| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: falsche VerlinkungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
03.05.2009, 11:29
| #1 |
 |  falsche Verlinkung Hallo zusammen, seit ein paar tagen werde ich beim klicken auf normale google links auf völlig andere seiten weitergeleitet. zu erwähnen wäre vielleicht noch, dass das nur bei firefox, also meinem standardbrowser, passiert. beim IE8 klappt alles einwandfrei. hier also meine logfiles: Code:
ATTFilter Malwarebytes' Anti-Malware 1.36
Datenbank Version: 2068
Windows 5.1.2600 Service Pack 3, v.5657
02.05.2009 21:08:48
mbam-log-2009-05-02 (21-08-48).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 208737
Laufzeit: 1 hour(s), 27 minute(s), 35 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\Programme\winupdates (Worm.P2P) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\NetPumper\Jan.ini (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regedit.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iaxcfg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:33, on 03.05.2009 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Programme\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Rundll32.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Air Mouse.lnk = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab O18 - Protocol: bw+0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: offline-8876480 - {1D31D35F-9DCB-4C92-BDCD-7E5ECE2A2AAF} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe -- End of file - 19540 bytes |
|
03.05.2009, 11:37
| #2 |
| | falsche Verlinkung hier der rest:
__________________Code:
ATTFilter 7-Zip 4.60 beta
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0 - Deutsch
Air Mouse Server
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.4 (Unicode)
Avira AntiVir Personal - Free Antivirus
Azureus
Bonjour
CAESAR IV
CCleaner (remove only)
CDDRV_Installer
Counter-Strike(TM)
Creative EAX Console
Creative EAX-Einstellungen
Creative Lautsprechereinstellungen
Creative MediaSource
Day of Defeat: Source
DivX Web Player
DVD Decrypter (Remove Only)
EAX Unified
EAX4 Unified Redist
EVEREST Home Edition v2.20
Fallout 3
Gerätesteuerung
Gigaset USB Stick 108
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915800-v4)
Hotfix für Windows XP (KB932716-v2)
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB944043-v3)
Hotfix für Windows XP (KB951830)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB959252-v2)
Hotfix für Windows XP (KB960680-v2)
iTunes
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Logitech Desktop Messenger
Logitech SetPoint
Logitech Updater
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mount&Blade
Mozilla Firefox (3.0.10)
Mozilla Firefox (3.5b4)
MSI Live Update 3
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MuPAD Pro 4.0.1
Nero 7 Demo
NVIDIA Drivers
NvMixer
O&O Defrag Professional
OpenAL
OpenOffice.org 3.0
Panda ActiveScan 2.0
Pizza Syndicate
Port Royale 2
PowerISO
QuickTime
Shutdown4U
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB960715)
Skype™ 4.0
Sound Blaster Audigy LS
Spyware Terminator
Steam(TM)
Stronghold Crusader Extreme
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Tropico
TuneUp Utilities 2007
UltraISO Premium V8.2
UltraStar 0.6.2
UltraUXThemePatcher
Uninstall 1.0.0.0
Update für Windows XP (KB943729)
Update für Windows XP (KB951618-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB954920-v2)
Update für Windows XP (KB955704)
Update für Windows XP (KB955839)
Update für Windows XP (KB958752)
UpdateScanner
Viewpoint Media Player
VistaMizer 3.1.0.0
VistaMizer ExpansionPack 1.0.0.0
VLC media player 0.9.8a
VNC Free Edition 4.1.2
WC3Banlist
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 4.0
WinRAR Archivierer
WinSCP 4.1.6
WinZip
XML Paper Specification Shared Components Language Pack 1.0
xp-AntiSpy 3.97-2
gruß shiny |
|
03.05.2009, 19:33
| #3 |
  | falsche Verlinkung Hi,
__________________wenn das stimmt, dann waren/sind da einige recht unerfreuliche Sachen auf Deinem Rechner... Combofix Lade ComboFix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Weitere Anleitung unter:http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird Hinweis: unter : C:\WINDOWS\erdnt wird ein Backup angelegt. Alternative downloads: http://subs.geekstogo.com/ComboFix.exe chris
__________________ |
|
03.05.2009, 22:08
| #4 |
| | falsche Verlinkung danke schonmal @ chris habe combofix runtergeladen und ausgeführt, hier die log-datei: Code:
ATTFilter ComboFix 09-05-03.1 - *** 03.05.2009 22:55.1 - NTFSx86
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\PRE45
c:\windows\system32\sX3i19
.
((((((((((((((((((((((( Dateien erstellt von 2009-04-03 bis 2009-05-03 ))))))))))))))))))))))))))))))
.
