| |
| |||||||
Log-Analyse und Auswertung: PC wahrscheinlich infiziert, bitte um Hilfe und PrüfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2009, 15:27
| #1 |
 |  PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung Hi Leute, seit ein paar tagen verhält sich mein PC eigenartig und auch Kaspersky hat mitterweile einen/mehrere Trojaner bzw. Backdoor Programme gefunden Allerdings werde ich sie durch einfache löschen leider nicht los. Ich hoffe mal ihr könnt mir helfen. Gleich vorweg: eines dieser Programme heißt laut Kaspersky "SKYNETvbfuhivd.dll" im Verzeichnis "globalroot\systemroot\system32\SKYNETvbfuhivd.dll Ich habe mal nen HijackThis Scan gemacht. Hier mal die log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:46, on 07.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 78.46.78.140 forum.bplaced.net O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208959603510 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208959493218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208959527273 O17 - HKLM\System\CCS\Services\Tcpip\..\{F7014EA2-7460-4F23-B215-F1B48A36952F}: NameServer = 139.7.30.125 139.7.30.126 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: gupdate1c9e39a101dcf54 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 16822 bytes ciao shirocko |
|
07.07.2009, 21:00
| #2 | |
  | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung Hallo und
__________________ Dieben wir doch bei den Kollegen vom HJT-Forum: Zitat:
1.) Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. 2.) Systemdetails mit RSIT prüfen
ciao, andreas
__________________ |
|
09.07.2009, 13:50
| #3 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung sry aber der combofix download geht nicht
__________________ |
|
09.07.2009, 16:03
| #4 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung Versuche den hier => Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
09.07.2009, 21:16
| #5 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung okay hat soweit geklappt hier die logs, hoffe ihr könnt mir helfen: ComboFix Log: Code:
ATTFilter ComboFix 09-07-08.07 - Admin 09.07.2009 20:42.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1031.18.2046.965 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofixilein.exe
AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Security Suite CBE *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((( Dateien erstellt von 2009-06-09 bis 2009-07-09 ))))))))))))))))))))))))))))))
.
2009-07-09 19:09 . 2009-07-09 19:20 -------- d-----w- c:\users\***\AppData\Local\temp
2009-07-06 13:19 . 2009-07-06 13:19 -------- d-----w- c:\program files\Trend Micro
2009-07-05 09:57 . 2009-02-12 09:41 973312 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
2009-07-04 10:35 . 2009-07-04 10:35 90112 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-07-04 10:35 . 2009-07-04 10:35 307200 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-07-04 10:35 . 2009-07-04 10:35 172032 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- c:\users\***\AppData\Roaming\Vodafone
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- c:\programdata\InstallShield
2009-07-04 10:25 . 2008-03-17 09:05 101632 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-07-04 10:24 . 2009-07-04 10:24 -------- d-----w- c:\programdata\Vodafone
2009-07-04 10:24 . 2009-07-04 10:24 -------- d-----w- c:\program files\Vodafone
2009-07-03 15:21 . 2009-07-03 15:21 -------- d-----w- c:\users\***\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}
2009-07-02 12:49 . 2009-07-02 12:49 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe
2009-07-02 12:49 . 2009-07-02 12:49 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-02 12:49 . 2009-07-02 12:49 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-02 12:49 . 2009-07-02 12:49 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-02 12:49 . 2009-07-02 12:49 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-02 12:49 . 2009-07-02 12:49 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-02 12:48 . 2009-07-02 12:48 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-02 12:48 . 2009-07-02 12:48 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-02 12:48 . 2009-07-02 12:48 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-02 12:48 . 2009-07-02 12:48 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-02 12:48 . 2009-07-02 12:48 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-02 12:48 . 2009-07-02 12:48 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-02 12:48 . 2009-07-02 12:48 2352968 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-02 12:48 . 2009-07-02 12:48 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-02 12:48 . 2009-07-02 12:48 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 19:40 . 2006-12-20 12:23 114688 ------w- c:\windows\system32\pcleDVdc.dll
2009-06-21 19:40 . 2006-12-20 12:23 90112 ------w- c:\windows\system32\pcleDVcd.dll
2009-06-21 19:40 . 2006-12-20 12:23 90112 ------w- c:\windows\system32\pcleADV.dll
2009-06-21 19:40 . 2006-12-20 12:23 90112 ------w- c:\windows\system32\ACnvrtX.dll
2009-06-21 19:40 . 2006-12-20 12:23 876544 ------w- c:\windows\system32\CSCnvrtX.dll
2009-06-14 10:00 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 10:00 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-11 11:53 . 2009-06-11 11:53 -------- d-----w- c:\program files\Western Digital Corporation
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 19:15 . 2008-07-17 16:29 1528540192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-09 19:13 . 2008-01-11 15:07 -------- d-----w- c:\programdata\VMware
2009-07-09 19:11 . 2008-07-17 16:29 20476004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-09 18:33 . 2008-02-03 23:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-09 16:23 . 2006-11-02 15:48 737124 ----a-w- c:\windows\system32\perfh007.dat
2009-07-09 16:23 . 2006-11-02 15:48 166582 ----a-w- c:\windows\system32\perfc007.dat
2009-07-09 16:19 . 2008-07-01 19:03 169936 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe
2009-07-09 16:16 . 2007-12-25 01:38 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-09 16:13 . 2008-01-11 15:11 -------- d-----w- c:\users\***\AppData\Roaming\VMware
2009-07-05 21:54 . 2007-12-25 12:20 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2009-07-05 18:12 . 2008-09-30 15:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-07-05 18:12 . 2007-12-25 12:21 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2009-07-04 16:09 . 2007-12-26 22:08 -------- d-----w- c:\users\***\AppData\Roaming\FileZilla
