PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

john.doe · 10.07.2009, 22:50

Offensichtlich hat Kaspersky ihn entfernen können, das ist ja ganz was Neues.

1.) Deinstalliere:

AdAware
Apple Software Update
Bonjour
Google Update Helper
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy

2.) Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

ATTFilter

KILLALL::

Driver::
catchme
Bonjour Service
gupdate1c9e39a101dcf54
Lavasoft Ad-Aware Service

FixCSet::

RegNull::
[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"=-

File::
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

SysRst::

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

shirocko · 10.07.2009, 23:22

noch ne frage. warum soll ich adaware und spybot entfernen. dies sind doch antispyware und funktionieren auch gut.

john.doe · 10.07.2009, 23:24

Zitat:

dies sind doch antispyware und funktionieren auch gut.

Du wirst neue bekommen, die besser funktionieren. Versprochen.

ciao, andreas

shirocko · 10.07.2009, 23:45

der google update helper hat keine uninstall routine
soll ich das script trotzdem ausführen?
die anderen programme sind deinstalliert

john.doe · 10.07.2009, 23:56

Ja. Nachdem du das Log gepostest hast, weiter mit

1.) http://www.trojaner-board.de/51187-a...i-malware.html

2.) http://www.trojaner-board.de/51871-a...tispyware.html

Bin gespannt, was die alles finden werden, das Spybot und Adaware nicht gefunden haben.

ciao, andreas

shirocko · 11.07.2009, 01:48

ComboFix Log teil 1:

Code:

ATTFilter

ComboFix 09-07-08.07 - Admin 11.07.2009  1:38.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.2046.912 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\confixi.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\cfscript.TXT
AV: Kaspersky Security Suite CBE *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Security Suite CBE *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Security Suite CBE *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\tasks\Ad-Aware Update (Weekly).job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\tasks\Ad-Aware Update (Weekly).job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Service_Bonjour Service
-------\Service_catchme
-------\Service_gupdate1c9e39a101dcf54


(((((((((((((((((((((((   Dateien erstellt von 2009-06-11 bis 2009-07-11  ))))))))))))))))))))))))))))))
.

2009-07-10 23:49 . 2009-07-11 00:03	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2009-07-09 19:49 . 2009-07-09 19:50	--------	d-----w-	C:\rsit
2009-07-06 13:19 . 2009-07-06 13:19	--------	d-----w-	c:\program files\Trend Micro
2009-07-05 09:57 . 2009-02-12 09:41	973312	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
2009-07-04 10:35 . 2009-07-04 10:35	90112	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-07-04 10:35 . 2009-07-04 10:35	307200	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-07-04 10:35 . 2009-07-04 10:35	172032	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\users\Admin\AppData\Roaming\Vodafone
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\programdata\InstallShield
2009-07-04 10:25 . 2008-03-17 09:05	101632	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\programdata\Vodafone
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\program files\Vodafone
2009-07-03 15:21 . 2009-07-03 15:21	--------	d-----w-	c:\users\Admin\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}
2009-06-21 19:40 . 2006-12-20 12:23	114688	------w-	c:\windows\system32\pcleDVdc.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleDVcd.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleADV.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\ACnvrtX.dll
2009-06-21 19:40 . 2006-12-20 12:23	876544	------w-	c:\windows\system32\CSCnvrtX.dll
2009-06-14 10:00 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-06-14 10:00 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-11 11:53 . 2009-06-11 11:53	--------	d-----w-	c:\program files\Western Digital Corporation