2009-05-03 12:21 . 2009-05-03 12:21 -------- d-----w c:\programme\MSXML 4.0
2009-05-03 11:57 . 2009-05-03 11:57 -------- d-----w c:\programme\Gemeinsame Dateien\DivX Shared
2009-05-03 11:00 . 2009-05-03 11:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 10:51 . 2009-05-03 10:51 -------- d-----w c:\programme\Secunia
2009-05-02 17:38 . 2009-05-02 17:38 -------- d-----w c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2009-05-02 17:38 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 17:38 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 17:38 . 2009-05-02 17:38 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-02 17:38 . 2009-05-02 17:38 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-05-02 14:23 . 2009-05-02 15:05 -------- d-----w c:\windows\BDOSCAN8
2009-05-02 14:10 . 2009-05-03 11:35 -------- d-----w c:\programme\Panda Security
2009-05-02 13:57 . 2009-05-02 13:57 -------- d-----w c:\programme\Trend Micro
2009-04-23 07:54 . 2009-04-23 07:54 53760 ----a-w c:\windows\system32\drivers\SSHDRV76.sys
2009-04-23 07:53 . 2009-04-23 07:53 -------- d-----w c:\dokumente und einstellungen\***\Anwendungsdaten\Ascaron Entertainment
2009-04-23 07:51 . 2009-04-23 07:51 -------- d-----w c:\programme\Ascaron Entertainment
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-11 22:10 . 2009-04-11 22:10 -------- d-----w c:\programme\iPod
2009-04-11 22:09 . 2009-04-11 22:10 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 22:09 . 2009-04-11 22:10 -------- d-----w c:\programme\iTunes
2009-04-10 02:13 . 2009-04-10 02:13 -------- d-----w c:\dokumente und einstellungen\***\Anwendungsdaten\Styler
2009-04-10 02:04 . 2009-04-10 02:05 -------- d-----w c:\windows\VistaMizer ExpansionPack
2009-04-09 16:31 . 2009-04-09 16:37 -------- d-----w c:\windows\VistaMizer
2009-04-09 13:41 . 2009-04-09 13:41 -------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Apple Computer
2009-04-09 13:07 . 2009-04-09 13:08 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
2009-04-09 11:41 . 2009-04-09 11:41 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Cooliris
2009-04-09 11:19 . 2009-04-09 11:19 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2009-04-09 11:15 . 2009-04-09 11:15 -------- d-----w c:\programme\UltraUXThemePatcher
2009-04-09 10:55 . 2009-04-09 10:55 -------- d-sh--w c:\dokumente und einstellungen\Administrator\PrivacIE
2009-04-09 10:54 . 2009-04-09 10:54 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2009-04-09 10:52 . 2009-04-09 10:52 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AirMouse
2009-04-09 10:52 . 2009-04-09 10:52 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Ahead
2009-04-09 10:52 . 2009-04-09 10:52 -------- d-----w c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Logitech
2009-04-09 10:52 . 2009-04-09 13:41 -------- d-----w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2009-04-09 10:52 . 2009-04-09 12:07 -------- d-s---w c:\dokumente und einstellungen\Administrator\Eigene Dateien
2009-04-09 10:52 . 2009-04-09 10:52 -------- d-sh--w c:\dokumente und einstellungen\Administrator\IETldCache
2009-04-04 01:29 . 2009-04-04 01:29 -------- d-----w c:\windows\nview
2009-04-04 01:29 . 2009-03-27 08:03 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-03 22:39 . 2009-04-03 22:40 -------- d-----w c:\programme\Microsoft Games for Windows - LIVE
2009-04-03 21:47 . 2007-01-21 16:08 249856 ----a-w c:\windows\system32\wgapi.dll
2009-04-03 21:47 . 2007-01-21 16:08 237568 ----a-w c:\windows\system32\wcapi.dll
2009-04-03 21:47 . 2007-01-22 08:14 90112 ----a-w c:\windows\system32\oemres.dll
2009-04-03 21:47 . 2007-01-21 16:13 49225 ----a-w c:\windows\system32\athgina.dll
2009-04-03 21:47 . 2007-01-21 16:11 77824 ----a-w c:\windows\system32\athcfg11res.dll
2009-04-03 21:47 . 2007-01-21 16:12 389120 ----a-w c:\windows\system32\athcfg11.dll
2009-04-03 21:47 . 2007-01-21 16:12 36864 ----a-w c:\windows\system32\acs.exe
2009-04-03 21:47 . 2007-01-21 16:02 315392 ----a-w c:\windows\system32\AegisI5.exe
2009-04-03 21:47 . 2007-01-21 16:02 1396836 ----a-w c:\windows\system32\AegisE5.dll
2009-04-03 21:47 . 2009-04-03 21:47 -------- d-----w c:\programme\Siemens
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 20:52 . 2006-05-08 20:52 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 11:57 . 2006-05-11 19:27 -------- d-----w c:\programme\DivX
2009-05-03 11:19 . 2006-07-26 23:01 -------- d-----w c:\programme\Java
2009-05-03 11:01 . 2006-10-10 18:12 -------- d-----w c:\programme\WinPcap
2009-05-02 23:12 . 2006-05-17 13:47 -------- d-----w c:\programme\Warcraft III