2009-07-04 10:24 . 2007-12-25 01:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 15:29 . 2008-02-03 23:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 07:35 . 2007-12-26 22:00 -------- d-----w- c:\program files\Google
2009-06-26 19:38 . 2009-06-06 18:44 -------- d-----w- c:\program files\FileZilla Client
2009-06-25 06:13 . 2008-04-28 12:51 -------- d-----w- c:\users\***\AppData\Roaming\Free Download Manager
2009-06-24 05:54 . 2007-12-25 13:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-18 15:50 . 2008-04-03 13:57 -------- d-----w- c:\users\***\AppData\Roaming\Audacity
2009-06-14 15:58 . 2007-12-27 00:00 -------- d-----w- c:\programdata\Microsoft Help
2009-06-06 15:23 . 2007-12-26 18:53 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2009-06-06 12:38 . 2008-07-10 17:51 -------- d-----w- c:\program files\iTunes
2009-06-06 12:37 . 2009-06-06 12:37 -------- d-----w- c:\program files\iPod
2009-06-06 12:37 . 2007-12-26 18:49 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 12:33 . 2008-01-11 12:19 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-06 12:20 . 2009-06-06 12:20 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:11 . 2009-05-11 20:22 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 11:57 . 2009-06-01 11:57 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-21 14:28 . 2008-07-17 16:36 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-21 14:28 . 2008-07-17 16:36 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 16:31 . 2007-12-25 01:18 130424 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-07 18:20 -------- d-----w- c:\program files\Microsoft Works
2009-05-18 16:55 . 2009-05-18 16:54 -------- d-----w- c:\users\***\AppData\Roaming\AllDup
2009-05-18 16:53 . 2009-05-18 16:53 -------- d-----w- c:\program files\AllDup
2009-05-17 14:37 . 2009-05-17 14:37 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-13 06:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 20:22 . 2009-05-11 20:22 -------- d-----w- c:\users\***\AppData\Roaming\OpenOffice.org
2009-05-11 20:16 . 2009-05-11 20:15 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-09 05:50 . 2009-06-10 07:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 07:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 15:11 . 2009-05-08 16:51 44018 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-05-08 16:51 16896 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-06 12:23 . 2009-05-07 16:28 372736 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-29 18:42 . 2009-05-08 16:51 110592 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-05-08 16:51 110592 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-23 12:43 . 2009-06-10 07:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 07:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 07:18 2033152 ----a-w- c:\windows\system32\win32k.sys
2007-12-26 19:50 . 2007-12-26 19:50 0 --sh--w- c:\windows\S1589D1C6.tmp
2006-05-03 09:06 . 2008-07-08 12:39 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-08 12:39 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-08 12:39 216064 --sh--r- c:\windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-09_17.28.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 19:09 . 2009-07-09 19:13 16384 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-09 17:22 . 2009-07-09 17:26 16384 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-09 17:22 . 2009-07-09 17:26 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-07-09 19:09 . 2009-07-09 19:13 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2009-07-09 17:22 . 2009-07-09 17:26 16384 c:\windows\Temp\Cookies\index.dat
+ 2009-07-09 19:09 . 2009-07-09 19:13 16384 c:\windows\Temp\Cookies\index.dat
+ 2007-12-25 02:18 . 2009-07-09 19:16 72842 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-09 19:17 82004 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-25 01:19 . 2009-07-09 19:17 13888 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-952325796-3084994041-2608643616-1000_UserData.bin
+ 2006-11-02 13:00 . 2009-07-09 18:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-09 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-09 16:14 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-09 18:26 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-09 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-09 18:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-09 17:24 . 2009-07-09 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 19:12 . 2009-07-09 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 19:12 . 2009-07-09 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-09 17:24 . 2009-07-09 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk
backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
|
|
09.07.2009, 21:18
| #6 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung Forsetzung ComboFixLog: Code:
ATTFilter [HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server
"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server
"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server
"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]
R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]
R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30.04.2008 01:15 1153368]
R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator 3\SynoDrService.exe [06.08.2007 20:36 557056]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [29.08.2008 08:29 185640]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10.12.2008 10:49 185640]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [14.06.2008 15:02 282709]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [14.06.2008 15:02 122971]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [09.05.2008 21:05 1650781]
R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]
R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [05.04.2008 13:23 294912]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]
S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54;c:\program files\Google\Update\GoogleUpdate.exe [02.06.2009 17:51 133104]
S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:48]
2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
2009-07-09 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 21:15
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\windows\TEMP\TMP0000004E5B28E17ADED62EA9 524288 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]
"gaakomjbdaejdn"=hex:63,61,64,67,6b,6d,00,77