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 00:01 . 2008-07-17 16:29	1532611616	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-10 23:58 . 2008-01-11 15:07	--------	d-----w-	c:\programdata\VMware
2009-07-10 23:57 . 2008-02-03 23:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-07-10 23:56 . 2008-07-17 16:29	20529668	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-10 23:27 . 2008-07-01 19:03	169936	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe
2009-07-10 22:43 . 2008-02-03 23:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-07-10 22:40 . 2007-12-26 20:09	--------	d-----w-	c:\program files\Bonjour
2009-07-10 22:36 . 2008-02-04 00:01	--------	d-----w-	c:\program files\Lavasoft
2009-07-10 22:36 . 2008-02-04 00:01	--------	d-----w-	c:\programdata\Lavasoft
2009-07-10 22:34 . 2007-12-25 01:38	--------	d-----w-	c:\programdata\Kaspersky Lab
2009-07-09 16:23 . 2006-11-02 15:48	737124	----a-w-	c:\windows\system32\perfh007.dat
2009-07-09 16:23 . 2006-11-02 15:48	166582	----a-w-	c:\windows\system32\perfc007.dat
2009-07-09 16:13 . 2008-01-11 15:11	--------	d-----w-	c:\users\Admin\AppData\Roaming\VMware
2009-07-05 21:54 . 2007-12-25 12:20	--------	d-----w-	c:\users\Admin\AppData\Roaming\Skype
2009-07-05 18:12 . 2008-09-30 15:27	56	---ha-w-	c:\programdata\ezsidmv.dat
2009-07-05 18:12 . 2007-12-25 12:21	--------	d-----w-	c:\users\Admin\AppData\Roaming\skypePM
2009-07-04 16:09 . 2007-12-26 22:08	--------	d-----w-	c:\users\Admin\AppData\Roaming\FileZilla
2009-07-04 10:24 . 2007-12-25 01:23	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-06-29 07:35 . 2007-12-26 22:00	--------	d-----w-	c:\program files\Google
2009-06-26 19:38 . 2009-06-06 18:44	--------	d-----w-	c:\program files\FileZilla Client
2009-06-25 06:13 . 2008-04-28 12:51	--------	d-----w-	c:\users\Admin\AppData\Roaming\Free Download Manager
2009-06-24 05:54 . 2007-12-25 13:38	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-06-18 15:50 . 2008-04-03 13:57	--------	d-----w-	c:\users\Admin\AppData\Roaming\Audacity
2009-06-14 15:58 . 2007-12-27 00:00	--------	d-----w-	c:\programdata\Microsoft Help
2009-06-06 15:23 . 2007-12-26 18:53	--------	d-----w-	c:\users\Admin\AppData\Roaming\Apple Computer
2009-06-06 12:38 . 2008-07-10 17:51	--------	d-----w-	c:\program files\iTunes
2009-06-06 12:37 . 2009-06-06 12:37	--------	d-----w-	c:\program files\iPod
2009-06-06 12:37 . 2007-12-26 18:49	--------	d-----w-	c:\program files\Common Files\Apple
2009-06-06 12:33 . 2008-01-11 12:19	--------	d-----w-	c:\program files\QuickTime Alternative
2009-06-06 12:20 . 2009-06-06 12:20	75048	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:11 . 2009-05-11 20:22	1	----a-w-	c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 14:28 . 2008-07-17 16:36	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-21 14:28 . 2008-07-17 16:36	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-19 16:31 . 2007-12-25 01:18	130424	----a-w-	c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-07 18:20	--------	d-----w-	c:\program files\Microsoft Works
2009-05-18 16:55 . 2009-05-18 16:54	--------	d-----w-	c:\users\Admin\AppData\Roaming\AllDup
2009-05-18 16:53 . 2009-05-18 16:53	--------	d-----w-	c:\program files\AllDup
2009-05-13 06:24 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 07:18	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 07:18	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-05-08 15:11 . 2009-05-08 16:51	44018	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-05-08 16:51	16896	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-06 12:23 . 2009-05-07 16:28	372736	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-23 12:43 . 2009-06-10 07:18	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 07:18	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 07:18	2033152	----a-w-	c:\windows\system32\win32k.sys
2007-12-26 19:50 . 2007-12-26 19:50	0	--sh--w-	c:\windows\S1589D1C6.tmp
2006-05-03 09:06 . 2008-07-08 12:39	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-08 12:39	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-08 12:39	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-10_20.26.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 23:59 . 2009-07-10 23:59	16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-10 20:24 . 2009-07-10 20:24	16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-10 20:24 . 2009-07-10 20:24	16384              c:\windows\Temp\History\History.IE5\index.dat
+ 2009-07-10 23:59 . 2009-07-10 23:59	16384              c:\windows\Temp\History\History.IE5\index.dat
- 2009-07-10 20:24 . 2009-07-10 20:24	16384              c:\windows\Temp\Cookies\index.dat
+ 2009-07-10 23:59 . 2009-07-10 23:59	16384              c:\windows\Temp\Cookies\index.dat
+ 2007-12-25 02:18 . 2009-07-10 22:26	73442              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-11 00:01	82036              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-25 01:19 . 2009-07-11 00:01	14168              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-952325796-3084994041-2608643616-1000_UserData.bin
- 2006-11-02 13:00 . 2009-07-10 20:01	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-07-10 22:45	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-07-10 22:45	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-10 20:01	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-10 20:01	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-10 22:45	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-10 23:57 . 2009-07-10 23:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-10 20:23 . 2009-07-10 20:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-10 23:57 . 2009-07-10 23:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-10 20:23 . 2009-07-10 20:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((((((((   System Restore   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\admin.dll
14.04.2008 07:52 20540 \RP7\A0005713.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\admin.exe
14.04.2008 07:52 16439 \RP7\A0005712.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\10\msft\windows\gdiplus\gdiplus.dll
14.04.2008 07:50 1724416 \RP7\A0005710.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\52\msft\windows\net\dxmrtp\dxmrtp.dll
14.04.2008 07:50 852992 \RP7\A0005705.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\52\msft\windows\net\rtcdll\rtcdll.dll
14.04.2008 07:50 994304 \RP7\A0005703.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\52\msft\windows\net\rtcres\rtcres.dll
14.04.2008 07:29 137216 \RP7\A0005701.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\atl.dll
14.04.2008 07:50 74802 \RP7\A0005698.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\mfc42.dll
14.04.2008 07:50 995383 \RP7\A0005697.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\mfc42u.dll
