| |
| |||||||
Log-Analyse und Auswertung: Trojaner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.07.2009, 08:21
| #1 |
 |  Trojaner gefunden hallo allerseits Ich habe glaube ich schon länger Probleme mit meinen Rechner die darauf hinwiesen das mein Rechner Infiziert war jedoch hatten Virenscanner oder Auswertung der logs nichts erkennen lassen. Zum Teil habe ich dennoch neu installiert jedoch nie alles Formatiert Jetzt hat eine test Version von Bit defender etwas gefunden und das ist recht viel  3 Trojaner wovon einer nicht geloecht werden konnte (Trojan.Feutel.AV) 1310 Geschützte Objekte die zum groessten teil in der System Volume Information stehen, der gleiche platz wie der verbleibende Trojaner. Auch einige passwortgeschützte Objekte die ich aber beim aktuellen scan nicht wiedergefunden habe. Auch unter d\: Recycler sind einige kennwortgeschuetzte Objekte. Ich selber habe als Sofortmaßnahme die beckupspeicherung von Windows ausgeschaltet, neugestartet und sie wieder angeschaltet wodurch ich dachte die System Volume Information zu loechen. jedoch blieben diese bestehen. anbei noch das Log von Hijack Ich wundere mich ein bisschen das diese Sachen jetzt gefunden wurden ob wohl ich vile Prograe in den letzten Jahren ausprobiert habe. Mich würde interessieren ob mal jetzt in Log was sieht und ob es eine Möglichkeit gibt zu erkennen wer der Angreifer ist? Über antworten würde ich mich sehr freuen nein nein Anbei noch der log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:20:51, on 10/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe e:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9b5b2fed99bd0) (gupdate1c9b5b2fed99bd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NMSAccessU - Unknown owner - e:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 11928 bytes |
|
10.07.2009, 13:39
| #2 |
| | Trojaner gefunden ich habe mal noch ein log gemacht
__________________Hier eins mit Random's System Information Tool (RSIT) hoffe das hilft Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-07-10 14:18:03
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\e7e6bb3ae60aaa1c5b11aa97d8f15b0\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{96ABF4E1-1489-4B84-B3CB-82E010247D73}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library-->MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores-->MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Identity Protection-->MsiExec.exe /X{7583D2F8-8E7D-40C5-9862-4D218006FB84}
BitDefender Internet Security 2009-->MsiExec.exe /X{27148014-3B0A-402B-8130-6B056357D12D}
BrettspielWelt-->"F:\Program Files\BSW\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"e:\Program Files\CDBurnerXP\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FondsenDisk2009-->c:\FondsenDisk2009\Uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Document Manager 2.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet 6500 E709 Series-->C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzscr01.exe -datfile hpwscr23.dat -forcereboot
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 12.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
JSAS-->"C:\WINDOWS\JSAS\uninstall.exe" "/U:C:\Program Files\JSAS\Uninstall\uninstall.xml"
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Navilog1 4.0.0-->"C:\Program Files\Navilog1\unins000.exe"
Nijntje verzamel cd 2-->MsiExec.exe /I{A237EC86-AF9D-425A-8BB3-F206ACD78C88}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 12.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OfficePrinter 2.0-->E:\Program Files\OfficePrinter 2.0\Uninstall.exe
OpenOffice.org 2.4-->MsiExec.exe /I{43721D86-16D1-46BF-8353-37CD82333BC3}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pixum EasyBook-->"d:\Program Files\Pixum\Pixum EasyBook\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype web features-->MsiExec.exe /I{8B53527D-BBB2-43A5-91D7-9ED772FD737F}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoulSeek Client 156c-->"d:\Program Files\Soulseek\uninstall.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Stellar Phoenix NTFS Data Recovery V3.0-->"F:\Program Files\Stellar Phoenix NTFS Data Recovery\unins000.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VLC media player 0.9.2-->F:\Program Files\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{B38B1F86-8202-482F-A289-A4806DFA498D}
Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}
Windows Live Photo Gallery-->MsiExec.exe /X{DE9DF561-0332-42A5-AF28-4AF028B7029D}
Windows Live Sync-->MsiExec.exe /X{120831D2-E9AD-4383-AC40-01FE658E11D6}
Windows Live Toolbar-->MsiExec.exe /X{E51109E7-3818-4BC2-B3FD-A59AC2378A2B}
Windows Live Writer-->MsiExec.exe /X{C8114985-F9C5-4A4A-885D-C6BA4AE8F231}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
 |
|
10.07.2009, 14:55
| #3 |
| | Trojaner gefunden teil 2
__________________Code:
ATTFilter ======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: BitDefender Antivirus
FW: BitDefender Firewall
======System event log======
Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 26305
Source Name: Dhcp
Time Written: 20090620165229.000000+120
Event Type: warning
User:
Computer Name: SPARTA
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001A92B05AA5. The IP address being used is
xxx.xxx.xxx.xxx
Record Number: 26266
Source Name: Dhcp
Time Written: 20090620065332.000000+120
Event Type: warning
User:
Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 26264
Source Name: Dhcp
Time Written: 20090620065330.000000+120
Event Type: warning
User:
Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 26263
Source Name: Dhcp
Time Written: 20090620065257.000000+120
Event Type: warning
User:
Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 26096
Source Name: Dhcp
Time Written: 20090618081535.000000+120
Event Type: warning
User:
=====Application event log=====
Computer Name: SPARTA
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 5750
Source Name: Application Hang
Time Written: 20090514125949.000000+120
Event Type: error
User:
Computer Name: SPARTA
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16827, faulting module mshtml.dll, version 7.0.6000.16825, fault address 0x000cb00b.