2009-05-01 15:28 . 2006-05-09 14:15 392 ----a-w c:\windows\Tasks\1-Klick-Wartung.job
2009-04-27 18:06 . 2009-03-19 13:45 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-21 06:49 . 2008-09-09 22:07 276 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-11 22:09 . 2007-11-19 17:00 -------- d-----w c:\programme\Gemeinsame Dateien\Apple
2009-04-09 16:39 . 2008-10-08 23:01 -------- d-----w c:\programme\7-Zip
2009-04-09 16:37 . 2001-08-23 12:00 219136 ----a-w c:\windows\system32\uxtheme.dll
2009-04-09 10:54 . 2006-06-13 22:40 -------- d-----w c:\programme\Gemeinsame Dateien\Logitech
2009-04-04 01:30 . 2008-12-07 17:46 7156 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-03 21:47 . 2006-05-08 21:04 -------- d--h--w c:\programme\InstallShield Installation Information
2009-04-01 21:16 . 2001-08-23 12:00 80928 ----a-w c:\windows\system32\perfc007.dat
2009-04-01 21:16 . 2001-08-23 12:00 452326 ----a-w c:\windows\system32\perfh007.dat
2009-04-01 17:41 . 2006-05-08 21:04 -------- d-----w c:\programme\Gemeinsame Dateien\Funk Software
2009-04-01 17:21 . 2007-07-21 15:54 -------- d-----w c:\programme\Electronic Arts
2009-04-01 17:17 . 2008-05-16 00:55 -------- d-----w c:\programme\capella-software
2009-04-01 17:14 . 2007-01-03 22:44 -------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-04-01 16:47 . 2009-04-01 16:47 -------- d-----w c:\programme\Bethesda Softworks
2009-04-01 03:42 . 2009-04-01 03:42 -------- d-----w c:\programme\xp-AntiSpy
2009-04-01 03:38 . 2008-12-24 16:23 -------- d-----w c:\programme\Sierra
2009-03-31 22:22 . 2006-05-15 18:42 79128 -c--a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-30 20:28 . 2007-11-18 00:13 -------- d-----w c:\programme\UltraStar
2009-03-28 16:03 . 2009-02-22 16:50 -------- d-----w c:\programme\JoWooD
2009-03-27 17:16 . 2009-03-27 17:15 -------- d-----w c:\programme\Teamspeak2_RC2
2009-03-27 06:14 . 2008-11-01 12:52 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-26 01:02 . 2009-01-01 20:38 -------- d-----w c:\programme\MirandaX Plus 2.5
2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2009-03-20 13:38 . 2006-05-17 13:50 170977 -c--a-w c:\windows\War3Unin.dat
2009-03-19 19:46 . 2008-09-28 12:33 -------- d-----w c:\programme\CCleaner
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 13:45 . 2009-03-19 13:45 -------- d-----w c:\programme\Avira
2009-03-13 10:18 . 2009-02-26 16:20 -------- d-----w c:\programme\Mount&Blade
2009-03-12 10:59 . 2008-04-17 14:31 -------- d-----w c:\programme\Spyware Terminator
2009-03-12 10:59 . 2008-04-17 14:31 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-12 10:44 . 2009-03-12 10:43 -------- d-----w c:\programme\QuickTime
2009-03-10 10:33 . 2009-03-10 10:33 -------- d-----w c:\programme\Bonjour
2009-03-08 03:34 . 2001-08-23 12:00 1016320 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2001-08-23 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2001-08-23 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2001-08-23 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2001-08-23 12:00 107008 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2001-08-23 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2001-08-23 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2001-08-23 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2001-08-23 12:00 94720 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2001-08-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 22:59 . 2008-09-09 22:05 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 22:59 . 2007-11-19 17:00 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\programme\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\programme\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2004-08-03 22:58 14336 65A819B121EB6FDAB4400EA42BDFFE64 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2007-12-01 00:48 14336 1C95B699A0BFA3B306E40E7066120D20 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2007-12-01 00:48 14336 1C95B699A0BFA3B306E40E7066120D20 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 578560 4C90159A69A5FD3EB39C71411F28FCFF c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 579584 78785EFF8CB90CEC1862A4CCFD9A3C3A c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 579072 492E166CFD26A50FB9160DB536FF7D2B c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-03 22:57 578560 56785FD5236D7B22CF471A6DA9DB46D8 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 578560 3751D7CF0E0A113D84414992146BCE6A c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-12-01 00:47 580096 2B634F93C3CB6A311FF4810F8D9ED9D0 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-12-01 00:47 580096 2B634F93C3CB6A311FF4810F8D9ED9D0 c:\windows\system32\user32.dll