14.04.2008 07:50 1011774 \RP7\A0005696.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\msvcp60.dll
14.04.2008 07:50 401462 \RP7\A0005695.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\windows\common\controls\comctl32.dll
14.04.2008 07:50 1054208 \RP7\A0005693.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\70\msft\windows\mswincrt\msvcirt.dll
14.04.2008 07:50 57344 \RP7\A0005689.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\70\msft\windows\mswincrt\msvcrt.dll
14.04.2008 07:50 343040 \RP7\A0005688.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_filter.dll
13.04.2008 21:40 20480 \RP7\A0005685.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_isapi.dll
13.04.2008 21:40 200704 \RP7\A0005684.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_regiis.exe
13.04.2008 21:40 24576 \RP7\A0005681.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_state.exe
13.04.2008 21:40 32768 \RP7\A0005680.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_wp.exe
13.04.2008 21:40 32768 \RP7\A0005679.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\author.dll
14.04.2008 07:52 20540 \RP7\A0005678.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\author.exe
14.04.2008 07:52 16439 \RP7\A0005677.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\autochk.exe
14.04.2008 07:52 626176 \RP7\A0005676.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\autofmt.exe
14.04.2008 07:52 617984 \RP7\A0005675.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\cabinet.dll
14.04.2008 07:52 60416 \RP7\A0005674.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\caspol.exe
27.06.2007 18:23 94208 \RP7\A0005673.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\cfgwiz.exe
14.04.2008 07:52 188480 \RP7\A0005672.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\corperfmonext.dll
13.04.2008 21:40 69632 \RP7\A0005670.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\csc.exe
13.04.2008 21:40 49152 \RP7\A0005668.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\cscomp.dll
27.06.2007 18:23 589824 \RP7\A0005667.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\dbghelp.dll
14.04.2008 07:52 640000 \RP7\A0005666.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\drw\dwwin.exe
14.04.2008 07:52 180224 \RP7\A0005664.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ediskeer.dll
14.04.2008 07:52 175616 \RP7\A0005663.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\eventlogmessages.dll
27.06.2007 18:24 798720 \RP7\A0005661.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\exts.dll
14.04.2008 07:52 125952 \RP7\A0005660.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\faxpatch.exe
14.04.2008 07:52 20992 \RP7\A0005659.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4amsft.dll
14.04.2008 07:52 184435 \RP7\A0005658.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4anscp.dll
14.04.2008 07:52 82035 \RP7\A0005657.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4apws.dll
14.04.2008 07:52 147513 \RP7\A0005656.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4areg.dll
14.04.2008 07:52 49210 \RP7\A0005655.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4atxt.dll
14.04.2008 07:52 102509 \RP7\A0005654.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4autl.dll
14.04.2008 07:52 618605 \RP7\A0005653.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4avnb.dll
14.04.2008 07:52 41020 \RP7\A0005652.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4avss.dll
14.04.2008 07:52 32826 \RP7\A0005651.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4awebs.dll
14.04.2008 07:52 49212 \RP7\A0005650.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4awel.dll
14.04.2008 07:52 876653 \RP7\A0005649.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp98sadm.exe
14.04.2008 07:52 15120 \RP7\A0005648.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp98swin.exe
14.04.2008 07:52 109840 \RP7\A0005647.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpadmcgi.exe
14.04.2008 07:52 24632 \RP7\A0005646.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpadmdll.dll
14.04.2008 07:52 20541 \RP7\A0005645.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpcount.exe
14.04.2008 07:52 188494 \RP7\A0005644.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpencode.dll
14.04.2008 07:52 94208 \RP7\A0005643.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpexedll.dll
14.04.2008 07:52 20541 \RP7\A0005642.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpmmc.dll
14.04.2008 07:52 598071 \RP7\A0005641.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpmmcsat.dll
28.03.2007 18:30 217088 \RP7\A0005640.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpremadm.exe
14.04.2008 07:52 20538 \RP7\A0005639.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpsrvadm.exe
14.04.2008 07:52 28728 \RP7\A0005638.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fusion.dll
27.06.2007 18:24 233472 \RP7\A0005637.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ic\pidgen.dll
14.04.2008 00:05 24064 \RP7\A0005623.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ieexec.exe
17.12.2007 17:28 8192 \RP7\A0005617.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ieexecremote.dll
27.06.2007 18:24 7168 \RP7\A0005616.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\iehost.dll
27.06.2007 18:24 32768 \RP7\A0005615.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ilasm.exe
13.04.2008 21:40 184320 \RP7\A0005614.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\imagehlp.dll
14.04.2008 07:52 144384 \RP7\A0005613.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\installutil.exe
27.06.2007 18:24 24576 \RP7\A0005605.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ip\pidgen.dll
14.04.2008 07:51 24064 \RP7\A0005591.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ipevlpid.dll
14.04.2008 07:50 24064 \RP7\A0005585.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ipselpid.dll
14.04.2008 07:50 24064 \RP7\A0005584.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\isenpid.dll
14.04.2008 07:51 24064 \RP7\A0005583.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ispid.dll
14.04.2008 07:51 24064 \RP7\A0005582.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\jsc.exe
27.06.2007 18:24 40960 \RP7\A0005578.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\kbdnec.dll
14.04.2008 07:50 7168 \RP7\A0005577.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\knperpid.dll
14.04.2008 07:50 24064 \RP7\A0005576.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\knpropid.dll
14.04.2008 07:50 24576 \RP7\A0005575.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\kperpid.dll
14.04.2008 07:50 24064 \RP7\A0005574.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\kpropid.dll
14.04.2008 07:50 24576 \RP7\A0005573.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ksecdd.sys
14.04.2008 00:01 92288 \RP7\A0005572.sys