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'Explorer.exe'(10844)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\T-Online\DSL-Manager\Deskband.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\VSSVC.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\vmnetdhcp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-09 21:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-09 19:35
ComboFix2.txt 2009-07-09 17:51
Vor Suchlauf: 9.511.886.848 Bytes frei
Nach Suchlauf: 9.351.917.568 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,44
465 --- E O F --- 2009-06-30 06:02
|
|
09.07.2009, 21:24
| #7 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung info.txt Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-07-09 21:50:35
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}
-->MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
-->MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis*True*Image*Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe Captivate 3-->MsiExec.exe /X{4B8B4A35-7347-47F9-8293-E47A14E75F0E}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Contribute CS3-->MsiExec.exe /I{FF3E2850-BD2E-4B56-A89D-21E588D518E0}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=m:\adobe creative suite 2.0/lang=0407
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen-->C:\Program Files\Common Files\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{C9D456FD-C25B-49DE-AA71-6B76D6550B23}
Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Advanced Port Scanner v1.3-->C:\Program Files\Advanced Port Scanner\uninstal.exe
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Album Art Downloader XUI 0.24-->C:\Program Files\AlbumArtDownloader\uninst.exe
Alcatech BPM Studio Professional v4.9.1-->C:\PROGRA~1\ALCATech\BPM-ST~1\UNWISE.EXE C:\PROGRA~1\ALCATech\BPM-ST~1\INSTALL.LOG
AllDup 2.0.10-->"C:\Program Files\AllDup\unins000.exe"
AllSync 2.7.60-->"C:\Program Files\AllSync\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apache HTTP Server 2.2.9-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell German Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A}
Bluesoleil 5.0.5.178-->MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bus Simulator 2008-->"C:\Program Files\Bus Simulator 2008\unins000.exe"
Camtasia Studio 5-->MsiExec.exe /I{9B7802FF-2E35-4361-8A82-D207C7E9F99B}
Canon iP4300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP4300\UNINST.EXE
Canon iP4300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0007
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDCheck-->"C:\Program Files\CDCheck\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
CodingFTP 2008-->"C:\Program Files\Coding FTP\unins000.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Crystal Reports Basic German Language Pack for Visual Studio 2008-->MsiExec.exe /X{3924C3E7-C440-4B23-9740-9A9EC0545F21}
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
DebugMode Wink-->"C:\Program Files\DebugMode\Wink\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSL-Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0-->"C:\Program Files\DVDFab 5\unins000.exe"
EasyBCD 1.7-->C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FastXplore-->MsiExec.exe /I{AB3AC948-4E8A-4D0F-82F8-5EDE2DB7BA78}
FastXplore-->MsiExec.exe /I{FFE2D245-B9C7-4A0C-9310-828D80D6F5D2}
FileZilla Client 3.2.5-->C:\Program Files\FileZilla Client\uninstall.exe
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Free FLV Converter V 5.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GlassFish V2 UR2-->"C:\Program Files\glassfish-v2ur2\uninstall.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
GTK+ Runtime 2.12.8 rev a (nur entfernen)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB952241)-->C:\Windows\system32\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {DC93B23E-0882-46A9-B45F-3B6F279EFB39} /qb+ REBOOTPROMPT=""
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IE7Pro-->C:\Program Files\IEPro\uninst.exe
Internet Explorer Developer Toolbar-->MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTSfv 5.60.24.1 BETA-->"C:\Program Files\iTSfv\unins000.exe"
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
KC Softwares SUMo-->"C:\Program Files\KC Softwares\SUMo\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Labtec Legacy USB Camera-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.1130\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech QuickCam-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
MagicDirector 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
Maple 11-->"C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"
MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA Edition\uninst.exe
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 SDK - DEU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft .NET Framework 2.0 SDK - DEU\install.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Device Emulator Version 3.0 - DEU-->MsiExec.exe /X{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}
Microsoft Document Explorer 2008 Language Pack - DEU-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - DEU\install.exe
Microsoft Document Explorer 2008 Language Pack - DEU-->MsiExec.exe /X{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}
Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
|
|
09.07.2009, 21:25
| #8 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung info.txt fortsetzung 1 Code:
ATTFilter Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0407-0000-0000000FF1CE} /uninstall {0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (German) 2007-->MsiExec.exe /X{90120000-0021-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools DEU-->MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}
Microsoft SQL Server Compact 3.5 DEU-->MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}
Microsoft SQL Server Compact 3.5 for Devices DEU-->MsiExec.exe /I{1C3ADB5F-750E-4453-AC98-B75C5323845C}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}
Microsoft Tool Web Package : EXTRACT.EXE-->MsiExec.exe /X{D52A721B-E44C-4AD7-AD4F-29D83144384B}
Microsoft Train Simulator-->"C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual Basic 2008 Express Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition - DEU-->MsiExec.exe /X{56403FFF-145E-35C5-A090-96598BE57FB8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - DEU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSDN Library for Visual Studio 2008 - DEU-->MsiExec.exe /X{D475588F-91C9-365E-AB40-D588111DD7C4}