Record Number: 5645
Source Name: Application Error
Time Written: 20090510215748.000000+120
Event Type: error
User:
Computer Name: SPARTA
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 5591
Source Name: Application Hang
Time Written: 20090508224948.000000+120
Event Type: error
User:
Computer Name: SPARTA
Event Code: 1002
Message: Hanging application javaw.exe, version 6.0.40.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 5374
Source Name: Application Hang
Time Written: 20090427210046.000000+120
Event Type: error
User:
Computer Name: SPARTA
Event Code: 1002
Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 5315
Source Name: Application Hang
Time Written: 20090426104338.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
10.07.2009, 15:34
| #4 |
| | Trojaner gefunden hier der log.txt Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by user1 at 2009-07-10 14:17:59 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 17 GB (55%) free of 30 GB Total RAM: 2047 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:18:00, on 10/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\crypserv.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe e:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\user1\My Documents\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\user1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9b5b2fed99bd0) (gupdate1c9b5b2fed99bd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NMSAccessU - Unknown owner - e:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 11382 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-17 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-04 1541416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-05 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-17 118784] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-08 716800] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-07 8523776] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-07 81920] "Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-21 1884160] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-03-19 778240] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Microsoft Office.lnk - F:\Program Files\Office10\OSA.EXE Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\user1\Start Menu\Programs\Startup OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic y\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220 19" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe"="C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe"="C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\Program Files\Soulseek\slsk.exe"="D:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "F:\Program Files\Phone\Skype.exe"="F:\Program Files\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic y\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220 19" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" |
|
10.07.2009, 15:35
| #5 |
| | Trojaner gefunden und teil 2 Code:
ATTFilter ======File associations====== .js - open - "G:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2009-07-10 14:17:59 ----D---- C:\rsit 2009-07-10 14:17:30 ----D---- C:\Program Files\Navilog1 2009-07-07 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-07-07 14:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$ 2009-07-07 04:58:00 ----D---- C:\Documents and Settings\user1\Application Data\Windows Search 2009-07-06 21:35:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$ 2009-07-06 21:35:22 ----D---- C:\Program Files\Microsoft Silverlight 2009-07-06 21:35:10 ----D---- C:\Documents and Settings\user1\Application Data\Windows Desktop Search 2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\GroupPolicy 2009-07-06 21:34:02 ----D---- C:\Program Files\Windows Desktop Search 2009-07-06 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2009-07-06 21:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$ 2009-07-06 21:30:45 ----D---- C:\WINDOWS\system32\URTTEMP 2009-07-05 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\id Software 2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files\Skype 2009-06-27 07:27:26 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2009-06-27 07:27:23 ----D---- C:\Program Files\Security Task Manager 2009-06-26 11:37:39 ----A---- C:\WINDOWS\bdagent.INI 2009-06-26 09:16:38 ----D---- C:\Documents and Settings\user1\Application Data\BitDefender 2009-06-26 09:16:12 ----D---- C:\Program Files\BitDefender 2009-06-26 09:16:12 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender 2009-06-26 09:09:50 ----D---- C:\Program Files\Common Files\BitDefender 2009-06-25 22:54:06 ----D---- C:\Program Files\MSXML 4.0 2009-06-24 23:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2009-06-24 19:04:45 ----D---- C:\Documents and Settings\user1\Application Data\HPAppData 2009-06-24 18:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG 2009-06-24 18:41:56 ----D---- C:\Documents and Settings\User1\Application Data\HP 2009-06-24 18:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2009-06-24 18:23:34 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2009-06-24 18:23:18 ----D---- C:\WINDOWS\hpoj6500e709 2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwwiax5.dll 2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwtiop4.dll 2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpovst11.dll 2009-06-24 18:20:45 ----D---- C:\Program Files\Common Files\HP 2009-06-24 18:20:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard 2009-06-24 18:20:41 ----D---- C:\Program Files\Hewlett-Packard 2009-06-24 18:19:37 ----D---- C:\Program Files\HP 2009-06-24 18:19:10 ----HD---- C:\Config.Msi 2009-06-24 18:16:38 ----RA---- C:\WINDOWS\system32\hpzids01.dll 2009-06-24 18:16:38 ----A---- C:\WINDOWS\system32\hpf3l082.dll 2009-06-24 18:16:19 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-06-24 18:16:17 ----RA---- C:\WINDOWS\system32\difxapi.dll 2009-06-24 18:16:16 ----RA---- C:\WINDOWS\system32\hppldcoi.dll 2009-06-11 05:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-11 05:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-11 05:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-11 05:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ ======List of files/folders modified in the last 1 months====== 2009-07-10 14:18:01 ----D---- C:\WINDOWS\Prefetch 2009-07-10 14:17:30 ----RD---- C:\Program Files 2009-07-10 14:10:56 ----D---- C:\WINDOWS\Temp 2009-07-10 14:10:56 ----D---- C:\WINDOWS\system32 2009-07-10 12:59:33 ----D---- C:\Program Files\Mozilla Firefox 2009-07-10 12:01:33 ----D---- C:\WINDOWS\Debug 2009-07-10 12:01:33 ----D---- C:\WINDOWS 2009-07-10 10:45:41 ----A---- C:\WINDOWS\win.ini 2009-07-10 09:58:28 ----SD---- C:\WINDOWS\Tasks 2009-07-10 09:58:19 ----D---- C:\Documents and Settings\user1\Application Data\OpenOffice.org2 2009-07-10 09:57:07 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-07-09 15:32:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-07-08 21:41:12 ----SHD---- C:\WINDOWS\Installer 