[-] 2004-08-03 22:57 82944 D569240A22421D5F670BB6FB6DD522B5 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2007-12-01 00:48 82432 A52236CE9039A222BE380499ADC9EB1F c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2007-12-01 00:48 82432 A52236CE9039A222BE380499ADC9EB1F c:\windows\system32\ws2_32.dll
[-] 2006-06-23 11:25 670208 05E47EA6708BD99DF2D8E4ABD55DF079 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2007-06-27 14:12 824320 17D39B59E2E3740058AE3FBCD432CEDE c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 09:48 825344 283D85F8192FA54F2CA978B659965739 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:45 827904 2B5AE9ACD86E1B8B86D62E153DE130AB c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2006-06-23 11:10 1224192 E42520FE8BE72DFBA60829F34C0FABEE c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2006-06-23 11:10 664576 9A73CA7A43AB311CAC76686ADD9D946F c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2004-08-03 22:57 662016 B1A1DA99C4A6EBFD59F86A453BF02F39 c:\windows\$NtUninstallKB918899_0$\wininet.dll
[-] 2006-06-23 11:25 670208 05E47EA6708BD99DF2D8E4ABD55DF079 c:\windows\ie7\wininet.dll
[-] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 07:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:05 823808 0D58CEBD30684B481C8DF3DA69375410 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 09:55 824832 CAFC9797228843012CED767D24D8DCFC c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 22:31 927744 9E0341D846A2B18A1ABCAAB4CED52A17 c:\windows\ie8\wininet.dll
[-] 2009-03-08 03:34 1016320 2868B8B04547CAF8B5E6024CAC3DF0FD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-08 03:34 1016320 2868B8B04547CAF8B5E6024CAC3DF0FD c:\windows\system32\wininet.dll
[-] 2009-03-08 03:34 1016320 2868B8B04547CAF8B5E6024CAC3DF0FD c:\windows\system32\dllcache\wininet.dll
[7] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\VistaMizer\old\wininet.dll
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-11-30 16:18 361344 19EBDA988DA80F133DC9E28A50F606E8 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-11-30 16:18 361344 19EBDA988DA80F133DC9E28A50F606E8 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-03 22:58 507392 2B6A0BAF33A9918F09442D873848FF72 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2007-12-01 00:48 552448 D4FD5B5B37ABE52C3830418C485E57F1 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2007-12-01 00:48 552448 D4FD5B5B37ABE52C3830418C485E57F1 c:\windows\system32\winlogon.exe
[-] 2007-12-01 00:48 513024 33B584372EDCCA6868936507DEC143E6 c:\windows\VistaMizer\old\winlogon.exe
[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2007-11-30 16:18 182656 D1B364F049EB84A883C8A45D3B92FF3B c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2007-11-30 16:18 182656 D1B364F049EB84A883C8A45D3B92FF3B c:\windows\system32\drivers\ndis.sys
[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2007-11-30 15:44 36608 EF9BB587E33C2C245B5B83E882501FF6 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2007-11-30 15:44 36608 EF9BB587E33C2C245B5B83E882501FF6 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 18:11 2059264 AE8364004BBFD70461D2EF34888D3360 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 18:22 2068352 C789B5AEA9AB71C5BEF6DD568F744842 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 06:06 2061696 9B9CA27AD315C02B71510238574894B2 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2004-08-03 22:50 2059136 CE41FC4C06499A389D39B301879535FB c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 18:06 2059136 BDFF8FFA77EE7DF9758EF8C1E0DA8EFF c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
[-] 2006-10-30 04:00 2061568 825F18910459CE078B6A0B0E4C8D9D64 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-12-01 00:11 2068224 AF8A3CC4D5B4F3569F8A337FF54AFCB2 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-08-14 13:19 2068352 326C258774EB791E78FEA8A9E14D5C3E c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 13:19 2325632 A076CFEDE0CF47FA54EA053D854541CD c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-08-14 13:19 2325632 A076CFEDE0CF47FA54EA053D854541CD c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 13:19 2325632 A076CFEDE0CF47FA54EA053D854541CD c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-08-14 13:19 2068352 326C258774EB791E78FEA8A9E14D5C3E c:\windows\VistaMizer\old\ntkrnlpa.exe