MSDN Library für Visual Studio 2008 - DEU-->C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - DEU\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySQL Server 5.0-->MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
NcFTP 3.2.1-->C:\PROGRA~1\NcFTP\UNWISE.EXE C:\PROGRA~1\NcFTP\INSTALL.LOG
Nero 8 Ultra Edition HD-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}
Nero Mega Plugin Pack-->MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.1-->"C:\Program Files\NetBeans 6.1\uninstall.exe"
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Paint.NET v3.35-->MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x7
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhET-->C:\Program Files\PhET-1.0\uninstall.exe
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
phpDesigner 2008 version 6.0.1.2-->"C:\Program Files\phpDesigner 2008\unins000.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x7 UNINSTALL
Powerbullet Presenter-->"C:\Program Files\Powerbullet\unins000.exe"
PowerCinema Linux 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Prism 0.8-->"C:\Program Files\Prism\unins000.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RAD Studio-->"C:\ProgramData\{2EB4C530-C94F-4893-ABDC-C1E05A89956E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
RAD Studio-->C:\ProgramData\{2EB4C530-C94F-4893-ABDC-C1E05A89956E}\Setup.exe
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RouterControl 1.90-->C:\Windows\RCoUn0.exe /UnInst:"C:\Windows\RouterControl_Uninstall.in"
Screencast.com Desktop Uploader-->MsiExec.exe /I{3A34D76D-CF17-451E-A862-766F1918A0D7}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Setl2 for Windows-->MsiExec.exe /I{F464454C-B3AD-4C94-9065-ABBCBDE506F8}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson Themes Creator 3.32-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000004}
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0007 UNINSTALL -removeonly
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPER © Version 2008.bld.32 (July 8, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synology Assistant-->MsiExec.exe /I{C59ADB1C-0403-4A11-8930-9F81ABC71908}
Synology Data Replicator 3-->MsiExec.exe /I{8E310838-457C-4269-B177-3EFB300CBDDC}
Synology Download Redirector-->MsiExec.exe /I{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}
Systemsteuerung "MobileMe"-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
TeamViewer 4 Host-->C:\Program Files\TeamViewer\Version4\uninstall.exe
T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
Tools für Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}
Total Commander (Remove or Repair)-->C:\Program Files\Total Commander\tcuninst.exe
TrainSimPro "Streckenpack" 1.0-->"C:\Program Files\Microsoft Games\Train Simulator\SETUP.1\setup.exe" /u
TrekStor NDAS-Software 3.20.1523-->MsiExec.exe /I{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}
Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic
TV Enhance-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4C891D6-6844-41B8-86E8-633CACCC644F}\setup.exe" -uninstall
Ulead GIF Animator Lite Edition 1.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\Ulead GIF Animator Lite Edition\GALE.isu"
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
UpdateStar-->MsiExec.exe /X{6DEF9FB2-6BDD-4CE8-A93F-FA56DABEF8AC}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VIA Plattform-Geräte-Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
video2brain Training-->C:\Program Files\video2brain Training\uninst.exe
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
VistaGlazz-->MsiExec.exe /X{CCBCD550-D91D-443D-9CF0-0CD02D2FDB95}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU\install.exe
VMware Server-->MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
|
|
09.07.2009, 21:26
| #9 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung info.txt ende Code:
ATTFilter Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{DA7F48EF-5F56-45FE-9169-3B8159A7A323}
Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows-Soundschemas-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinHTTrack Website Copier 3.43-4-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XMedia Recode 2.0.5.3-->C:\Program Files\XMedia Recode\uninst.exe
XnView 1.93.6-->"C:\Program Files\XnView\unins000.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\Windows\system32\xvid-uninstall.exe"
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Zattoo 3.3.2 Beta-->C:\Program Files\Zattoo\uninst.exe
======Security center information======
AV: Kaspersky Security Suite CBE (disabled)
FW: Kaspersky Security Suite CBE
AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows-Defender
AS: Kaspersky Security Suite CBE (disabled)
======System event log======
Computer Name: Vista
Event Code: 7036
Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".
Record Number: 281994
Source Name: Service Control Manager
Time Written: 20090709195012.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 7036
Message: Dienst "KtmRm für Distributed Transaction Coordinator" befindet sich jetzt im Status "Ausgeführt".
Record Number: 281995
Source Name: Service Control Manager
Time Written: 20090709195019.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 7036
Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet".
Record Number: 281996
Source Name: Service Control Manager
Time Written: 20090709195019.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 281997
Source Name: Microsoft-Windows-TBS
Time Written: 20090709195019.224626-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST
Computer Name: Vista
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 281998
Source Name: Service Control Manager
Time Written: 20090709195025.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: Vista
Event Code: 0
Message:
Record Number: 63079
Source Name: hpqcxs08
Time Written: 20090709194804.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 0
Message:
Record Number: 63080
Source Name: BsHelpCS
Time Written: 20090709194804.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 0
Message:
Record Number: 63081
Source Name: TDslMgrService
Time Written: 20090709194806.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 1
Message: Windows Mobile-based device connectivity service started.
Record Number: 63082
Source Name: RapiMgr
Time Written: 20090709194806.000000-000
Event Type: Informationen
User:
Computer Name: Vista
Event Code: 1
Message: Windows Mobile-2003-based device connectivity service started.