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\licdll.dll
14.04.2008 07:52 425472 \RP7\A0005571.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\medctrro.cmd
26.06.2007 11:41 112 \RP7\A0005569.cmd

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\microsoft.jscript.dll
27.06.2007 18:24 712704 \RP7\A0005568.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\microsoft.visualbasic.dll
27.06.2007 18:24 286720 \RP7\A0005567.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorcfg.dll
27.06.2007 18:24 1564672 \RP7\A0005566.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscordbc.dll
13.04.2008 21:40 69632 \RP7\A0005564.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscordbi.dll
13.04.2008 21:40 221184 \RP7\A0005563.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscoree.dll
27.06.2007 18:25 131072 \RP7\A0005562.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorie.dll
13.04.2008 21:40 73728 \RP7\A0005561.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorjit.dll
27.06.2007 18:25 303104 \RP7\A0005560.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorld.dll
13.04.2008 21:40 86016 \RP7\A0005559.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorlib.dll
17.12.2007 17:28 1998848 \RP7\A0005558.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorpe.dll
13.04.2008 21:40 94208 \RP7\A0005556.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.chs.dll
13.04.2008 21:40 143360 \RP7\A0005555.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.cht.dll
13.04.2008 21:40 143360 \RP7\A0005554.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.dll
13.04.2008 21:40 143360 \RP7\A0005553.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.es.dll
13.04.2008 21:40 172032 \RP7\A0005552.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.fr.dll
13.04.2008 21:40 172032 \RP7\A0005551.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.ger.dll
13.04.2008 21:40 167936 \RP7\A0005550.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.it.dll
13.04.2008 21:40 167936 \RP7\A0005549.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.ja.dll
13.04.2008 21:40 143360 \RP7\A0005548.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.kor.dll
13.04.2008 21:40 143360 \RP7\A0005547.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorsec.dll
13.04.2008 21:40 46592 \RP7\A0005546.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorsn.dll
13.04.2008 21:40 69632 \RP7\A0005545.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorsvr.dll
17.12.2007 17:28 2273280 \RP7\A0005544.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscortim.dll
13.04.2008 21:41 8704 \RP7\A0005543.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorwks.dll
17.12.2007 17:29 2281472 \RP7\A0005542.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msdaipp.dll
14.04.2008 07:52 532480 \RP7\A0005541.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msgsc.dll
14.04.2008 07:52 82944 \RP7\A0005540.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msgslang.dll
13.04.2008 23:00 180224 \RP7\A0005539.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msmsgs.exe
14.04.2008 07:52 1695232 \RP7\A0005538.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mso.dll
03.04.2007 00:18 9796288 \RP7\A0005537.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\netfxupdate.exe
17.12.2007 17:29 82976 \RP7\A0005536.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\netsetup.exe
14.04.2008 07:55 333312 \RP7\A0005535.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ngen.exe
13.04.2008 21:41 147456 \RP7\A0005534.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ntdetect.com
13.04.2008 22:13 47564 \RP7\A0005533.com