[-] 2005-03-02 18:11 2181888 EB5538A452E0E99169E2B6CDB62FF9D2 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 18:22 2191488 59282EFE7147C011530E51FF92BA86AC c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:06 2184448 E1DE7A10D46959560C3B617227D95C19 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2004-08-03 22:50 2183296 DC888C9C4CA0EEA7A3CB7E6B610F75C7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 18:06 2181632 7189A2391ADC1F65C9AE87B0ABE0F945 c:\windows\$NtUninstallKB896256$\ntoskrnl.exe
[-] 2006-10-30 14:01 2184320 76CD8E7AC91FFCD789981807E26AFB5B c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-12-01 00:11 2191360 11296ADC90D79E008D45B39F01E82C1A c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-08-14 13:19 2191488 934FBEA25F8DE017ABFC6169B8446D94 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 13:19 2448768 E9A2BA9155EA7A7B19E6130DBE9E629B c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-08-14 13:19 2448768 E9A2BA9155EA7A7B19E6130DBE9E629B c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 13:19 2448768 E9A2BA9155EA7A7B19E6130DBE9E629B c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-08-14 13:19 2191488 934FBEA25F8DE017ABFC6169B8446D94 c:\windows\VistaMizer\old\ntoskrnl.exe
[-] 2007-12-01 00:48 1555456 2D66B2F3F2BE8D3D24AED711BD6CBB17 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1036288 331ED93570BAF3CFE30340298762CD56 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-03 22:57 1035264 22FE1BE02EADDE1632E478E4125639E0 c:\windows\$NtUninstallKB884883$\explorer.exe
[-] 2005-04-07 18:46 1035264 64322E8399B205B7281FF883737A9B03 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-12-01 00:48 1555456 2D66B2F3F2BE8D3D24AED711BD6CBB17 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-12-01 00:48 1036800 3B702D8A5896A34259A70A02357036D1 c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-03 22:58 108544 EDB6B81761BD60F32F740BBC40AFB676 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2007-12-01 00:48 109056 80A7529844AF1E2E9DCBFF43262643D4 c:\windows\ServicePackFiles\i386\services.exe
[-] 2007-12-01 00:48 109056 80A7529844AF1E2E9DCBFF43262643D4 c:\windows\system32\services.exe
[-] 2004-08-03 22:58 13312 183805EB05BCA5A1E4AAAED4D2BE3690 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2007-12-01 00:48 13312 85B67A8630D41F08EF8FD3AEFA12F53C c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2007-12-01 00:48 13312 85B67A8630D41F08EF8FD3AEFA12F53C c:\windows\system32\lsass.exe
[-] 2004-08-03 22:57 15360 7CE20569925DF6789C31799F0C538F29 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2007-12-01 00:48 25088 14AD905C776DCC859DBD58B0F7BC217F c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2007-12-01 00:48 25088 14AD905C776DCC859DBD58B0F7BC217F c:\windows\system32\ctfmon.exe
[-] 2007-12-01 00:48 15360 D99B412832932069F074277062C7B6AB c:\windows\VistaMizer\old\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-03 22:58 57856 54E7113A4BD696E430919BCAF5C65E06 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2007-12-01 00:48 57856 993BA6E7A43DBC63240BD42E27A02D4E c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2007-12-01 00:48 57856 993BA6E7A43DBC63240BD42E27A02D4E c:\windows\system32\spoolsv.exe
[-] 2004-08-03 22:58 25088 D1E53DC57143F2584B1DD53B036C0633 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2007-12-01 00:48 26624 5607ABED0DAEF068891C9E40D7573EF6 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2007-12-01 00:48 26624 5607ABED0DAEF068891C9E40D7573EF6 c:\windows\system32\userinit.exe
[-] 2004-08-03 22:57 297472 1850BC10DE5DCCCEDE063FC2D0F2CEDA c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2007-12-01 00:47 297472 D22CF58FBA476CDEEEEFD51913293A25 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2007-12-01 00:47 297472 D22CF58FBA476CDEEEEFD51913293A25 c:\windows\system32\termsrv.dll
[-] 2006-07-05 10:57 1058816 0BEFE0BF274818EC0785B7B842967313 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:09 1059840 5D0974BD58808FACA5D2C437B6FC8D85 c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 10:55 1057792 E42795D2E7725D378EE2A4BFA6FE9DB3 c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2004-08-03 22:57 1057280 E6CD85D0D37416CF138F01F4BB0FC872 c:\windows\$NtUninstallKB917422_0$\kernel32.dll
[-] 2006-07-05 10:57 1058816 0BEFE0BF274818EC0785B7B842967313 c:\windows\$NtUninstallKB924867$\kernel32.dll
[-] 2006-09-07 11:59 1059328 76765056BA84DF0F016A8671810462DD c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-12-01 00:47 1063424 FDCCD2424BAD5B4DD50D71463D4D64AC c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-12-01 00:47 1063424 FDCCD2424BAD5B4DD50D71463D4D64AC c:\windows\system32\kernel32.dll
