tut mir leid , der muss beim zerhacken des riesenbeitrags in kleine teile draufgegangen sein. SUPERAntiSpyware Scan Log SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! Generated 06/30/2008 at 01:53 AM Application Version : 4.15.1000 Core Rules Database Version : 3493 Trace Rules Database Version: 1484 Scan type : Complete Scan Total Scan Time : 00:47:49 Memory items scanned : 666 Memory threats detected : 0 Registry items scanned : 6092 Registry threats detected : 0 File items scanned : 111739 File threats detected : 9 Adware.Tracking Cookie C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.71i[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.mynortonaccount[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@fastclick[2].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@2o7[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zbox.zanox[1].txt Geändert von drachior (01.07.2008 um 18:43 Uhr) |
|
01.07.2008, 18:57
| #12 |
| /// AVZ-Toolkit Guru | Spyhunter opfer...Cureit Dr.Web
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
01.07.2008, 22:59
| #13 |
| | Spyhunter opfer... stream003\strmserver.exe.184BCE29_589D_4695_8887_63F4C08E3857;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Downloaded Installations\{B0869F18-0877-4F0E-BEBA-4E653ACAAB1F}\P;Wahrscheinlich DLOADER.Trojan;; stream003;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Downloaded Installations\{B0869F18-0877-4F0E-BEBA-4E653ACAAB1F}\P;Archiv enthält infizierte Objekte;; Pinnacle DistanTV Server.msi;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Downloaded Installations\{B0869F18-0877-4F0E-BEBA-4E653ACAAB1F};Archiv enthält infizierte Objekte;Verschoben.; AD54D78Cd01;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; AD54DB3Fd01\Silent Runners.vbs;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache\AD54DB3Fd01;Wahrscheinlich BATCH.Virus;; AD54DB3Fd01;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Archiv enthält infizierte Objekte;Verschoben.; AD54D78Cd01;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; AD54D78Cd01;C:\Documents and Settings\***\AppData\Local\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; ComboFix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\***\Desktop\ComboFix.exe;Wahrscheinlich SCRIPT.Virus;; ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\***\Desktop\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\***\Desktop;Archiv enthält infizierte Objekte;Verschoben.; Silent Runners.zip\Silent Runners.vbs;C:\Documents and Settings\***\Desktop\Silent Runners.zip;Wahrscheinlich BATCH.Virus;; Silent Runners.zip;C:\Documents and Settings\***\Desktop;Archiv enthält infizierte Objekte;Verschoben.; Silent Runners.vbs;C:\Documents and Settings\***\Desktop\Silent Runners;Wahrscheinlich BATCH.Virus;; AD54DB3Fd01\Silent Runners.vbs;C:\Documents and Settings\***\DoctorWeb\Quarantine\AD54DB3Fd01;Wahrscheinlich BATCH.Virus;; AD54DB3Fd01;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; ComboFix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\***\DoctorWeb\Quarantine\ComboFix.exe;Wahrscheinlich SCRIPT.Virus;; ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\***\DoctorWeb\Quarantine\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; stream003\strmserver.exe.184BCE29_589D_4695_8887_63F4C08E3857;C:\Documents and Settings\***\DoctorWeb\Quarantine\Pinnacle DistanTV Server.msi\stream003;Wahrscheinlich DLOADER.Trojan;; stream003;C:\Documents and Settings\***\DoctorWeb\Quarantine\Pinnacle DistanTV Server.msi;Archiv enthält infizierte Objekte;; Pinnacle DistanTV Server.msi;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; Silent Runners.zip\Silent Runners.vbs;C:\Documents and Settings\***\DoctorWeb\Quarantine\Silent Runners.zip;Wahrscheinlich BATCH.Virus;; Silent Runners.zip;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; AD54D78Cd01;C:\Documents and Settings\***\Lokale Einstellungen\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; AD54D78Cd01;C:\Dokumente und Einstellungen\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; AD54D78Cd01;C:\Dokumente und Einstellungen\***\AppData\Local\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; Silent Runners.vbs;C:\Dokumente und Einstellungen\***\Desktop\Silent Runners;Wahrscheinlich BATCH.Virus;; AD54DB3Fd00\Silent Runners.vbs;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\AD54DB3Fd00;Wahrscheinlich BATCH.Virus;; AD54DB3Fd00;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; ComboFi0.exe\327882R2FWJFW\FIND3M.bat;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\ComboFi0.exe;Wahrscheinlich SCRIPT.Virus;; ComboFi0.exe\327882R2FWJFW\psexec.cfexe;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\ComboFi0.exe;Program.PsExec.171;; ComboFi0.exe;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; stream003\strmserver.exe.184BCE29_589D_4695_8887_63F4C08E3857;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\Pinnacle DistanTV Serve0.msi\stream003;Wahrscheinlich DLOADER.Trojan;; stream003;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\Pinnacle DistanTV Serve0.msi;Archiv enthält infizierte Objekte;; Pinnacle DistanTV Serve0.msi;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; Silent Runner0.zip\Silent Runners.vbs;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\Silent Runner0.zip;Wahrscheinlich BATCH.Virus;; Silent Runner0.zip;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.; AD54D78Cd01;C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; StrmServer.exe;C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer;Wahrscheinlich DLOADER.Trojan;; StrmServer.exe;C:\Programme\Pinnacle\Shared Files\Programs\StrmServer;Wahrscheinlich DLOADER.Trojan;; AD54D78Cd01;C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; Silent Runners.vbs;C:\Users\***\Desktop\Silent Runners;Wahrscheinlich BATCH.Virus;; AD54D78Cd01;C:\Users\***\Lokale Einstellungen\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;; ------------------------------------------------------ Es sieht aus als hätte der weinachtsmann reichlich geschenke mitgebracht.... Unter anderem hab ich eben ein pinfect.zip in meinem dokumentordner entdeckt ... hab aber fürs erste noch nichts angerührt. |
|
02.07.2008, 07:25
| #14 |
| /// AVZ-Toolkit Guru | Spyhunter opfer... Hast du die ganzen funde löschen lassen? Die pinfect.zip ebenfalls löschen!
__________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - |
|
02.07.2008, 11:47
| #15 |
| | Spyhunter opfer... du meintest ich soll die malware in quarantäne verschieben , ich hab am ende des scans auf alles markieren geklickt und dann versucht alles zu vershieben , aber bei gut 50% hat er die dateien nicht mehr gefunden , beim rest hat er GAR keine aktion ausgeführt.danach war auch nichts mehr an aktionen anwählbar. ich werde es nochmal laufen lassen und verdächtige dateien ebenfalls eventuell löschen lassen( ich hoff mal ich hau nicht irgend ne system datei vom rechner , werd vorsichtig sein).hab noch zusätzlich starke beschränkungen bei firefox und IE eingestellt , nachdem der explorer versucht hat spontan auf die pinfect.zip zuzugreifen , und firefox sich selbstständig dazu entschieden hat einen trojaner von einer seite namens cobrabasket zu laden. ich melde mich dann später mit HijackThis log und Dr. Web report . vielen dank nochmals für deine hilfe , ich finds toll dass es leute gibt , die idioten wie mir freiwillig helfen *g |
|
| Themen zu Spyhunter opfer... |
| adobe, alert, antispyware, application, bho, controlcenter, defender, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, internet security, kaspersky, mozilla, mozilla firefox, neustart, programm, rundll, schutz, security, software, studio, symantec, system, tracker, vielen dank, vista, windows, windows defender, windows sidebar |
Linear-Darstellung