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ntdll.dll
14.04.2008 07:51 731648 \RP7\A0005532.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ntfs.sys
14.04.2008 00:45 574976 \RP7\A0005531.sys

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\oschoice.exe
14.04.2008 00:02 166912 \RP7\A0005529.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\perfcounter.dll
13.04.2008 21:41 20480 \RP7\A0005528.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regasm.exe
27.06.2007 18:27 28672 \RP7\A0005527.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regcode.dll
27.06.2007 18:27 32768 \RP7\A0005526.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regedit.exe
14.04.2008 07:53 153600 \RP7\A0005525.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regsvcs.exe
27.06.2007 18:27 11264 \RP7\A0005524.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\root\cmpnents\mediactr\i386\mcpreins.exe
14.04.2008 07:52 21504 \RP7\A0005523.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\root\ic\setup.exe
14.04.2008 07:20 2584576 \RP7\A0005522.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\root\ip\setup.exe
14.04.2008 07:52 2584576 \RP7\A0005521.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\setregni.exe
17.12.2007 17:29 66592 \RP7\A0005520.exe

shirocko · 11.07.2009, 01:49

teil 2:

Code:

ATTFilter

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\shtml.dll
14.04.2008 07:52 20536 \RP7\A0005519.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\shtml.exe
14.04.2008 07:53 16437 \RP7\A0005518.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spcmdcon.sys
14.04.2008 07:27 241408 \RP7\A0005516.sys