[-] 2004-08-03 22:57 17408 5604574D490B798BD9A946B021A766AD c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2007-12-01 00:47 17408 9678BC542229B04FE6835AE5DE0D3F65 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2007-12-01 00:47 17408 9678BC542229B04FE6835AE5DE0D3F65 c:\windows\system32\powrprof.dll
[-] 2004-08-03 22:57 110080 94101D13A1818A9D08337EEC12ED277A c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2007-12-01 00:47 110080 EECFBFCA102B1610B4C64E905D166978 c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2007-12-01 00:47 110080 EECFBFCA102B1610B4C64E905D166978 c:\windows\system32\imm32.dll
[-] 2004-08-03 22:57 1548288 80F7B7198B869C07C98627AF812D68B6 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2007-12-01 00:47 1571328 8BB2929F453182D4F725ADE256690942 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2007-12-01 00:47 1571328 8BB2929F453182D4F725ADE256690942 c:\windows\system32\sfcfiles.dll
Geändert von shinySun (03.05.2009 um 22:44 Uhr) |
|
03.05.2009, 22:10
| #5 |
| | falsche Verlinkung und der rest: Code:
ATTFilter (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-01-05 413696]
"P17Helper"="P17.dll" - c:\windows\system32\P17.DLL [2005-05-03 64512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2007-12-01 25088]
c:\dokumente und einstellungen\***\Startmen\Programme\Autostart\
Secunia PSI.lnk - c:\programme\Secunia\PSI\psi.exe [2009-3-24 748840]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Air Mouse.lnk - c:\programme\Air Mouse\Air Mouse\Air Mouse.exe [2009-1-19 268288]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2007-9-16 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Creative Detector"=c:\programme\Creative\MediaSource\Detector\CTDetect.exe /R
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
"LDM"=c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"Steam"="c:\programme\Valve\Steam\Steam.exe" -silent
"Creative MediaSource Go!"=c:\programme\Creative\MediaSource\Go\CTCMSGo.exe
"Creative MediaSource Go"="c:\programme\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NVMixerTray"="c:\programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"LiveMonitor"=c:\programme\MSI\Live Update 3\LMonitor.exe
"CTRegRun"=c:\windows\CTRegRun.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"CTSysVol"=c:\programme\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe"
"ISUSPM Startup"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
"OODefragTray"=c:\windows\system32\oodtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\Programme\\Warcraft III\\war3.exe"=
"c:\\Programme\\WC3Banlist\\WC3Banlist.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\***\\day of defeat source\\hl2.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\RealVNC\\VNC4\\vncviewer.exe"=
"d:\\Programme\\Annoo 1701\\Anno1701.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"d:\\Programme\\CoD 2\\CoD2MP_s.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\***\\counter-strike\\hl.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Teamspeak2-RC2\\server_windows.exe"=
"c:\\Programme\\MirandaX Plus 2.5\\miranda32.exe"=
"c:\\Programme\\7-Zip\\7zFM.exe"=
"c:\\Programme\\OO Software\\Defrag\\oodcnt.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 amdtools;AMD Special Tools Driver; [x]
R3 ATHFMWDL;GigaSet USB Stick 108 Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2005-02-24 43392]
R3 CBPMp50;CBPMp50 NDIS Protocol Driver; [x]
R3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys [2006-11-28 27072]
R3 jatmlano;jatmlano; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
R3 TSMPacket;T-DSL SpeedManager Service; [x]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2009-04-23 53760]
S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2008-10-29 99840]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-06-29 3712]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6b1bcc-f77d-11dd-8914-0001e34fa48d}]
\Shell\AutoRun\command - H:\Menu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners
2009-05-01 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 14:46]
2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
uInternet Connection Wizard,ShellNext = iexplore
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9gfbc4fy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9gfbc4fy.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\9gfbc4fy.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 22:57
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1220945662-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D168D9C-BB8C-2412-66BB-4DF6DD3E9C63}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifheaoibmbfckbgc"=hex:6b,61,66,67,6a,65,67,6a,65,65,6c,61,6e,6c,70,6f,68,70,