Record Number: 63083
Source Name: WcesComm
Time Written: 20090709194811.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Vista
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 84501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195022.615251-000
Event Type: Überwachung gescheitert
User:
Computer Name: Vista
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 84502
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195022.709001-000
Event Type: Überwachung gescheitert
User:
Computer Name: Vista
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: VISTA$
Kontodomäne: MSHEIMNETZ
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x458
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 84503
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195259.755876-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Vista
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: VISTA$
Kontodomäne: MSHEIMNETZ
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x458
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 84504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195259.755876-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Vista
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 84505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195259.755876-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"BDSCOMMONDIR"=C:\Users\Public\Documents\RAD Studio\5.0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip;C:\Program Files\Java\jre6\lib;
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Program Files\CodeGear\RAD Studio\5.0\bin;C:\Users\Public\Documents\RAD Studio\5.0\Bpl;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2;C:\PROGRA~1\NcFTP;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Java\jdk1.6.0_07\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Tcl\bin;C:\Users\Admin\AppData\Local\Start++\LNKs;C:\Users\Admin\AppData\Local\Start++\CMDs;C:\mysql\bin;C:\Users\Public\Documents\RAD Studio\5.0;C:\Program Files\QuickTime Alternative\QTSystem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"VS90COMNTOOLS"=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"WATCOM"=C:\watcom-1.3
"windir"=%SystemRoot%
-----------------EOF-----------------
|
|
09.07.2009, 21:27
| #10 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung log.txt Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Admin at 2009-07-09 21:49:10 Microsoft® Windows Vista™ Ultimate Service Pack 1 System drive C: has 9 GB (6%) free of 154 GB Total RAM: 2046 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:24, on 09.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Admin\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208959603510 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208959493218 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208959527273 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: gupdate1c9e39a101dcf54 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 15008 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}] IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-02-04 752744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-09 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}] IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-09 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] {0BF43445-2F28-4351-9252-17FE6E806AA0} |
|
09.07.2009, 21:28
| #11 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung log.txt teil 2 Code:
ATTFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-08-31 2622232]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-08-31 907040]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-08-31 140568]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-02 520024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2007-09-10 258134]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Windows\system32\DUMeter.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2007-12-25 937984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]
C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe [2007-02-13 94212]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-11-06 8530464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-11-06 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
mmrtkrnl.exe /i []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-11-14 4706304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-10-11 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
C:\Program Files\Brandon Paddock\Start++\Start++.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-09 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-08-31 2622232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
C:\Program Files\Home Cinema\TV Enhance\TVEService.exe [2006-10-19 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-11-16 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\apache\bin\APACHE~1.EXE [2008-06-13 41041]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-02-27 2641920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
C:\PROGRA~1\NDAS\System\ndasmgmt.exe [2007-07-03 223744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
C:\PROGRA~1\T-Online\DSL-MA~1\DslMgr.exe [2007-11-26 1085440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\apache\bin\APACHE~1.EXE [2008-06-13 41041]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2008-10-25 98696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-02-08 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-12-25 233888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2009-07-09 21:49:10 ----D---- C:\rsit
2009-07-09 21:37:23 ----A---- C:\ComboFix.txt
2009-07-09 21:15:31 ----SHD---- C:\$RECYCLE.BIN
2009-07-09 18:44:01 ----A---- C:\Windows\zip.exe
2009-07-09 18:44:01 ----A---- C:\Windows\SWXCACLS.exe
2009-07-09 18:44:01 ----A---- C:\Windows\SWSC.exe
2009-07-09 18:44:01 ----A---- C:\Windows\SWREG.exe
2009-07-09 18:44:01 ----A---- C:\Windows\sed.exe
2009-07-09 18:44:01 ----A---- C:\Windows\PEV.exe
2009-07-09 18:44:01 ----A---- C:\Windows\NIRCMD.exe
2009-07-09 18:44:01 ----A---- C:\Windows\grep.exe
2009-07-09 18:43:02 ----D---- C:\Qoobox
2009-07-06 15:19:47 ----D---- C:\Program Files\Trend Micro
2009-07-04 12:27:20 ----D---- C:\Users\Admin\AppData\Roaming\Vodafone
2009-07-04 12:27:15 ----D---- C:\ProgramData\InstallShield
2009-07-04 12:24:32 ----ASH---- C:\Users\Admin\AppData\Roaming\desktop.ini
2009-07-04 12:24:12 ----D---- C:\ProgramData\Vodafone