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spcompat.dll
14.04.2008 07:52 438272 \RP7\A0005515.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spdwnwxp.exe
14.04.2008 07:53 7680 \RP7\A0005513.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spmsg.dll
10.08.2007 20:44 18808 \RP7\A0005512.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spnpinst.exe
14.04.2008 07:53 11264 \RP7\A0005511.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\sprecovr.exe
10.08.2007 20:44 33656 \RP7\A0005510.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spuninst.exe
10.08.2007 20:44 234872 \RP7\A0005509.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spupdsvc.exe
10.08.2007 20:44 26488 \RP7\A0005508.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spupdwxp.exe
14.04.2008 07:53 20992 \RP7\A0005507.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\stub_fpsrvadm.exe
14.04.2008 07:53 16449 \RP7\A0005506.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\stub_fpsrvwin.exe
14.04.2008 07:53 65601 \RP7\A0005505.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\sy52106.dll
17.12.2007 17:29 1179648 \RP7\A0005504.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.configuration.install.dll
27.06.2007 18:27 77824 \RP7\A0005502.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.data.dll
27.06.2007 18:28 1179648 \RP7\A0005501.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.design.dll
27.06.2007 18:28 1695744 \RP7\A0005500.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.directoryservices.dll
27.06.2007 18:28 86016 \RP7\A0005499.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.drawing.design.dll
27.06.2007 18:28 65536 \RP7\A0005498.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.drawing.dll
27.06.2007 18:28 462848 \RP7\A0005497.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.enterpriseservices.dll
27.06.2007 18:28 212992 \RP7\A0005496.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.enterpriseservices.thunk.dll
13.04.2008 21:41 48640 \RP7\A0005495.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.management.dll
27.06.2007 18:28 352256 \RP7\A0005494.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.messaging.dll
27.06.2007 18:28 241664 \RP7\A0005493.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.runtime.remoting.dll
27.06.2007 18:28 311296 \RP7\A0005492.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.runtime.serialization.formatters.soap.dll
27.06.2007 18:29 131072 \RP7\A0005491.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.security.dll
27.06.2007 18:29 77824 \RP7\A0005490.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.serviceprocess.dll
27.06.2007 18:29 126976 \RP7\A0005489.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.web.dll
17.12.2007 17:30 1200128 \RP7\A0005488.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.web.regularexpressions.dll
27.06.2007 18:29 61440 \RP7\A0005487.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.web.services.dll
27.06.2007 18:29 507904 \RP7\A0005486.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.windows.forms.dll
27.06.2007 18:29 2002944 \RP7\A0005485.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.xml.dll
27.06.2007 18:29 1302528 \RP7\A0005483.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system32\ntdll.dll
14.04.2008 07:51 731648 \RP7\A0005482.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system32\smss.exe
14.04.2008 07:53 508928 \RP7\A0005481.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\tcptest.exe
14.04.2008 07:53 32827 \RP7\A0005480.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\tcptsat.dll
28.03.2007 18:30 16384 \RP7\A0005479.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\telnet.exe
14.04.2008 07:53 78336 \RP7\A0005478.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\togac.exe
17.12.2007 17:30 66592 \RP7\A0005477.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\tscupdc.dll
14.04.2008 07:51 25600 \RP7\A0005476.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\fixccs.exe
14.04.2008 07:52 8192 \RP7\A0005418.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\nv4prep.exe
14.04.2008 07:52 6656 \RP7\A0005417.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\setupapi.dll
14.04.2008 07:52 989696 \RP7\A0005416.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\spcompat.dll
14.04.2008 07:52 438272 \RP7\A0005414.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\spcustom.dll
10.08.2007 20:44 26488 \RP7\A0005413.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\spnpinst.exe
14.04.2008 07:53 11264 \RP7\A0005412.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\update.exe
10.08.2007 20:44 765304 \RP7\A0005411.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\updspapi.dll
10.08.2007 20:45 388984 \RP7\A0006185.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc.exe
27.06.2007 18:30 716800 \RP7\A0005475.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.chs.dll
13.04.2008 21:41 126976 \RP7\A0005474.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.cht.dll
13.04.2008 21:41 126976 \RP7\A0005473.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.dll
13.04.2008 21:41 126976 \RP7\A0005472.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.es.dll
13.04.2008 21:41 147456 \RP7\A0005471.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.fr.dll