65,6e,63,63,00,00
"hakfbkhlehdbknie"=hex:6b,61,66,67,6a,65,67,6a,65,65,6c,61,6e,6c,70,6f,68,70,
65,6e,63,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE2F8DFB-F2CD-CAD4-E9CF-EE3ACB0E87D2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaccmcdcbljdhjdckoanccbgpokcfm"=hex:64,61,66,65,67,6e,6b,62,00,b0
"oagdkhddgaeokdncmenhdlkplcakda"=hex:6b,61,66,65,64,6d,67,61,6d,61,64,67,6b,63,
67,62,6c,65,66,65,6f,66,00,00
"naadeknlibcnlbllahmjhebelehe"=hex:6b,61,66,65,64,6d,67,61,6d,61,64,67,6b,63,
67,62,6c,65,66,65,6f,66,00,00
"eaockkjflc"=hex:64,61,6d,63,6d,6a,6f,62,00,f0
"cadcec"=hex:6b,62,69,65,70,6d,6d,70,63,68,67,6c,69,65,66,70,70,6d,6c,62,6c,6e,
65,62,6a,63,6e,70,6a,6d,67,69,68,67,67,6e,66,61,6d,67,68,68,62,67,69,64,65,\
[HKEY_USERS\S-1-5-21-1220945662-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDD0909C-30A9-E825-3238-317BFE3F1582}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialfjflbopnlhoejec"=hex:6b,61,61,67,6f,63,69,6e,6a,6d,67,6a,63,69,6c,6d,70,66,
64,64,66,6c,00,00
"hafghemgblnieofd"=hex:6b,61,61,67,6f,63,69,6e,6a,6d,67,6a,63,69,6c,6d,70,66,
64,64,66,6c,00,00
[HKEY_USERS\S-1-5-21-1220945662-220523388-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,b1,d8,6a,63,21,41,34,cb,bf,86,b5,a4,34,5b,bf,bd,4a,8e,96,78,14,ed,
48,9d,41,88,4c,c0,56,72,63,b3,38,61,df,8a,d9,49,c0,f8,33,fc,3d,06,c3,5e,73,\
"??"=hex:b3,19,bb,48,77,d8,9a,90,2e,46,d4,9a,2a,41,5b,dc
[HKEY_USERS\S-1-5-21-1220945662-220523388-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:95,86,14,38,6b,15,6e,b7,59,e7,5d,de,b8,11,68,ee,06,cf,2f,c9,37,
46,23,36,1a,b4,06,75,71,2b,6a,9f,36,c0,de,4b,a9,51,51,24,21,52,3d,6e,ba,36,\
"rkeysecu"=hex:8b,08,72,c0,a2,48,60,2f,f2,c4,eb,d0,83,f2,02,eb
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="24241587DD20E245159123B7C7F1D279AEBDD0BE8FC7EAF0EEFDBDDF131E81C492F2FA185312CE084113650CA1600ADA40FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14079DB7CE019D40AA5CA6171C11EC38DE3DF263BC8A4A40DA6FB97047D78A194425E041A55A742E95D939836EED03DAE1DF26FE7B7D1C82BC59A8EE58290CAC51F23E6D020EC33CCB218A70F88CEF321181554F232C5F7E4B385761F887B461B96D55A8854C696261D08D083EC628CD022DF61119056D49E19447600302F877DD91D40223E399A9DCF3C0F2624DBB2080A075A656B850DEB0FA702468698213F4DCE0ADDC68B87D1A1B9380A013EB7DAB1B2E966ABBCA9D3FFD3E0DA954AF3909519204CB30E22F4758EA9E44D1B1A07863F30BF648D0C6E4348E9E601E91D77776F4011C58E6F1674521633085B8A52DC00B50335A0B02CD36B4FD3662EC3CF15709C38D3D45DF517C8209D86D600F667F2FD8E7B354D9FAA1F8F7EB86BC9B7E80C010F504B6F22F1D4F6BC70DBA4114718E3C745A3FBAC11915FAD32DAD8CF587874FBB93A48E004B3E0A992E918679E94AB1CB169078C9C138185444210A0780B58B5C962EF4182FF68C005DDF8C2EC2789972733F49914406886AF62DF3B3081EF6E77CA5CF9CF3173AC068536320D7A2F303C5784868CE15A624B71A8C51BB026203F8902A074AAF0035E5D1810C0AC7E7AD219C72F393EFF0263EE77D883E1DC86402AB75A963C56F4A2C72BF87BED93E325EC0AB2DC8160AA58445D0D9361844D9D2628524F9513C0058FE5CF95D3F66E89BACB8DFA6FA3970471AF694CE1595446BD913EE4740C06ECAF8F61ED2D0713B395D462E6B0569E389FDC15FB5A61F160FE8BA548B74783C27931706115D15265C04E00BD890A9F3123FE8B41FD66A57C318FB730CC18528D53525938AA6AB3EED037A4034E9ACA7E8608860C09F2327D5A63D3F8D72AB03027AED7FBA6332299B756BEAC8D7C91B5F162007D4F198B25407C4FCDEC0D5B19D3224559BBCCB9FD626EC7BE18DFAFB05C9121C1AB03F4090603FC84CE08EAEDAE05CF3AE503D71D3969DB6D1B85F8F3118A6E95536AF27250DBE91ACF68706B33D9011793171010D7A0035EFF63BAB7D54890FCACCA354E99AB599D59A1759E2B29D32046576443EBB7AE313DB733C4704C9FCC4357CC7804DFDF7A35AB35E6960C4B4DA66FC446974D6839BEE943FB35E59F71422BE15C91A5316F5B7FB5D8B9B2D480F22DAA0D3F74529E8AACC4A2653129C893D9066EE2C56B5312531B5D0EA5D7034FB0C8C06C8D5BDE27D6E82C803AE567C233E7559620A663B0EB5D5060A448564482C4CCCA000FD71CA71240B444DE7C8E0B993B9CDD81181CE15453AE63431"
"OODEFRAG10.00.00.01WORKSTATION"="9919FDE5F2364C3D0F2F45427559F077813E2167D652153DFBB5882D62B60214D3008F5CA2B4C97682DFCF0268F71273DD601B51A1A1B2568DD10194044F9E626A5B2233042F259D9114553E9D287BA8DA3A9C9A6D1098AD98E568AD1AF2E4D72CE1AEA2896AB15CDB064A39ECFD0C9A10A5B63097A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67949DB7CE019D40AA5CA6171C11EC38DE3D79672C01609A61FA2A10185554C0DFB1C8C6A2FE08F49D07D6E41E698F8319440CF8D0F1AFF925921D5D28DD1004BDE7606833524367B194B1A175E3987A9C54B40F0A3A42C0AB79DE121237C809B9A0554CF2BBCFA136F7179D6B70AB165E157EAD712AC28945DC068863D3C6912AF86B45056E34AFA6DE1AC5D8212C4C2066E6F83656125197ED9CBE3FE808453A945ACCA3E2AC03D0FEBD2A2B5132F7752DDEBA191AC57C1BE1A258DE703E2FE5994EFD195425EE598E7B81621A8A5445D2CFE17190A54F9C748B1C8BAACE3F8133E797C640C22CB4C940A4945CB1054C448F80291BAD763CE0BD742796D348300FBBFE216AD957AE716E0FECBCDE0E19706F4B3F5F0FFDF0EA15F022FD1A