2009-07-04 12:24:02 ----D---- C:\Program Files\Vodafone
2009-07-02 15:48:05 ----A---- C:\Windows\wininit.ini
2009-06-21 21:40:40 ----N---- C:\Windows\system32\pcleDVdc.dll
2009-06-21 21:40:39 ----N---- C:\Windows\system32\pcleDVcd.dll
2009-06-21 21:40:39 ----N---- C:\Windows\system32\pcleADV.dll
2009-06-21 21:40:37 ----N---- C:\Windows\system32\CSCnvrtX.dll
2009-06-21 21:40:37 ----N---- C:\Windows\system32\ACnvrtX.dll
2009-06-14 17:56:40 ----D---- C:\Windows\system32\WindowsPowerShell
2009-06-14 12:00:04 ----A---- C:\Windows\system32\EncDec.dll
2009-06-14 12:00:03 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-11 13:53:42 ----D---- C:\Program Files\Western Digital Corporation
2009-06-10 09:18:17 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 09:18:16 ----A---- C:\Windows\system32\ieframe.dll
2009-06-10 09:18:15 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 09:18:15 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 09:18:15 ----A---- C:\Windows\system32\iertutil.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\ieui.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\iesetup.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-10 09:18:10 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 09:18:03 ----A---- C:\Windows\system32\rpcrt4.dll
======List of files/folders modified in the last 1 months======
2009-07-09 21:49:15 ----D---- C:\Windows\Temp
2009-07-09 21:47:26 ----D---- C:\Windows\system32\catroot2
2009-07-09 21:46:54 ----D---- C:\ProgramData\VMware
2009-07-09 21:46:52 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2009-07-09 21:46:45 ----A---- C:\Windows\system32\bscs.ini
2009-07-09 21:37:39 ----D---- C:\Windows\system32\de-DE
2009-07-09 21:37:39 ----D---- C:\Windows\System32
2009-07-09 21:37:38 ----D---- C:\Windows\system32\drivers
2009-07-09 21:17:48 ----D---- C:\Windows
2009-07-09 21:17:48 ----A---- C:\Windows\system.ini
2009-07-09 21:02:22 ----D---- C:\Windows\AppPatch
2009-07-09 21:02:19 ----D---- C:\Program Files\Common Files
2009-07-09 20:33:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-09 20:32:51 ----D---- C:\Windows\Debug
2009-07-09 20:32:47 ----D---- C:\Windows\Minidump
2009-07-09 19:22:26 ----D---- C:\Windows\ERDNT
2009-07-09 19:21:19 ----SHD---- C:\Windows\Installer
2009-07-09 18:59:19 ----D---- C:\Windows\Prefetch
2009-07-09 18:45:01 ----SHD---- C:\System Volume Information
2009-07-09 18:23:14 ----D---- C:\Windows\inf
2009-07-09 18:23:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-09 18:16:41 ----D---- C:\ProgramData\Kaspersky Lab
2009-07-09 18:13:08 ----D---- C:\Users\Admin\AppData\Roaming\VMware
2009-07-06 15:19:47 ----D---- C:\Program Files
2009-07-05 23:54:11 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2009-07-05 20:12:20 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2009-07-04 18:09:38 ----D---- C:\Users\Admin\AppData\Roaming\FileZilla
2009-07-04 12:29:52 ----D---- C:\Windows\ModemLogs
2009-07-04 12:27:15 ----HD---- C:\Config.Msi
2009-07-04 12:27:15 ----D---- C:\ProgramData
2009-07-04 12:26:28 ----D---- C:\Windows\system32\catroot
2009-07-04 12:24:07 ----SD---- C:\Windows\Downloaded Program Files
2009-07-04 12:24:02 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-02 17:29:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-02 08:12:51 ----D---- C:\Program Files\Mozilla Firefox
2009-07-01 08:02:27 ----D---- C:\Windows\Tasks
2009-07-01 08:02:04 ----D---- C:\Windows\system32\Tasks
2009-06-29 09:35:42 ----D---- C:\Program Files\Google
2009-06-28 14:13:27 ----D---- C:\Backup
2009-06-26 21:38:00 ----D---- C:\Program Files\FileZilla Client
2009-06-25 08:13:48 ----D---- C:\Users\Admin\AppData\Roaming\Free Download Manager
2009-06-24 08:25:00 ----D---- C:\Windows\winsxs
2009-06-24 08:24:59 ----D---- C:\Program Files\Internet Explorer
2009-06-24 07:54:45 ----D---- C:\Program Files\Mozilla Thunderbird
2009-06-18 17:50:39 ----D---- C:\Users\Admin\AppData\Roaming\Audacity
2009-06-15 10:07:04 ----D---- C:\Windows\rescache
2009-06-15 10:05:38 ----D---- C:\Windows\Microsoft.NET
2009-06-15 10:04:42 ----RSD---- C:\Windows\assembly
2009-06-14 23:05:27 ----D---- C:\Windows\ehome
2009-06-14 17:58:55 ----D---- C:\ProgramData\Microsoft Help
2009-06-10 15:35:46 ----D---- C:\Windows\system32\migration
|
|
09.07.2009, 21:30
| #12 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung log.txt ende: Code:
ATTFilter ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720] R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-10-31 110096] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-07-17 147984] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 20496] R1 ndasfat;NDAS FAT; \??\C:\Windows\system32\DRIVERS\ndasfat.sys [2007-06-29 372584] R1 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-03-29 25344] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\Drivers\hcmon.sys [2008-05-09 22016] R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-03-21 44416] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-05-09 23296] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-05-09 15744] R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2008-05-09 9216] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-05-09 97152] R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [2007-05-01 18480] R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-20 99648] R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984] R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-14 2016920] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752] R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520] R3 ndasbus;NDAS Bus Driver; C:\Windows\system32\DRIVERS\ndasbus.sys [2007-06-29 75880] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-02-05 247808] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8230496] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-10-11 47360] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168] R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088] R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-05-09 9600] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920] S3 catchme;catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver; C:\Windows\System32\Drivers\dsltestSp5.sys [2007-09-12 26816] S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver; C:\Windows\system32\DRIVERS\DLKRT32.sys [2007-01-24 70144] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] S3 ndasscsi;NDAS SCSI Miniport Driver; C:\Windows\system32\DRIVERS\ndasscsi.sys [2007-06-29 187368] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-18 131000] S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-08-31 427288] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 AVP;Kaspersky Security Suite CBE; C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184] R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R2 MySQL;MySQL; c:\mysql\bin\mysqld-nt MySQL [] R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2007-06-29 236520] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-10-19 262247] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R2 SynoDrService;SynoDrService; C:\Program Files\Synology Data Replicator 3\SynoDrService.exe [2007-08-06 557056] R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-10 185640] R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-08-31 498872] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2006-10-19 282709] R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2006-10-19 122971] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-05-09 151643] R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-05-09 106496] R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104] R2 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-05-09 1650781] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-05-09 135168] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 TDslMgrService;DSL-Manager; C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe [2007-11-26 294912] S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54; C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-02 133104] S2 PCLEPCI;PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [2005-02-09 14165] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-02 72704] S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {de_DE} ; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792] S3 Apache2.2;Apache2.2; C:\apache\bin\httpd.exe [2008-06-13 24635] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-24 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-02 1029456] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504] S4 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2007-12-25 586240] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-08 3004416] -----------------EOF----------------- ciao shirocko |
|
10.07.2009, 20:32
| #13 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung 1.) Start => Ausführen => combofix /u => OK 2.) Lade dir ein neues Combofix auf den Desktop => Mausklick rechts auf Combofix => Ausführen als Administrator => Log posten (oder bei einem Filehoster hochladen und Link posten). ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
10.07.2009, 22:01
| #14 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung hi hier die neue log teil1: Code:
ATTFilter ComboFix 09-07-08.07 - Admin 10.07.2009 22:03.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1031.18.2046.974 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\confixi.exe
AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((( Dateien erstellt von 2009-06-10 bis 2009-07-10 ))))))))))))))))))))))))))))))
.
2009-07-10 20:21 . 2009-07-10 20:29 -------- d-----w- c:\users\Admin\AppData\Local\temp
2009-07-09 19:49 . 2009-07-09 19:50 -------- d-----w- C:\rsit
2009-07-06 13:19 . 2009-07-06 13:19 -------- d-----w- c:\program files\Trend Micro
2009-07-05 09:57 . 2009-02-12 09:41 973312 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
2009-07-04 10:35 . 2009-07-04 10:35 90112 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-07-04 10:35 . 2009-07-04 10:35 307200 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-07-04 10:35 . 2009-07-04 10:35 172032 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- c:\users\Admin\AppData\Roaming\Vodafone
2009-07-04 10:27 . 2009-07-04 10:27 -------- d-----w- c:\programdata\InstallShield
2009-07-04 10:25 . 2008-03-17 09:05 101632 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-07-04 10:24 . 2009-07-04 10:24 -------- d-----w- c:\programdata\Vodafone
2009-07-04 10:24 . 2009-07-04 10:24 -------- d-----w- c:\program files\Vodafone
2009-07-03 15:21 . 2009-07-03 15:21 -------- d-----w- c:\users\Admin\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}
2009-07-02 12:49 . 2009-07-02 12:49 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe
2009-07-02 12:49 . 2009-07-02 12:49 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-02 12:49 . 2009-07-02 12:49 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-02 12:49 . 2009-07-02 12:49 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-02 12:49 . 2009-07-02 12:49 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-02 12:49 . 2009-07-02 12:49 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-02 12:48 . 2009-07-02 12:48 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-02 12:48 . 2009-07-02 12:48 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-02 12:48 . 2009-07-02 12:48 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-02 12:48 . 2009-07-02 12:48 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-02 12:48 . 2009-07-02 12:48 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-02 12:48 . 2009-07-02 12:48 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-02 12:48 . 2009-07-02 12:48 2352968 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-02 12:48 . 2009-07-02 12:48 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-02 12:48 . 2009-07-02 12:48 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 19:40 . 2006-12-20 12:23 114688 ------w- c:\windows\system32\pcleDVdc.dll
2009-06-21 19:40 . 2006-12-20 12:23 90112 ------w- c:\windows\system32\pcleDVcd.dll
2009-06-21 19:40 . 2006-12-20 12:23 90112 ------w- c:\windows\system32\pcleADV.dll
2009-06-21 19:40 . 2006-12-20 12:23 90112 ------w- c:\windows\system32\ACnvrtX.dll
2009-06-21 19:40 . 2006-12-20 12:23 876544 ------w- c:\windows\system32\CSCnvrtX.dll
2009-06-14 10:00 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 10:00 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-11 11:53 . 2009-06-11 11:53 -------- d-----w- c:\program files\Western Digital Corporation
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 20:26 . 2008-07-17 16:29 1530023968 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-10 20:24 . 2008-01-11 15:07 -------- d-----w- c:\programdata\VMware
2009-07-10 20:22 . 2008-07-17 16:29 20495396 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-10 19:54 . 2007-12-25 01:38 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-10 19:49 . 2008-07-01 19:03 169936 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe
2009-07-09 18:33 . 2008-02-03 23:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-09 16:23 . 2006-11-02 15:48 737124 ----a-w- c:\windows\system32\perfh007.dat
2009-07-09 16:23 . 2006-11-02 15:48 166582 ----a-w- c:\windows\system32\perfc007.dat
2009-07-09 16:13 . 2008-01-11 15:11 -------- d-----w- c:\users\Admin\AppData\Roaming\VMware
2009-07-05 21:54 . 2007-12-25 12:20 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2009-07-05 18:12 . 2008-09-30 15:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-07-05 18:12 . 2007-12-25 12:21 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM
2009-07-04 16:09 . 2007-12-26 22:08 -------- d-----w- c:\users\Admin\AppData\Roaming\FileZilla
2009-07-04 10:24 . 2007-12-25 01:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 15:29 . 2008-02-03 23:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-29 07:35 . 2007-12-26 22:00 -------- d-----w- c:\program files\Google
2009-06-26 19:38 . 2009-06-06 18:44 -------- d-----w- c:\program files\FileZilla Client
2009-06-25 06:13 . 2008-04-28 12:51 -------- d-----w- c:\users\Admin\AppData\Roaming\Free Download Manager
2009-06-24 05:54 . 2007-12-25 13:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-18 15:50 . 2008-04-03 13:57 -------- d-----w- c:\users\Admin\AppData\Roaming\Audacity
2009-06-14 15:58 . 2007-12-27 00:00 -------- d-----w- c:\programdata\Microsoft Help
2009-06-06 15:23 . 2007-12-26 18:53 -------- d-----w- c:\users\Admin\AppData\Roaming\Apple Computer
2009-06-06 12:38 . 2008-07-10 17:51 -------- d-----w- c:\program files\iTunes
2009-06-06 12:37 . 2009-06-06 12:37 -------- d-----w- c:\program files\iPod
2009-06-06 12:37 . 2007-12-26 18:49 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 12:33 . 2008-01-11 12:19 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-06 12:20 . 2009-06-06 12:20 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:11 . 2009-05-11 20:22 1 ----a-w- c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 11:57 . 2009-06-01 11:57 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-21 14:28 . 2008-07-17 16:36 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-21 14:28 . 2008-07-17 16:36 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 16:31 . 2007-12-25 01:18 130424 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-07 18:20 -------- d-----w- c:\program files\Microsoft Works
2009-05-18 16:55 . 2009-05-18 16:54 -------- d-----w- c:\users\Admin\AppData\Roaming\AllDup
2009-05-18 16:53 . 2009-05-18 16:53 -------- d-----w- c:\program files\AllDup
2009-05-17 14:37 . 2009-05-17 14:37 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-13 06:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 07:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 07:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 15:11 . 2009-05-08 16:51 44018 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-05-08 16:51 16896 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-06 12:23 . 2009-05-07 16:28 372736 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-29 18:42 . 2009-05-08 16:51 110592 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-05-08 16:51 110592 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-23 12:43 . 2009-06-10 07:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 07:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 07:18 2033152 ----a-w- c:\windows\system32\win32k.sys
2007-12-26 19:50 . 2007-12-26 19:50 0 --sh--w- c:\windows\S1589D1C6.tmp
2006-05-03 09:06 . 2008-07-08 12:39 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-08 12:39 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-08 12:39 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk
backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
|
|
10.07.2009, 22:02
| #15 |
| | PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung log teil 2: Code:
ATTFilter
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server
"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server
"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server
"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]
R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]
R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30.04.2008 01:15 1153368]
R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator 3\SynoDrService.exe [06.08.2007 20:36 557056]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [29.08.2008 08:29 185640]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10.12.2008 10:49 185640]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [14.06.2008 15:02 282709]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [14.06.2008 15:02 122971]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [09.05.2008 21:05 1650781]
R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]
R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [05.04.2008 13:23 294912]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]
S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54;c:\program files\Google\Update\GoogleUpdate.exe [02.06.2009 17:51 133104]
S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:48]
2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 22:26
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]
"gaakomjbdaejdn"=hex:63,61,64,67,6b,6d,00,77
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'Explorer.exe'(11776)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\T-Online\DSL-Manager\Deskband.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\VSSVC.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-10 22:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-10 20:46
ComboFix2.txt 2009-07-09 19:37
Vor Suchlauf: 8.441.098.240 Bytes frei
Nach Suchlauf: 8.288.772.096 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,44
456 --- E O F --- 2009-06-30 06:02
|
|
| Themen zu PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung |
| ad-aware, adobe, backdoor, bho, bitte um hilfe, browser, defender, eigenartig, explorer, firefox, free download, google, gupdate, hijack, hijackthis, infiziert, internet, internet explorer, kaspersky, konvertieren, menu.exe, mozilla, mozilla thunderbird, pdf-datei, plug-in, preferences, rundll, safer networking, scan, security, security suite, senden, software, synology, trojaner, vista, vodafone, windows |
Linear-Darstellung