13.04.2008 21:41 151552 \RP7\A0005470.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.ger.dll
13.04.2008 21:41 151552 \RP7\A0005469.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.it.dll
13.04.2008 21:41 147456 \RP7\A0005468.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.ja.dll
13.04.2008 21:41 126976 \RP7\A0005467.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.kor.dll
13.04.2008 21:41 126976 \RP7\A0005466.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vsavb7rt.dll
13.04.2008 21:41 999424 \RP7\A0005465.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\acrobat\migrate.dll
29.12.2006 18:02 65536 \RP7\A0005464.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\cmmgr\migrate.dll
14.04.2008 07:22 32256 \RP7\A0005463.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\devupgrd\migrate.dll
14.04.2008 07:22 57344 \RP7\A0005462.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\dmicall\migrate.dll
13.04.2008 22:15 32768 \RP7\A0005461.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\eastman\migrate.dll
29.12.2006 18:03 69632 \RP7\A0005460.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\fax\migrate.dll
14.04.2008 00:20 27648 \RP7\A0005459.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\hptools\migrate.dll
29.12.2006 18:03 83456 \RP7\A0005458.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\ibmav\migrate.dll
29.12.2006 18:03 40960 \RP7\A0005457.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\icm\migrate.dll
14.04.2008 07:22 10752 \RP7\A0005456.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\iemig\migrate.dll
14.04.2008 00:02 29184 \RP7\A0005455.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\mapi\dll\migrate.dll
29.12.2006 18:13 108544 \RP7\A0005454.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\modems\migrate.dll
14.04.2008 07:22 44032 \RP7\A0005453.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\msgqueue\migrate.dll
14.04.2008 07:22 13824 \RP7\A0005452.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\msp\migrate.dll
14.04.2008 07:22 64000 \RP7\A0005451.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\neckbd\migrate.dll
29.12.2006 18:36 36352 \RP7\A0005450.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\necpa\migrate.dll
29.12.2006 18:36 176128 \RP7\A0005449.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\necwps\migrate.dll
29.12.2006 18:36 147456 \RP7\A0005448.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\octopus\migrate.dll
29.12.2006 18:36 86016 \RP7\A0005447.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\oewab\migrate.dll
14.04.2008 00:01 41472 \RP7\A0005446.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\print\migrate.dll
14.04.2008 07:22 33792 \RP7\A0005445.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\pws\migrate.dll
14.04.2008 07:22 38912 \RP7\A0005444.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\rumba\migrate.dll
29.12.2006 18:36 184320 \RP7\A0005443.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\setup\migrate.dll
14.04.2008 07:22 69632 \RP7\A0005442.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\transact\migrate.dll
14.04.2008 07:22 76800 \RP7\A0005441.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\wia\migrate.dll
14.04.2008 07:22 15872 \RP7\A0005440.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\wmp\migrate.dll
13.04.2008 22:53 40960 \RP7\A0005439.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\cabinet.dll
29.12.2006 22:48 55056 \RP7\A0005438.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\imagehlp.dll
29.12.2006 22:48 99376 \RP7\A0005437.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\msvcrt.dll
29.12.2006 22:48 267536 \RP7\A0005436.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\setupapi.dll
14.04.2008 07:23 892928 \RP7\A0005435.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\w95upg.dll
14.04.2008 07:23 884736 \RP7\A0005434.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt.exe
13.04.2008 22:15 87655 \RP7\A0005433.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt32.exe
14.04.2008 07:22 48640 \RP7\A0005432.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt32a.dll
14.04.2008 07:51 1183744 \RP7\A0005431.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt32u.dll
14.04.2008 07:51 1315328 \RP7\A0005430.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntbba.dll
14.04.2008 07:51 760320 \RP7\A0005429.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntbbu.dll
14.04.2008 07:51 762368 \RP7\A0005428.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntupg\netupgrd.dll
14.04.2008 07:51 121856 \RP7\A0005426.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntupg\nv4prep.dll
14.04.2008 07:51 6144 \RP7\A0005425.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntupg\setupapi.dll
14.04.2008 07:51 326416 \RP7\A0005424.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\wsdueng.dll
14.04.2008 07:51 77824 \RP7\A0005423.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\xpsp1res.dll
13.04.2008 23:09 187392 \RP7\A0005422.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\xpsp2res.dll
13.04.2008 23:09 2897920 \RP7\A0005421.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk
backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server
"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server
"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server
"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