83EB61CFBBAFDB76F066C65962252476D7904E2F1DC546AD5A01D65EC385E7A20A8460A1F90E5CD6DCCD13CBE211BC1632E9540773E17EA3E00AEDDFC4EAA3A45B9A45A088EEFE6CE42DA1807A95F88C4D31801FEFCE76BB4C7DFECDEE04C3095D23D0B15C94935F339D422A362B0B5DBE465216D8DBE4773B9EDBD4DF129EEB54E8C3AA0DD732095A8EC76EC55FEB407FDBCF7D1868C30B2F885913DBEC4D20ED89665A5725B678CC430BE3FED3D820ECFB02DCBB6D4F5F0FA5519B48802F2C38F5817F99FBC070E4516799D93ECF9C498073ACF5740790A53821F6B1CBE447A7F565CDD772B1E65EA5BB90F467950AB899B65B9B1B33EEA0542B1E45E0D5601321E46E3CAE3206D77CEB3C10AB336FC64BDE4C2794DAFE14E35401D7692B9836E655FB8FED2CAD586A60070FFDF409DEEC06533726CBF9F3A107825F9ED346AE089108C301506E4755844DFC62E944522A47BB0DAB174C9B9FB0F9F65003F1039A78146BCB1012F078C7618572E6C6580545C38D121195CAC3C2B3DC62AC591809ED9B40C5A38F85E19D0779DA8468084EA39CC45B55ABA1C4326B74CA0CEDBA8FD6871DFC861799F57EF64E5F1D3261AE8A6CDE9E3F1629AF7AD6C4961FD599419EB98110F68B25E9655E9CD1D265C323A74EAD06EE11C9E6179B78E328E9C983B48511B3F80385C851DFA11E0976F47A2A4FA850CB0FD19D0C555EE52DB8BF908A3415AFD2477AF1C78E3D40E78A9E5848F0E8CEFCB2F4DC5D9369E4788258759600F8E110D7A917CDF476"
"OODEFRAG11.00.00.01WORKSTATION"="9BF6B9C65A84CE0332DE862FA3D0E760BC963CE4C3F045BB39B5CA7087C2905A116EE077F9B34CCAD4C2CE8011C061B9D6C645CAAB7E004B0EECD734DCB4CE0948F35BAC0A886F6632CE09C352B44DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6675FA61E449E170711E7C6F55B11494322CBB5555AE938879B76903ABA60655A6D25169236ADE54784E0A82CF788D6169F11273A95C6971FF0988AE1CFFC54180983636133B6E58A1FC615C3F93CFAC99A8D709B49EA18FAF79697E0B81ADE3376A82F492A91B29F9C8867C071931EC2020ECC694DEC0F3BF7BE6DAD319FE8A27180CFE75D995EF34D53358B467A1C89DBA1AC71CCE8C6A1C9A07B2349FAC882C83D4F40E1AB6B9D159943713260C6C9429DB26BC781FD14DD9261FD669FC891E0566BBA21AB51536D940D234639E3D6611937F013D9669AB4ACF1E2418229B1AF0493225AFEFD6F613EBFB3E2FBAC24F9F045FDD51B27E5E6CC38D5661D9BEAC0C5EEA59D1250F41255C09D4025CB4BE3C49C750CF2D7461C937043B66D486733DDD659D1D11C06B3DC233A69B4E489857AB09B8490883214E609F8E7F3CAF53C525834303229EA0E1EB34C3C2D8B3E5DB7299AE3A93A439F7028A701B7B00B206B369246A9B48F7DA170F6EB17C86F7CE9617E2275E337271B2668DFC27DBA3CBAE4B17732ED8373B80B447EFC1B450941683A8A326EEFA39A10B4B52128427F8F8DB6774BF97A72F46B9E4FEFF18E3B3182233D20B8F323E1A5E985641C006C020FA9D0766F4D93ADAAD78E823239617327F12D83936C49AB5BCBAAA338F51B6AF973E1BBDA7783FE9823BBCCB6DCDB0381C32424C6A7CAF35900CF784FCC366893665C24BB1901C7379AB06BCAB01F9FF11BBB518B1872FC7D11767F294DFDDCD6B3C4400775E22A3DB897FBAF92B6CD0A5D64588F529FCAD7EDF35B7F68C36FEFF2F6A0A4740F0F94DF6D239B82BE5794526111751243A7ACE7703102AFF08840211FDEEF23039F5C53860AB62668C489284C51D233E32173B5E7AAD4D980D7DE9C3F123AAF4F4C673B0AD89DC6786A9AF00FF7B1391B86DA732D740C4301CF93A82DDAC5EF97C7BAA4F143625049D8AAA26BE49048996EC29C63C1B66994A4DCEC925CCB5A9389127F0CF8895448EA5114F2FB61AC1FB0BD16044850EF75516BF46E3C780B11CC5C20FCB58B87F4BB5A850EA609D204EB17245A40CD9D6C95262F11256B42EE90BBBFBB325542E52A45977952E3CCB0804AF30AE895DCDAF0A570A047B76422188679112EC902455CC44DC3EDBDD0A41407910582833DB12C38EE97D2E678326946CE1C6FBBE7CD3AC093D26F5937F08FB26F17D36472F94F"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\SHDOCVW.dll
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2009-05-03 23:01
ComboFix-quarantined-files.txt 2009-05-03 21:01
Vor Suchlauf: 20 Verzeichnis(se), 14.924.517.376 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 14.996.303.872 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=BJIDLV /usepmtimer
455
Geändert von shinySun (03.05.2009 um 22:17 Uhr) |
|
04.05.2009, 07:08
| #6 |
| | falsche Verlinkung Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\system32\nvudisp.exe
c:\windows\Tasks\SA.DAT
Also falls die Sachen erkannt werden (nvudisp.exe): Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Drivers to delete:
jatmlano
Files to delete:
c:\windows\system32\nvudisp.exe
c:\windows\Tasks\SA.DAT
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Eownload EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser beendet, wähle Copy und füge den Bericht ein. Prevx: http://www.prevx.com/freescan.asp Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters... chris
__________________ --> falsche Verlinkung |
|
| Themen zu falsche Verlinkung |
| .com, 0 bytes, adobe, adware.180solutions, antivir, antivir guard, avira, bho, bonjour, defender, desktop, einstellungen, explorer, fake.dropped.malware, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, malwarebytes' anti-malware, registrierungsschlüssel, rogue.trace, rundll, senden, server, software, spyware, spyware terminator, system, updates, windows xp, worm.p2p |
Hybrid-Darstellung