2009-07-07 14:01:58 ----HD---- C:\WINDOWS\inf 2009-07-07 14:01:54 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-07 14:01:53 ----D---- C:\WINDOWS\system32\CatRoot 2009-07-07 14:01:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-07 14:00:02 ----D---- C:\WINDOWS\Registration 2009-07-07 13:59:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-07-07 05:20:57 ----D---- C:\WINDOWS\Microsoft.NET 2009-07-07 05:20:26 ----RSD---- C:\WINDOWS\assembly 2009-07-06 22:31:02 ----D---- C:\WINDOWS\security 2009-07-06 21:35:49 ----D---- C:\Program Files\Microsoft 2009-07-06 21:34:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-07-06 21:34:07 ----D---- C:\WINDOWS\system32\en-US 2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\wbem 2009-07-06 21:28:40 ----D---- C:\WINDOWS\WinSxS 2009-07-06 21:23:06 ----D---- C:\WINDOWS\system32\XPSViewer 2009-07-06 21:22:58 ----RSD---- C:\WINDOWS\Fonts 2009-07-06 21:16:48 ----D---- C:\Program Files\Internet Explorer 2009-07-06 18:53:18 ----SHD---- C:\System Volume Information 2009-07-06 18:53:18 ----D---- C:\WINDOWS\system32\Restore 2009-07-05 19:26:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-07-05 19:26:47 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2009-07-05 19:26:46 ----A---- C:\WINDOWS\system32\pbsvc.exe 2009-07-05 00:07:39 ----D---- C:\Documents and Settings\user1\Application Data\Skype 2009-07-05 00:06:50 ----D---- C:\Documents and Settings\user1\Application Data\skypePM 2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files 2009-07-04 07:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2009-07-03 09:16:28 ----D---- C:\Program Files\JSAS 2009-06-26 09:16:44 ----D---- C:\WINDOWS\system32\drivers 2009-06-26 09:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-06-24 18:22:10 ----D---- C:\WINDOWS\twain_32 2009-06-18 10:25:34 ----D---- C:\Documents and Settings\user1\Application Data\Adobe 2009-06-11 05:47:04 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872] R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-07 7435648] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-03-14 82048] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-24 415024] R2 NMSAccessU;NMSAccessU; e:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-07 155716] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-05 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-05 107832] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-03-27 1626112] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 gupdate1c9b5b2fed99bd0;Google Update Service (gupdate1c9b5b2fed99bd0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-05 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 183280] S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-21 153792] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-11 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
10.07.2009, 18:54
| #6 |
| /// Selecta Jahrusso   | Trojaner gefunden 1. Was wurde wo wann gefunden? 2. Poste mir wenn noch vorhanden den inhalt von C:\cleannavi.txt 3. Führe Malwarebytes wie beschrieben aus und poste das Logfile 4. Lösche unter C:\RSIT\ die info.txt und die log.txt starte danach die rsit.exe nocheinmal und poste nur die log.txt
__________________ --> Trojaner gefunden |
|
11.07.2009, 20:57
| #7 |
| | Trojaner gefunden Hallo Gentlman Danke für deine Begruessung Zu 1) Der Trojaner der gefunden wurde ist Trojan.Feutel.AV und das am 03.07 auf den Laufwerk F:\system volume Information\_restore{xxxxx-xxxx-xxxxx-xxxxx-xxxx-xxxx}\rp6\A0016696.exe die A00.exe war zwei mal vorhanden mit nur einer anderen zahl am ende Auch unter den Gleichen Platz sind mir fremde Einträge die alphabetisch geordnet sind um einen Umfang von ca. 1200 Stück haben. Alle Passwortgeschuetzt Hier paar Beispiele F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]2200AD.EXE F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BANNER.EXE F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Zip-it.exe Ich kann auch die volle liste mal posten falls Interesse vorhanden. Wie gesagt ich habe darauf System restore ausgeschaltet und neu gestartet um es darauf wieder anzuschalten mit der Hoffnung das alle Einträge geloecht werden was aber nicht der Fall war. Irgendwo habe ich gelesen das diese Exes noch immer ausgeführt werden können, stimmt das eigentlich? Zu 2 den File habe ich nicht. Zu 3 da ist nichts gefunden wurden hier der Log zu 4 hier der log Log von Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3
11/07/2009 15:10:21
mbam-log-2009-07-11 (15-10-21).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 511749
Time elapsed: 4 hour(s), 30 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by User1 at 2009-07-11 20:52:34 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 16 GB (55%) free of 30 GB Total RAM: 2047 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:52:40, on 11/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe e:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe F:\Program Files\Office10\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE F:\Program Files\Toolbars\Shared\SkypeNames.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User1\My Documents\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\User1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9b5b2fed99bd0) (gupdate1c9b5b2fed99bd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NMSAccessU - Unknown owner - e:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 12578 bytes Geändert von neinnein (11.07.2009 um 21:28 Uhr) |
|
11.07.2009, 21:03
| #8 |
| | Trojaner gefunden part 2 Code:
ATTFilter ======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-17 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-04 1541416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-05 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-17 118784]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-08 716800]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-07 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-07 81920]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-21 1884160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-03-19 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - F:\Program Files\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\User1\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe"="C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe"="C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Soulseek\slsk.exe"="D:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"F:\Program Files\Phone\Skype.exe"="F:\Program Files\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
|
|
11.07.2009, 21:04
| #9 |
| | Trojaner gefunden part 3 Code:
ATTFilter ======File associations====== .js - open - "G:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" ======List of files/folders created in the last 3 months====== 2009-07-11 10:35:35 ----D---- C:\Documents and Settings\User1\Application Data\Malwarebytes 2009-07-11 10:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-11 10:35:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-10 14:27:10 ----A---- C:\cleannavi.txt 2009-07-10 14:17:59 ----D---- C:\rsit 2009-07-10 14:17:30 ----D---- C:\Program Files\Navilog1 2009-07-07 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-07-07 14:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$ 2009-07-07 04:58:00 ----D---- C:\Documents and Settings\User1\Application Data\Windows Search 2009-07-06 21:35:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$ 2009-07-06 21:35:22 ----D---- C:\Program Files\Microsoft Silverlight 2009-07-06 21:35:10 ----D---- C:\Documents and Settings\User1\Application Data\Windows Desktop Search 2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\GroupPolicy 2009-07-06 21:34:02 ----D---- C:\Program Files\Windows Desktop Search 2009-07-06 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2009-07-06 21:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$ 2009-07-06 21:30:45 ----D---- C:\WINDOWS\system32\URTTEMP 2009-07-05 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\id Software 2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files\Skype 2009-06-27 07:27:26 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2009-06-27 07:27:23 ----D---- C:\Program Files\Security Task Manager 2009-06-26 11:37:39 ----A---- C:\WINDOWS\bdagent.INI 2009-06-26 09:16:38 ----D---- C:\Documents and Settings\User1\Application Data\BitDefender 2009-06-26 09:16:12 ----D---- C:\Program Files\BitDefender 2009-06-26 09:16:12 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender 2009-06-26 09:09:50 ----D---- C:\Program Files\Common Files\BitDefender 2009-06-25 22:54:06 ----D---- C:\Program Files\MSXML 4.0 2009-06-24 23:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2009-06-24 19:04:45 ----D---- C:\Documents and Settings\User1\Application Data\HPAppData 2009-06-24 18:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG 2009-06-24 18:41:56 ----D---- C:\Documents and Settings\User1\Application Data\HP 2009-06-24 18:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2009-06-24 18:23:34 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2009-06-24 18:23:18 ----D---- C:\WINDOWS\hpoj6500e709 2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwwiax5.dll 2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwtiop4.dll 2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpovst11.dll 2009-06-24 18:20:45 ----D---- C:\Program Files\Common Files\HP 2009-06-24 18:20:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard 2009-06-24 18:20:41 ----D---- C:\Program Files\Hewlett-Packard 2009-06-24 18:19:37 ----D---- C:\Program Files\HP 2009-06-24 18:19:10 ----HD---- C:\Config.Msi 2009-06-24 18:16:38 ----RA---- C:\WINDOWS\system32\hpzids01.dll 2009-06-24 18:16:38 ----A---- C:\WINDOWS\system32\hpf3l082.dll 2009-06-24 18:16:19 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-06-24 18:16:17 ----RA---- C:\WINDOWS\system32\difxapi.dll 2009-06-24 18:16:16 ----RA---- C:\WINDOWS\system32\hppldcoi.dll 2009-06-11 05:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-11 05:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-11 05:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-11 05:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-05 22:12:59 ----D---- C:\Documents and Settings\User1\Application Data\WinRAR 2009-06-05 22:12:52 ----D---- C:\Program Files\WinRAR 2009-06-05 22:07:05 ----D---- C:\Documents and Settings\User1\Application Data\Uniblue 2009-05-30 20:20:50 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2009-05-26 15:10:32 ----D---- C:\Documents and Settings\All Users\Application Data\hps 2009-04-30 04:08:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-04-18 06:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-18 06:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-18 06:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-18 06:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-18 06:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-18 06:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-17 07:13:16 ----N---- C:\WINDOWS\system32\xpsp4res.dll ======List of files/folders modified in the last 3 months====== 2009-07-11 20:52:40 ----D---- C:\WINDOWS\Prefetch 2009-07-11 20:03:31 ----D---- C:\WINDOWS\Temp 2009-07-11 18:04:15 ----SD---- C:\WINDOWS\Tasks 2009-07-11 18:04:15 ----D---- C:\WINDOWS\system32 2009-07-11 18:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-07-11 14:52:17 ----D---- C:\Program Files\Mozilla Firefox 2009-07-11 10:35:30 ----D---- C:\WINDOWS\system32\drivers 2009-07-11 10:35:28 ----RD---- C:\Program Files 2009-07-11 06:55:50 ----D---- C:\Documents and Settings\User1\Application Data\OpenOffice.org2 2009-07-11 06:30:56 ----A---- C:\WINDOWS\win.ini 2009-07-11 06:28:59 ----D---- C:\WINDOWS 2009-07-10 23:54:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-10 12:01:33 ----D---- C:\WINDOWS\Debug 2009-07-08 21:41:12 ----SHD---- C:\WINDOWS\Installer 2009-07-07 14:01:58 ----HD---- C:\WINDOWS\inf 2009-07-07 14:01:54 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-07 14:01:53 ----D---- C:\WINDOWS\system32\CatRoot 2009-07-07 14:01:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-07 14:00:02 ----D---- C:\WINDOWS\Registration 2009-07-07 13:59:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-07-07 05:20:57 ----D---- C:\WINDOWS\Microsoft.NET 2009-07-07 05:20:26 ----RSD---- C:\WINDOWS\assembly 2009-07-06 22:31:02 ----D---- C:\WINDOWS\security 2009-07-06 21:35:49 ----D---- C:\Program Files\Microsoft 2009-07-06 21:34:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-07-06 21:34:07 ----D---- C:\WINDOWS\system32\en-US 2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\wbem 2009-07-06 21:28:40 ----D---- C:\WINDOWS\WinSxS 2009-07-06 21:23:06 ----D---- C:\WINDOWS\system32\XPSViewer 2009-07-06 21:22:58 ----RSD---- C:\WINDOWS\Fonts 2009-07-06 21:16:48 ----D---- C:\Program Files\Internet Explorer 2009-07-06 18:53:18 ----SHD---- C:\System Volume Information 2009-07-06 18:53:18 ----D---- C:\WINDOWS\system32\Restore 2009-07-05 19:26:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-07-05 19:26:47 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2009-07-05 19:26:46 ----A---- C:\WINDOWS\system32\pbsvc.exe 2009-07-05 00:07:39 ----D---- C:\Documents and Settings\user1\Application Data\Skype 2009-07-05 00:06:50 ----D---- C:\Documents and Settings\User1\Application Data\skypePM 2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files 2009-07-04 07:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2009-07-03 09:16:28 ----D---- C:\Program Files\JSAS 2009-06-26 09:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-06-24 18:22:10 ----D---- C:\WINDOWS\twain_32 2009-06-18 10:25:34 ----D---- C:\Documents and Settings\User1\Application Data\Adobe 2009-06-11 05:47:04 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-25 00:24:06 ----N---- C:\WINDOWS\system32\mssph.dll 2009-05-23 18:05:12 ----D---- C:\Program Files\OpenOffice.org 2.4 2009-05-19 19:32:04 ----D---- C:\Program Files\Google 2009-05-12 15:12:14 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-05-12 15:12:14 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-05-07 17:32:35 ----A---- C:\WINDOWS\system32\localspl.dll 2009-04-29 06:56:02 ----A---- C:\WINDOWS\system32\wininet.dll 2009-04-29 06:56:02 ----A---- C:\WINDOWS\system32\webcheck.dll 2009-04-29 06:56:01 ----N---- C:\WINDOWS\system32\occache.dll 2009-04-29 06:56:01 ----N---- C:\WINDOWS\system32\mstime.dll 2009-04-29 06:56:01 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-04-29 06:56:01 ----A---- C:\WINDOWS\system32\url.dll 2009-04-29 06:56:01 ----A---- C:\WINDOWS\system32\pngfilt.dll 2009-04-29 06:56:00 ----N---- C:\WINDOWS\system32\msrating.dll 2009-04-29 06:56:00 ----A---- C:\WINDOWS\system32\mshtmled.dll 2009-04-29 06:56:00 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-04-29 06:55:58 ----N---- C:\WINDOWS\system32\jsproxy.dll 2009-04-29 06:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-04-29 06:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-04-29 06:55:57 ----N---- C:\WINDOWS\system32\iernonce.dll 2009-04-29 06:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-04-29 06:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\ieaksie.dll 2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\ieakeng.dll 2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\extmgr.dll 2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\ieencode.dll 2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\icardie.dll 2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\dxtrans.dll 2009-04-29 06:55:55 ----N---- C:\WINDOWS\system32\dxtmsft.dll 2009-04-29 06:55:55 ----A---- C:\WINDOWS\system32\advpack.dll 2009-04-28 11:05:56 ----N---- C:\WINDOWS\system32\ie4uinit.exe 2009-04-28 11:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe 2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll 2009-04-18 08:08:35 ----D---- C:\WINDOWS\AppPatch 2009-04-15 16:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872] R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-07 7435648] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-03-14 82048] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 catchme;catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys [] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-24 415024] R2 NMSAccessU;NMSAccessU; e:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-07 155716] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-05 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-05 107832] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-03-27 1626112] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S2 gupdate1c9b5b2fed99bd0;Google Update Service (gupdate1c9b5b2fed99bd0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-05 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 183280] S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-21 153792] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-11 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
12.07.2009, 10:06
| #10 |
| /// Selecta Jahrusso | Trojaner gefunden So sehe ich jetzt nichts Schädliches aber Code:
ATTFilter 2009-07-10 14:27:10 ----A---- C:\cleannavi.txt
2009-07-10 14:17:59 ----D---- C:\rsit
2009-07-10 14:17:30 ----D---- C:\Program Files\Navilog1
2009-07-07 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
die cleannavi.txt würde ich gerne sehen Ausserdem sieh dir bitte einmal deine Software Liste an Deinstalliere alles was Du nicht benötigst Downloade dir bitte Java Update 14 Deinstalliere ausserdem Navilog J2SE Runtime Environment 5.0 Update 7 Java(TM) 6 Update 4 Installiere nun Update 14 2. Systemwiederherstellung deaktivieren Starte den Rechner neu Aktiviere nun die Systemwiederherstellung wieder 3. Kaspersky - Onlinescanner Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware. ---> hier herunterladen => Kaspersky Online Scanner => Hinweise zu älteren Versionen beachten! => Voraussetzung: Internet Explorer 6.0 oder höher => die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter => Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken => Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als => Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten => Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen 5. Poste bitte eine neue HJT log
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
13.07.2009, 16:57
| #11 |
| | Trojaner gefunden Hallo Gentlman Danke das du weiter dich mit meinen Fall beschäftigst. Über Navilog habe ich in einen anderen Tread gelesen und ich dachte ich lass es mal durchtrennen Ist jetzt deinstalliert und es wurde damit nichts gefunden. Hier der log habe einige sachen Deinstaliert bei vielen Sachen sind es Windows kram bei den ich nicht genau weis was ich davon eigentlich brauche und was nicht. Daine java Sachen habe ich gemacht 2 Das mit der Systemwiederherstellung habe ich schon mal gemacht und jetzt wieder jedoch mit den gleichen Erfolg die Dateien unter F: system Volume Information sind noch immer da. 3 Ich konnte Kasperskt leider nicht starten Ich akzeptiere die Bedingungen jedoch passiert nichts. Ich schaue mir das noch mal an. Habe aber ein erneuten scan mit BitDefender gemacht und den kann ich hier posten. diese unentliche datei liste geht noch weiter das ist nur ein auszug. Liebe Gruesse NeinNein Geändert von neinnein (13.07.2009 um 17:11 Uhr) |
|
13.07.2009, 17:02
| #12 |
| | Trojaner gefunden BitDefender Log Code:
ATTFilter BitDefender Protokolldatei
Produkt: BitDefender Internet Security 2009
Version: BitDefender UIScanner v.12
Prüfaufgabe: Tiefe Systemprüfung
Protokoll Datum: 13/07/2009 17:40:46
Protokoll Pfad: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1247499646_1_02.xml
PrüfpfadPfad 0000: C:\
Pfad 0001: D:\
Pfad 0002: E:\
Pfad 0003: F:\
Pfad 0004: G:\
Pfad 0005: H:\
Pfad 0006: I:\
Pfad 0007: J:\
Pfad 0008: K:\
PrüfoptionenAuf Viren prüfen: Ja
Auf Adware prüfen: Ja
Auf Spyware prüfen: Ja
Auf Anwendungen prüfen: Ja
Auf Dialer prüfen: Ja
Auf Rootkits prüfen: Ja
Optionen zur Zielauswahl:Registry-Schlüssel überprüfen: Ja
Cookies überprüfen: Ja
Boot-Sektoren überprüfen: Ja
Speicher-Prozesse überprüfen: Ja
Archive prüfen: Ja
Laufzeitkomprimierung prüfen: Ja
E-Mails prüfen: Nein
Alle Dateien überprüfen: Ja
Heuristische Prüfung: Ja
Geprüfte Erweiterungen:
Ausgeschlossene Erweiterungen:
Ablauf für Ziel:Standardaktion, die bei einem Virenfund angewendet wird: Desinfiziert
Standardaktion für verdächtige Objekte: Keine
Standardaktion bei versteckten Objekten: Keine
Standardaktion bei verschlüsselten infizierten Objekten: Keine
Standardaktion bei verschlüsselten verdächtigen Objekten: Keine
Standardaktion für passwortgeschützte Objekte: Als nicht geprüft protokollieren
Zusammenfassung der PrüfungAnzahl der Virensignaturen: 3688363
Archiv Plug-Ins: 45
E-Mail Plug-Ins: 6
Scan Plug-Ins: 13
System Plug-Ins: 5
Entpackungs-Plug-Ins: 7
Gesamtübersicht der PrüfungGeprüfte Objekte: 1396252
Infizierte Objekte: 2
Verdächtige Objekte: 0
Geklärte Objekte: 1
Ungeklärte Objekte: 1311
Passwortgeschützte Objekte: 1310
Kennwortgeschützte Objekte : 0
Einzelne Viren gefunden: 2
Geprüfte Datenverzeichnisse: 35260
Geprüfte Boot-Sektoren: 13
Geprüfte Archive: 14300
Input-Output Fehler: 0
Prüfzeit: 03:38:52
Dateien pro Sekunde: 106
Zusammenfassung der geprüften ProzesseGeprüft: 50
Infiziert: 0
Überprüft die Systemregistrierung von WindowsGeprüft: 1010
Infiziert: 0
Übersicht der geprüften CookiesGeprüft: 72
Infiziert: 0
Verbleibende ProblemeObjekt Name Name der Bedrohung Abschluss Status
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0016630.exe=](ZIP Sfx s)=]crack.exe Trojan.Feutel.AV Infiziert (keine Aktion war möglich, Datei befand sich in einem Archiv)
Gelöste ProblemeObjekt Name Name der Bedrohung Abschluss Status
[System]=]C:\Documents and Settings\User1\Cookies\user1@atdmt[2].txt Cookie.ATDMT Gelöscht
|
|
13.07.2009, 17:07
| #13 |
| | Trojaner gefundenCode:
ATTFilter Nicht zu prüfende ObjekteObjekt Name Grund Abschluss Status
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi=](Embedded CAB)=]internallist.zip=]internalList.dat Passwortgeschützt Nicht geprüft
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi=](Embedded CAB)=]internallist.zip=]info.enc Passwortgeschützt Nicht geprüft
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi=](Embedded CAB)=]internallist.zip=]v=232;l=EN_US;t=2 Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]WPWIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]123.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]1942.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]2200AD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DFX.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DHOME.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DLAND.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DMARK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]A.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]A2W.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]A5.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AB3.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ABC.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Abcflow.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACCUSET.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACDSEE32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACLT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACME.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACRODIST.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Acroexch.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]acrord32.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACROREAD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACROUK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Act.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACTPMNT.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Actwin2.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AD_NET.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADAPTER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADDDEPTH.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADDRBOOK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADMIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADOBE GAMMA LOADER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADOBEREG32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADVANTGE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Adw30.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Agds16.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Agent.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Agent95.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AHD3.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AHD4.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Ai41.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AIRMOS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ALMANAC.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ALMANC32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ALUNSER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMIFM.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Amipro.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMS4.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMW4.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANGEL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANNOUNCE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANYCLEAN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOLPHX.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOLTRAY.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOLUNINS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPARCHV.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPCLEAN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPDEL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPLETVIEWER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPMOVE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPROACH.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPTPORT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APSTUDIO.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Arcbkup.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARCHIVER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARDIAL32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARTGALRY.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ART-SCAN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARTSHOW4.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARUPLD32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASAP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASBROWSE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Ascend50.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASPELL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASTEROID.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ATMCNTRL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Atmfm.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTMANIA.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTO.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTOSTRT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTOXL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AVCONSOL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWEDIT32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWGATE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWHOST32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWONL32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWRAS32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWREM32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]B17.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BAB.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKIT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKLOG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKTRAC.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKWEB.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BAILEY.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BALDUR.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BANNER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BASH1.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BATHROOM.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BATTLE2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BC4000.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BCC.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BCR.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BD40.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Beast.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BGH2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BGHCFG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BIBLE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BIGGAME.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BILLMIND.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BINDER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BIZFORMS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BLOODNET.COM Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BODY3WIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BOOKMARK.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BPBOX.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BRAVO.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BRIDGE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BS9532.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BTNMENU.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BUD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BYLEAVE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]C&c.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]C7.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]C86.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Cafe.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CANVAS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAPEZE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAPPRO32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAPTURE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CARMEN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CASINO21.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAW2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CBW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCHAT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCMAIL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCPLUS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCREGMOD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCRITTER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCWIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CDISSS.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CENTRAL.EXE Passwortgeschützt Nicht geprüft
|
|
13.07.2009, 17:10
| #14 |
| | Trojaner gefundenCode:
ATTFilter F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CERTCONS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CF_ENG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CFSCONV.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CG16EH.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CG32EH.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CGMAIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CGMENU.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CGW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHANGER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHEM.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHEMDRAW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHESS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHEXNOW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHKVXD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHMAGENT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHOMP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CIV.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CKANLYST.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CKRUN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CKRUN.PIF Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLARION3.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLIKAPP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLINK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLIPPER.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLNSWEEP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CM4000.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMAGENT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMAPPFRM.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMDLAGNT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMUSRPFL.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CNFNOT32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CNNTC94.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COM32UPD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COMBATFS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COMCTL32.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COMPAT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Conf.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CONQUEST.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CONVDSN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Convert.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COPYDEFS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Coreldrw.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CORELFLW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CORELGAL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CORELPNT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPAV.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPRTST16.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPRTST32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPTEST16.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPTEST32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CRAYONS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CROSSWD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CRWACC20.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CS32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSALLOC4.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSALLOC5.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSAPPL.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSAUTOEX.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSBROWSE.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCDROM.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCLOCK.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCMPORT.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCONFIG.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSDSPLY.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSFDC.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSFLDRV.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSFS.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSGAME.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSHDC.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSHOP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSHRDRV.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSINET.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSINI.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSKEYBRD.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSLOGPRB.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSLPPORT.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMEMORY.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMODEM.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMONITR.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMOUSE.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNET.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETCLI.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETIC.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETSVC.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETTRN.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSPRINT.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSREG.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSSOUND.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSUNDO.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSWIN95.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSWINCMD.OCX Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUBIC.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUNEI.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUPWIN5.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Custom.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUTFTP32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]D3EDIT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DARKLAND.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Dash.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DATALNK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DATASAFE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DAZZLE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DB32W.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DBASE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Dbasewin.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DC3.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DCOMP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DCW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DCWIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DD.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DD3.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DDAY.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DECK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DECO4.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DEER HUNTER 2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DELREMOV.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DEMO32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DESCENT 3.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DETROIT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DGPRO35.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DHWIN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Diablo.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIE16.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIE32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIGDUG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIGIMORF.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DINOPARK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DINOSAUR.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIRECT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Director.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DISKEDIT.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DISKEDIT.PIF Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIVIL.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DMS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DMW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DN1.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOCTOR.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOOM2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOS4GW.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DP.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Draw.exe Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRBOOK.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRDAN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRIVELTR.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRUG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRVMAP9X.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DS40.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DSPLDR.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DST_SUNS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DSUN.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTIMEINI.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTO2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTO2_95.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTORG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DUNE2.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DUNE2000.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DUNEPRG.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DV32.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DWEAS.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNA.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNODEX.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNONOTE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNOPAGE.EXE Passwortgeschützt Nicht geprüft
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]EAP.EXE Passwortgeschützt Nicht geprüft
|
|
13.07.2009, 18:52
| #15 |
| | Trojaner gefundenCode:
ATTFilter Fix Navipromo version 4.0.0 began on 10/07/2009 at 14:27:10.17
!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
Fix running from C:\Program Files\navilog1
Updated on 19.06.2009 at 20h00 by IL-MAFIOSO
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user1 ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (Local Disk) - NTFS - Total:29 Go (Free:26 Go)
F:\ (Local Disk) - NTFS - Total:38 Go (Free:18 Go)
G:\ (Local Disk) - NTFS - Total:38 Go (Free:18 Go)
H:\ (Local Disk) - NTFS - Total:27 Go (Free:19 Go)
I:\ (Local Disk) - NTFS - Total:97 Go (Free:97 Go)
J:\ (Local Disk) - NTFS - Total:105 Go (Free:76 Go)
K:\ (Local Disk) - NTFS - Total:44 Go (Free:6 Go)
L:\ (CD or DVD)
Search done in normal mode
No Infection Navipromo/Egdaccess Found
*** Scan completed the 10/07/2009 at 14:32:12.28 ***
|
|
| Themen zu Trojaner gefunden |
| add-on, adobe, bho, bonjour, cdburnerxp, computer, defender, desktop, excel, firefox, google, google update, gupdate, helper, hijack, hijackthis, internet, internet explorer, maßnahme, mozilla, object, rundll, scan, server, shortcut, software, system, toolbars, trojaner, trojaner gefunden, virus, windows, windows xp |
Linear-Darstellung