shirocko · 11.07.2009, 01:50

und der rest:

Code:

ATTFilter

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]
R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]
R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]
R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator  3\SynoDrService.exe [06.08.2007 20:36 557056]
R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]
S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 02:01
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(10520)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\T-Online\DSL-Manager\Deskband.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer3\TeamViewer_Service.exe
c:\program files\TeamViewer\Version4\TeamViewer_Service.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\VSSVC.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\windows\System32\vmnetdhcp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
c:\program files\VMware\VMware Server\vmserverdWin32.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\conime.exe
c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-11  2:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-07-11 00:20
ComboFix2.txt  2009-07-10 20:47
ComboFix3.txt  2009-07-09 19:37

Vor Suchlauf: 7.788.761.088 Bytes frei
Nach Suchlauf: 7.624.138.752 Bytes frei

876	--- E O F ---	2009-06-30 06:02

die beiden anderen anleitungen folgen später

shirocko · 11.07.2009, 14:37

log Malwarebytes anti malware:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2405
Windows 6.0.6001 Service Pack 1

11.07.2009 15:36:24
mbam-log-2009-07-11 (15-36-24).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 684942
Laufzeit: 4 hour(s), 3 minute(s), 51 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

john.doe · 11.07.2009, 14:45

Deinstalliere ComboFix bevor du mit SUPERAntiSpyware weitermachst.

Start => Ausführen => combofix /u => OK

ciao, andreas

shirocko · 11.07.2009, 14:46

ahhh jung sag das früher *zum pc renn und abbrech*

okay bekommst nach dem scan die letzte log

john.doe · 11.07.2009, 14:53

Kannst du auch parallel machen.

ciao, andreas

shirocko · 11.07.2009, 20:39

letzte log von superantispyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2009 at 09:25 PM

Application Version : 4.26.1006

Core Rules Database Version : 3986
Trace Rules Database Version: 1926

Scan type       : Complete Scan
Total Scan Time : 05:27:22

Memory items scanned      : 856
Memory threats detected   : 0
Registry items scanned    : 12326
Registry threats detected : 0
File items scanned        : 612654
File threats detected     : 4

Adware.Vundo/Variant-MSFake
	C:\WINDOWS\SYSTEM32\MFCANS32.DLL
	C:\WINDOWS\SYSTEM32\MFCO30.DLL
	C:\WINDOWS\SYSTEM32\MFCUIA32.DLL
	C:\WINDOWS\SYSTEM32\MSVCIRTD.DLL

john.doe · 11.07.2009, 20:50

Haben die beiden also doch noch etwas gefunden.

SuperAntiSpyware kannst du deinstallieren, falls du ihn behalten möchtest, dann deaktiviere den Wächter (die ersten drei Haken bei den Einstellungen).

Drei noch, dann hast du es geschafft.

1.) http://www.trojaner-board.de/61465-a...ty-2009-a.html

2.) Panda Active Scan

Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

3.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte.

ciao, andreas

shirocko · 11.07.2009, 20:56

kasoersky hab ic ja schon ne version drauf
is zwar etwas älter also kis7 aber sollte doch auch tun oder?

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

Log-Analyse und Auswertung: PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung