Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.07.2009, 08:21   #1
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



hallo allerseits

Ich habe glaube ich schon länger Probleme mit meinen Rechner die darauf hinwiesen das mein Rechner Infiziert war jedoch hatten Virenscanner oder Auswertung der logs nichts erkennen lassen. Zum Teil habe ich dennoch neu installiert jedoch nie alles Formatiert Jetzt hat eine test Version von Bit defender etwas gefunden und das ist recht viel

3 Trojaner wovon einer nicht geloecht werden konnte (Trojan.Feutel.AV)
1310 Geschützte Objekte die zum groessten teil in der System Volume Information stehen, der gleiche platz wie der verbleibende Trojaner.
Auch einige passwortgeschützte Objekte die ich aber beim aktuellen scan nicht wiedergefunden habe. Auch unter d\: Recycler sind einige kennwortgeschuetzte Objekte.

Ich selber habe als Sofortmaßnahme die beckupspeicherung von Windows ausgeschaltet, neugestartet und sie wieder angeschaltet wodurch ich dachte die System Volume Information zu loechen. jedoch blieben diese bestehen. anbei noch das Log von Hijack

Ich wundere mich ein bisschen das diese Sachen jetzt gefunden wurden ob wohl ich vile Prograe in den letzten Jahren ausprobiert habe.
Mich würde interessieren ob mal jetzt in Log was sieht und ob es eine Möglichkeit gibt zu erkennen wer der Angreifer ist?

Über antworten würde ich mich sehr freuen

nein nein

Anbei noch der log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20:51, on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b5b2fed99bd0) (gupdate1c9b5b2fed99bd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMSAccessU - Unknown owner - e:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11928 bytes

Alt 10.07.2009, 13:39   #2
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



ich habe mal noch ein log gemacht

Hier eins mit Random's System Information Tool (RSIT) hoffe das hilft

Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2009-07-10 14:18:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\e7e6bb3ae60aaa1c5b11aa97d8f15b0\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{96ABF4E1-1489-4B84-B3CB-82E010247D73}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library-->MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores-->MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Identity Protection-->MsiExec.exe /X{7583D2F8-8E7D-40C5-9862-4D218006FB84}
BitDefender Internet Security 2009-->MsiExec.exe /X{27148014-3B0A-402B-8130-6B056357D12D}
BrettspielWelt-->"F:\Program Files\BSW\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"e:\Program Files\CDBurnerXP\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FondsenDisk2009-->c:\FondsenDisk2009\Uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Document Manager 2.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet 6500 E709 Series-->C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzscr01.exe -datfile hpwscr23.dat -forcereboot
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 12.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
JSAS-->"C:\WINDOWS\JSAS\uninstall.exe" "/U:C:\Program Files\JSAS\Uninstall\uninstall.xml"
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Navilog1 4.0.0-->"C:\Program Files\Navilog1\unins000.exe"
Nijntje verzamel cd 2-->MsiExec.exe /I{A237EC86-AF9D-425A-8BB3-F206ACD78C88}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 12.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OfficePrinter 2.0-->E:\Program Files\OfficePrinter 2.0\Uninstall.exe
OpenOffice.org 2.4-->MsiExec.exe /I{43721D86-16D1-46BF-8353-37CD82333BC3}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9 
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pixum EasyBook-->"d:\Program Files\Pixum\Pixum EasyBook\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9  -removeonly
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype web features-->MsiExec.exe /I{8B53527D-BBB2-43A5-91D7-9ED772FD737F}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoulSeek Client 156c-->"d:\Program Files\Soulseek\uninstall.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9  -removeonly
Stellar Phoenix NTFS Data Recovery V3.0-->"F:\Program Files\Stellar Phoenix NTFS Data Recovery\unins000.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VLC media player 0.9.2-->F:\Program Files\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3CDAFDF9-A993-4B64-8D9B-36253D9C0DC9}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{B38B1F86-8202-482F-A289-A4806DFA498D}
Windows Live Messenger-->MsiExec.exe /X{1A38EBE5-08BD-4E0D-AAB9-0DFECACE108B}
Windows Live Photo Gallery-->MsiExec.exe /X{DE9DF561-0332-42A5-AF28-4AF028B7029D}
Windows Live Sync-->MsiExec.exe /X{120831D2-E9AD-4383-AC40-01FE658E11D6}
Windows Live Toolbar-->MsiExec.exe /X{E51109E7-3818-4BC2-B3FD-A59AC2378A2B}
Windows Live Writer-->MsiExec.exe /X{C8114985-F9C5-4A4A-885D-C6BA4AE8F231}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
         
__________________


Alt 10.07.2009, 14:55   #3
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



teil 2

Code:
ATTFilter
======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======System event log======

Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5.  The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 26305
Source Name: Dhcp
Time Written: 20090620165229.000000+120
Event Type: warning
User: 

Computer Name: SPARTA
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001A92B05AA5.  The IP address being used is 
xxx.xxx.xxx.xxx
Record Number: 26266
Source Name: Dhcp
Time Written: 20090620065332.000000+120
Event Type: warning
User: 

Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5.  The following
error occurred: 
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 26264
Source Name: Dhcp
Time Written: 20090620065330.000000+120
Event Type: warning
User: 

Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5.  The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 26263
Source Name: Dhcp
Time Written: 20090620065257.000000+120
Event Type: warning
User: 

Computer Name: SPARTA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A92B05AA5.  The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 26096
Source Name: Dhcp
Time Written: 20090618081535.000000+120
Event Type: warning
User: 

=====Application event log=====

Computer Name: SPARTA
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5750
Source Name: Application Hang
Time Written: 20090514125949.000000+120
Event Type: error
User: 

Computer Name: SPARTA
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16827, faulting module mshtml.dll, version 7.0.6000.16825, fault address 0x000cb00b.

Record Number: 5645
Source Name: Application Error
Time Written: 20090510215748.000000+120
Event Type: error
User: 

Computer Name: SPARTA
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16827, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5591
Source Name: Application Hang
Time Written: 20090508224948.000000+120
Event Type: error
User: 

Computer Name: SPARTA
Event Code: 1002
Message: Hanging application javaw.exe, version 6.0.40.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5374
Source Name: Application Hang
Time Written: 20090427210046.000000+120
Event Type: error
User: 

Computer Name: SPARTA
Event Code: 1002
Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5315
Source Name: Application Hang
Time Written: 20090426104338.000000+120
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
         
__________________

Alt 10.07.2009, 15:34   #4
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



hier der log.txt

Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by user1 at 2009-07-10 14:17:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (55%) free of 30 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:00, on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\user1\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 

*.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program 

Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program 

Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program 

Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program 

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 

Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program 

Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program 

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - 

C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program 

Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program 

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program 

Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program 

Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program 

Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program 

Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE 

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] 

C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program 

Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [swg] C:\Program 

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" 

/background
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 

2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital 

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop 

Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - 

res://F:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 

Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 

C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program 

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - 

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program 

Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - 

{5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet 

Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program 

Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program 

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network 

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} 

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - 

http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - 

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program 

Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common 

Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program 

Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - 

Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - 

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program 

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b5b2fed99bd0) (gupdate1c9b5b2fed99bd0) - 

Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program 

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - 

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program 

Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMSAccessU - Unknown owner - e:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - 

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program 

Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11382 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web 

Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll 

[2007-03-17 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll 

[2009-06-04 1541416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search 

Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows 

Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll 

[2009-06-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program 

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-05 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google 

Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 

1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll 

[2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - G:\Program Files\Adobe\/Adobe 

Contribute CS3/contributeieplugin.dll [2007-03-17 118784]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows 

Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google 

Toolbar\GoogleToolbar.dll [2009-06-11 259696]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program 

Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 

61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-08 716800]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-07 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-07 81920]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-21 

1884160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 

54840]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-03-19 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe 

[2009-02-23 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 

68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - F:\Program Files\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\user1\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - 

C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop 

Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic

y\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220

19"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program 

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue 

CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue 

CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe"="C:\Program 

Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe"="C:\Program 

Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet 

Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla 

Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows 

Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows 

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows 

Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program 

Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Soulseek\slsk.exe"="D:\Program 

Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"F:\Program Files\Phone\Skype.exe"="F:\Program Files\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic

y\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220

19"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows 

Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows 

Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows 

Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital 

Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
         

Alt 10.07.2009, 15:35   #5
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



und teil 2

Code:
ATTFilter
======File associations======

.js - open - "G:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-10 14:17:59 ----D---- C:\rsit
2009-07-10 14:17:30 ----D---- C:\Program Files\Navilog1
2009-07-07 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-07 14:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-07 04:58:00 ----D---- C:\Documents and Settings\user1\Application Data\Windows 

Search
2009-07-06 21:35:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-07-06 21:35:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-06 21:35:10 ----D---- C:\Documents and Settings\user1\Application Data\Windows 

Desktop Search
2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-06 21:34:02 ----D---- C:\Program Files\Windows Desktop Search
2009-07-06 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-06 21:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-06 21:30:45 ----D---- C:\WINDOWS\system32\URTTEMP
2009-07-05 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\id 

Software
2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files\Skype
2009-06-27 07:27:26 ----D---- C:\Documents and Settings\All Users\Application 

Data\SecTaskMan
2009-06-27 07:27:23 ----D---- C:\Program Files\Security Task Manager
2009-06-26 11:37:39 ----A---- C:\WINDOWS\bdagent.INI
2009-06-26 09:16:38 ----D---- C:\Documents and Settings\user1\Application Data\BitDefender
2009-06-26 09:16:12 ----D---- C:\Program Files\BitDefender
2009-06-26 09:16:12 ----D---- C:\Documents and Settings\All Users\Application 

Data\BitDefender
2009-06-26 09:09:50 ----D---- C:\Program Files\Common Files\BitDefender
2009-06-25 22:54:06 ----D---- C:\Program Files\MSXML 4.0
2009-06-24 23:33:16 ----D---- C:\Documents and Settings\All Users\Application 

Data\HPSSUPPLY
2009-06-24 19:04:45 ----D---- C:\Documents and Settings\user1\Application Data\HPAppData
2009-06-24 18:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2009-06-24 18:41:56 ----D---- C:\Documents and Settings\User1\Application Data\HP
2009-06-24 18:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\HP 

Product Assistant
2009-06-24 18:23:34 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-06-24 18:23:18 ----D---- C:\WINDOWS\hpoj6500e709
2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwwiax5.dll
2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwtiop4.dll
2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2009-06-24 18:20:45 ----D---- C:\Program Files\Common Files\HP
2009-06-24 18:20:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-06-24 18:20:41 ----D---- C:\Program Files\Hewlett-Packard
2009-06-24 18:19:37 ----D---- C:\Program Files\HP
2009-06-24 18:19:10 ----HD---- C:\Config.Msi
2009-06-24 18:16:38 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-06-24 18:16:38 ----A---- C:\WINDOWS\system32\hpf3l082.dll
2009-06-24 18:16:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-24 18:16:17 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-06-24 18:16:16 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2009-06-11 05:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 05:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 05:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 05:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-10 14:18:01 ----D---- C:\WINDOWS\Prefetch
2009-07-10 14:17:30 ----RD---- C:\Program Files
2009-07-10 14:10:56 ----D---- C:\WINDOWS\Temp
2009-07-10 14:10:56 ----D---- C:\WINDOWS\system32
2009-07-10 12:59:33 ----D---- C:\Program Files\Mozilla Firefox
2009-07-10 12:01:33 ----D---- C:\WINDOWS\Debug
2009-07-10 12:01:33 ----D---- C:\WINDOWS
2009-07-10 10:45:41 ----A---- C:\WINDOWS\win.ini
2009-07-10 09:58:28 ----SD---- C:\WINDOWS\Tasks
2009-07-10 09:58:19 ----D---- C:\Documents and Settings\user1\Application 

Data\OpenOffice.org2
2009-07-10 09:57:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-09 15:32:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google 

Updater
2009-07-08 21:41:12 ----SHD---- C:\WINDOWS\Installer
2009-07-07 14:01:58 ----HD---- C:\WINDOWS\inf
2009-07-07 14:01:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 14:01:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-07 14:01:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-07 14:00:02 ----D---- C:\WINDOWS\Registration
2009-07-07 13:59:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-07 05:20:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-07 05:20:26 ----RSD---- C:\WINDOWS\assembly
2009-07-06 22:31:02 ----D---- C:\WINDOWS\security
2009-07-06 21:35:49 ----D---- C:\Program Files\Microsoft
2009-07-06 21:34:28 ----SD---- C:\Documents and Settings\All Users\Application 

Data\Microsoft
2009-07-06 21:34:07 ----D---- C:\WINDOWS\system32\en-US
2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\wbem
2009-07-06 21:28:40 ----D---- C:\WINDOWS\WinSxS
2009-07-06 21:23:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-06 21:22:58 ----RSD---- C:\WINDOWS\Fonts
2009-07-06 21:16:48 ----D---- C:\Program Files\Internet Explorer
2009-07-06 18:53:18 ----SHD---- C:\System Volume Information
2009-07-06 18:53:18 ----D---- C:\WINDOWS\system32\Restore
2009-07-05 19:26:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-05 19:26:47 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-05 19:26:46 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-05 00:07:39 ----D---- C:\Documents and Settings\user1\Application Data\Skype
2009-07-05 00:06:50 ----D---- C:\Documents and Settings\user1\Application Data\skypePM
2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files
2009-07-04 07:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-03 09:16:28 ----D---- C:\Program Files\JSAS
2009-06-26 09:16:44 ----D---- C:\WINDOWS\system32\drivers
2009-06-26 09:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-24 18:22:10 ----D---- C:\WINDOWS\twain_32
2009-06-18 10:25:34 ----D---- C:\Documents and Settings\user1\Application Data\Adobe
2009-06-11 05:47:04 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 

4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender 

Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 

36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; 

C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 

127872]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; 

C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; 

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys 

[2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-07 7435648]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; 

C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-03-14 82048]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 

393088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; 

C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; 

C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; 

C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys 

[2007-07-09 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; 

C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; 

C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat 

Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat 

Scanner\trufos.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys 

[2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys 

[2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 

26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; 

C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; 

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 

4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program 

Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application 

Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 

14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common 

Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-24 415024]
R2 NMSAccessU;NMSAccessU; e:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-07 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-05 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-05 107832]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 

[2009-05-19 240512]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 

2009\vsserv.exe [2009-03-27 1626112]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft 

Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9b5b2fed99bd0;Google Update Service (gupdate1c9b5b2fed99bd0); C:\Program 

Files\Google\Update\GoogleUpdate.exe [2009-04-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google 

Updater\GoogleUpdaterService.exe [2009-04-05 183280]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe 

Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-21 153792]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common 

Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;ASP.NET State Service; 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common 

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; 

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common 

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication 

Foundation\infocard.exe [2008-07-29 881664]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows 

Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; 

C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; 

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 

[2008-07-29 132096]

-----------------EOF-----------------
         


Alt 10.07.2009, 18:54   #6
Larusso
/// Selecta Jahrusso
 
Trojaner gefunden - Standard

Trojaner gefunden





1.
Was wurde wo wann gefunden?

2.
Poste mir wenn noch vorhanden den inhalt von C:\cleannavi.txt

3.
Führe Malwarebytes wie beschrieben aus und poste das Logfile

4.
Lösche unter C:\RSIT\ die info.txt und die log.txt
starte danach die rsit.exe nocheinmal und poste nur die log.txt
__________________
--> Trojaner gefunden

Alt 11.07.2009, 20:57   #7
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



Hallo Gentlman

Danke für deine Begruessung

Zu 1)

Der Trojaner der gefunden wurde ist Trojan.Feutel.AV und das am 03.07 auf den Laufwerk F:\system volume Information\_restore{xxxxx-xxxx-xxxxx-xxxxx-xxxx-xxxx}\rp6\A0016696.exe

die A00.exe war zwei mal vorhanden mit nur einer anderen zahl am ende

Auch unter den Gleichen Platz sind mir fremde Einträge die alphabetisch geordnet sind um einen Umfang von ca. 1200 Stück haben. Alle Passwortgeschuetzt
Hier paar Beispiele


F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]2200AD.EXE


F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BANNER.EXE



F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Zip-it.exe

Ich kann auch die volle liste mal posten falls Interesse vorhanden.

Wie gesagt ich habe darauf System restore ausgeschaltet und neu gestartet um es darauf wieder anzuschalten mit der Hoffnung das alle Einträge geloecht werden was aber nicht der Fall war.

Irgendwo habe ich gelesen das diese Exes noch immer ausgeführt werden können, stimmt das eigentlich?

Zu 2

den File habe ich nicht.

Zu 3

da ist nichts gefunden wurden

hier der Log

zu 4

hier der log

Log von Malwarebytes

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

11/07/2009 15:10:21
mbam-log-2009-07-11 (15-10-21).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 511749
Time elapsed: 4 hour(s), 30 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         
RSIT log part 1

Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by User1 at 2009-07-11 20:52:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (55%) free of 30 GB
Total RAM: 2047 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:40, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
e:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User1\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b5b2fed99bd0) (gupdate1c9b5b2fed99bd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMSAccessU - Unknown owner - e:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 12578 bytes
         

Geändert von neinnein (11.07.2009 um 21:28 Uhr)

Alt 11.07.2009, 21:03   #8
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



part 2

Code:
ATTFilter
======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-17 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - F:\Program Files\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-04 1541416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-05 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-17 118784]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-08 716800]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-07 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-07 81920]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-21 1884160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-03-19 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-08 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - F:\Program Files\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\User1\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe"="C:\Program Files\JSAS\http_root\usr\local\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe"="C:\Program Files\JSAS\http_root\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Soulseek\slsk.exe"="D:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"F:\Program Files\Phone\Skype.exe"="F:\Program Files\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
         

Alt 11.07.2009, 21:04   #9
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



part 3

Code:
ATTFilter
======File associations======

.js - open - "G:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-07-11 10:35:35 ----D---- C:\Documents and Settings\User1\Application Data\Malwarebytes
2009-07-11 10:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-11 10:35:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-10 14:27:10 ----A---- C:\cleannavi.txt
2009-07-10 14:17:59 ----D---- C:\rsit
2009-07-10 14:17:30 ----D---- C:\Program Files\Navilog1
2009-07-07 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-07 14:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-07 04:58:00 ----D---- C:\Documents and Settings\User1\Application Data\Windows Search
2009-07-06 21:35:29 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-07-06 21:35:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-06 21:35:10 ----D---- C:\Documents and Settings\User1\Application Data\Windows Desktop Search
2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-06 21:34:02 ----D---- C:\Program Files\Windows Desktop Search
2009-07-06 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-06 21:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-06 21:30:45 ----D---- C:\WINDOWS\system32\URTTEMP
2009-07-05 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\id Software
2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files\Skype
2009-06-27 07:27:26 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-06-27 07:27:23 ----D---- C:\Program Files\Security Task Manager
2009-06-26 11:37:39 ----A---- C:\WINDOWS\bdagent.INI
2009-06-26 09:16:38 ----D---- C:\Documents and Settings\User1\Application Data\BitDefender
2009-06-26 09:16:12 ----D---- C:\Program Files\BitDefender
2009-06-26 09:16:12 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-06-26 09:09:50 ----D---- C:\Program Files\Common Files\BitDefender
2009-06-25 22:54:06 ----D---- C:\Program Files\MSXML 4.0
2009-06-24 23:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2009-06-24 19:04:45 ----D---- C:\Documents and Settings\User1\Application Data\HPAppData
2009-06-24 18:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2009-06-24 18:41:56 ----D---- C:\Documents and Settings\User1\Application Data\HP
2009-06-24 18:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-06-24 18:23:34 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-06-24 18:23:18 ----D---- C:\WINDOWS\hpoj6500e709
2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwwiax5.dll
2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpwtiop4.dll
2009-06-24 18:22:04 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2009-06-24 18:20:45 ----D---- C:\Program Files\Common Files\HP
2009-06-24 18:20:42 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-06-24 18:20:41 ----D---- C:\Program Files\Hewlett-Packard
2009-06-24 18:19:37 ----D---- C:\Program Files\HP
2009-06-24 18:19:10 ----HD---- C:\Config.Msi
2009-06-24 18:16:38 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-06-24 18:16:38 ----A---- C:\WINDOWS\system32\hpf3l082.dll
2009-06-24 18:16:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-24 18:16:17 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-06-24 18:16:16 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2009-06-11 05:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 05:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 05:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 05:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-05 22:12:59 ----D---- C:\Documents and Settings\User1\Application Data\WinRAR
2009-06-05 22:12:52 ----D---- C:\Program Files\WinRAR
2009-06-05 22:07:05 ----D---- C:\Documents and Settings\User1\Application Data\Uniblue
2009-05-30 20:20:50 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-05-26 15:10:32 ----D---- C:\Documents and Settings\All Users\Application Data\hps
2009-04-30 04:08:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-04-18 06:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-18 06:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-18 06:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-18 06:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-18 06:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-18 06:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-17 07:13:16 ----N---- C:\WINDOWS\system32\xpsp4res.dll

======List of files/folders modified in the last 3 months======

2009-07-11 20:52:40 ----D---- C:\WINDOWS\Prefetch
2009-07-11 20:03:31 ----D---- C:\WINDOWS\Temp
2009-07-11 18:04:15 ----SD---- C:\WINDOWS\Tasks
2009-07-11 18:04:15 ----D---- C:\WINDOWS\system32
2009-07-11 18:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-11 14:52:17 ----D---- C:\Program Files\Mozilla Firefox
2009-07-11 10:35:30 ----D---- C:\WINDOWS\system32\drivers
2009-07-11 10:35:28 ----RD---- C:\Program Files
2009-07-11 06:55:50 ----D---- C:\Documents and Settings\User1\Application Data\OpenOffice.org2
2009-07-11 06:30:56 ----A---- C:\WINDOWS\win.ini
2009-07-11 06:28:59 ----D---- C:\WINDOWS
2009-07-10 23:54:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-10 12:01:33 ----D---- C:\WINDOWS\Debug
2009-07-08 21:41:12 ----SHD---- C:\WINDOWS\Installer
2009-07-07 14:01:58 ----HD---- C:\WINDOWS\inf
2009-07-07 14:01:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 14:01:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-07 14:01:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-07 14:00:02 ----D---- C:\WINDOWS\Registration
2009-07-07 13:59:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-07 05:20:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-07 05:20:26 ----RSD---- C:\WINDOWS\assembly
2009-07-06 22:31:02 ----D---- C:\WINDOWS\security
2009-07-06 21:35:49 ----D---- C:\Program Files\Microsoft
2009-07-06 21:34:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-06 21:34:07 ----D---- C:\WINDOWS\system32\en-US
2009-07-06 21:34:02 ----D---- C:\WINDOWS\system32\wbem
2009-07-06 21:28:40 ----D---- C:\WINDOWS\WinSxS
2009-07-06 21:23:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-06 21:22:58 ----RSD---- C:\WINDOWS\Fonts
2009-07-06 21:16:48 ----D---- C:\Program Files\Internet Explorer
2009-07-06 18:53:18 ----SHD---- C:\System Volume Information
2009-07-06 18:53:18 ----D---- C:\WINDOWS\system32\Restore
2009-07-05 19:26:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-05 19:26:47 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-05 19:26:46 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-05 00:07:39 ----D---- C:\Documents and Settings\user1\Application Data\Skype
2009-07-05 00:06:50 ----D---- C:\Documents and Settings\User1\Application Data\skypePM
2009-07-04 07:21:40 ----D---- C:\Program Files\Common Files
2009-07-04 07:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-03 09:16:28 ----D---- C:\Program Files\JSAS
2009-06-26 09:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-24 18:22:10 ----D---- C:\WINDOWS\twain_32
2009-06-18 10:25:34 ----D---- C:\Documents and Settings\User1\Application Data\Adobe
2009-06-11 05:47:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-25 00:24:06 ----N---- C:\WINDOWS\system32\mssph.dll
2009-05-23 18:05:12 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-05-19 19:32:04 ----D---- C:\Program Files\Google
2009-05-12 15:12:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-12 15:12:14 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-05-07 17:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-29 06:56:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 06:56:02 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 06:56:01 ----N---- C:\WINDOWS\system32\occache.dll
2009-04-29 06:56:01 ----N---- C:\WINDOWS\system32\mstime.dll
2009-04-29 06:56:01 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 06:56:01 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 06:56:01 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 06:56:00 ----N---- C:\WINDOWS\system32\msrating.dll
2009-04-29 06:56:00 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 06:56:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 06:55:58 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 06:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 06:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 06:55:57 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 06:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 06:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 06:55:56 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 06:55:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 06:55:55 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 06:55:55 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 11:05:56 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-28 11:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-04-18 08:08:35 ----D---- C:\WINDOWS\AppPatch
2009-04-15 16:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-02-12 104328]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-07 7435648]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-03-14 82048]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 catchme;catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-24 415024]
R2 NMSAccessU;NMSAccessU; e:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-07 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-05 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-05 107832]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-03-27 1626112]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S2 gupdate1c9b5b2fed99bd0;Google Update Service (gupdate1c9b5b2fed99bd0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 183280]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-21 153792]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
         

Alt 12.07.2009, 10:06   #10
Larusso
/// Selecta Jahrusso
 
Trojaner gefunden - Standard

Trojaner gefunden



So sehe ich jetzt nichts Schädliches
aber

Code:
ATTFilter
2009-07-10 14:27:10 ----A---- C:\cleannavi.txt
2009-07-10 14:17:59 ----D---- C:\rsit
2009-07-10 14:17:30 ----D---- C:\Program Files\Navilog1
2009-07-07 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
         
Wo wurde Navilog angefordert?
die cleannavi.txt würde ich gerne sehen

Ausserdem
sieh dir bitte einmal deine Software Liste an
Deinstalliere alles was Du nicht benötigst

Downloade dir bitte Java Update 14
Deinstalliere ausserdem
Navilog
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 4

Installiere nun Update 14

2.
Systemwiederherstellung deaktivieren
Starte den Rechner neu
Aktiviere nun die Systemwiederherstellung wieder

3.
Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

5.
Poste bitte eine neue HJT log
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 13.07.2009, 16:57   #11
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



Hallo Gentlman

Danke das du weiter dich mit meinen Fall beschäftigst.

Über Navilog habe ich in einen anderen Tread gelesen und ich dachte ich lass es mal durchtrennen
Ist jetzt deinstalliert und es wurde damit nichts gefunden.

Hier der log

habe einige sachen Deinstaliert bei vielen Sachen sind es Windows kram bei den ich nicht genau weis was ich davon eigentlich brauche und was nicht.

Daine java Sachen habe ich gemacht

2
Das mit der Systemwiederherstellung habe ich schon mal gemacht und jetzt wieder jedoch mit den gleichen Erfolg die Dateien unter F: system Volume Information sind noch immer da.

3

Ich konnte Kasperskt leider nicht starten
Ich akzeptiere die Bedingungen jedoch passiert nichts.
Ich schaue mir das noch mal an.
Habe aber ein erneuten scan mit BitDefender gemacht und den kann ich hier posten.
diese unentliche datei liste geht noch weiter das ist nur ein auszug.


Liebe Gruesse

NeinNein

Geändert von neinnein (13.07.2009 um 17:11 Uhr)

Alt 13.07.2009, 17:02   #12
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



BitDefender Log

Code:
ATTFilter
BitDefender Protokolldatei

Produkt: BitDefender Internet Security 2009
Version: BitDefender UIScanner v.12
Prüfaufgabe: Tiefe Systemprüfung
Protokoll Datum: 13/07/2009 17:40:46
Protokoll Pfad: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1247499646_1_02.xml

PrüfpfadPfad 0000: C:\
Pfad 0001: D:\
Pfad 0002: E:\
Pfad 0003: F:\
Pfad 0004: G:\
Pfad 0005: H:\
Pfad 0006: I:\
Pfad 0007: J:\
Pfad 0008: K:\

PrüfoptionenAuf Viren prüfen: Ja
Auf Adware prüfen: Ja
Auf Spyware prüfen: Ja
Auf Anwendungen prüfen: Ja
Auf Dialer prüfen: Ja
Auf Rootkits prüfen: Ja

Optionen zur Zielauswahl:Registry-Schlüssel überprüfen: Ja
Cookies überprüfen: Ja
Boot-Sektoren überprüfen: Ja
Speicher-Prozesse überprüfen: Ja
Archive prüfen: Ja
Laufzeitkomprimierung prüfen: Ja
E-Mails prüfen: Nein
Alle Dateien überprüfen: Ja
Heuristische Prüfung: Ja
Geprüfte Erweiterungen: 
Ausgeschlossene Erweiterungen: 

Ablauf für Ziel:Standardaktion, die bei einem Virenfund angewendet wird: Desinfiziert
Standardaktion für verdächtige Objekte: Keine
Standardaktion bei versteckten Objekten: Keine
Standardaktion bei verschlüsselten infizierten Objekten: Keine
Standardaktion bei verschlüsselten verdächtigen Objekten: Keine
Standardaktion für passwortgeschützte Objekte: Als nicht geprüft protokollieren

Zusammenfassung der PrüfungAnzahl der Virensignaturen: 3688363
Archiv Plug-Ins: 45
E-Mail Plug-Ins: 6
Scan Plug-Ins: 13
System Plug-Ins: 5
Entpackungs-Plug-Ins: 7

Gesamtübersicht der PrüfungGeprüfte Objekte: 1396252
Infizierte Objekte: 2
Verdächtige Objekte: 0
Geklärte Objekte: 1
Ungeklärte Objekte: 1311
Passwortgeschützte Objekte: 1310
Kennwortgeschützte Objekte : 0
Einzelne Viren gefunden: 2
Geprüfte Datenverzeichnisse: 35260
Geprüfte Boot-Sektoren: 13
Geprüfte Archive: 14300
Input-Output Fehler: 0
Prüfzeit: 03:38:52
Dateien pro Sekunde: 106

Zusammenfassung der geprüften ProzesseGeprüft: 50
Infiziert: 0

Überprüft die Systemregistrierung von WindowsGeprüft: 1010
Infiziert: 0

Übersicht der geprüften CookiesGeprüft: 72
Infiziert: 0

Verbleibende ProblemeObjekt Name Name der Bedrohung Abschluss Status 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0016630.exe=](ZIP Sfx s)=]crack.exe Trojan.Feutel.AV Infiziert (keine Aktion war möglich, Datei befand sich in einem Archiv) 


Gelöste ProblemeObjekt Name Name der Bedrohung Abschluss Status 
[System]=]C:\Documents and Settings\User1\Cookies\user1@atdmt[2].txt Cookie.ATDMT Gelöscht
         

Alt 13.07.2009, 17:07   #13
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



Code:
ATTFilter
Nicht zu prüfende ObjekteObjekt Name Grund Abschluss Status 
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi=](Embedded CAB)=]internallist.zip=]internalList.dat Passwortgeschützt Nicht geprüft 
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi=](Embedded CAB)=]internallist.zip=]info.enc Passwortgeschützt Nicht geprüft 
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{49AD8D2A-1643-458B-9EE7-7C091FDE10A5}\AVG_IDS_setup.msi=](Embedded CAB)=]internallist.zip=]v=232;l=EN_US;t=2 Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]WPWIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]123.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]1942.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]2200AD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DFX.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DHOME.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DLAND.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]3DMARK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]A.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]A2W.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]A5.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AB3.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ABC.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Abcflow.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACCUSET.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACDSEE32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACLT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACME.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACRODIST.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Acroexch.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]acrord32.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACROREAD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACROUK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Act.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ACTPMNT.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Actwin2.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AD_NET.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADAPTER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADDDEPTH.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADDRBOOK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADMIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADOBE GAMMA LOADER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADOBEREG32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ADVANTGE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Adw30.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Agds16.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Agent.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Agent95.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AHD3.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AHD4.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Ai41.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AIRMOS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ALMANAC.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ALMANC32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ALUNSER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMIFM.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Amipro.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMS4.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AMW4.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANGEL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANNOUNCE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ANYCLEAN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOLPHX.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOLTRAY.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AOLUNINS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPARCHV.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPCLEAN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPDEL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPLETVIEWER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPMOVE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPROACH.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APPTPORT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]APSTUDIO.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Arcbkup.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARCHIVER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARDIAL32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARTGALRY.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ART-SCAN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARTSHOW4.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ARUPLD32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASAP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASBROWSE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Ascend50.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASPELL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ASTEROID.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]ATMCNTRL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Atmfm.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTMANIA.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTO.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTOSTRT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AUTOXL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AVCONSOL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWEDIT32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWGATE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWHOST32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWONL32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWRAS32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]AWREM32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]B17.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BAB.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKIT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKLOG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKTRAC.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BACKWEB.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BAILEY.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BALDUR.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BANNER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BASH1.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BATHROOM.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BATTLE2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BC4000.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BCC.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BCR.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BD40.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Beast.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BGH2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BGHCFG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BIBLE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BIGGAME.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BILLMIND.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BINDER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BIZFORMS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BLOODNET.COM Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BODY3WIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BOOKMARK.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BPBOX.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BRAVO.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BRIDGE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BS9532.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BTNMENU.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BUD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]BYLEAVE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]C&c.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]C7.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]C86.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Cafe.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CANVAS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAPEZE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAPPRO32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAPTURE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CARMEN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CASINO21.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CAW2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CBW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCHAT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCMAIL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCPLUS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCREGMOD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCRITTER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CCWIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CDISSS.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CENTRAL.EXE Passwortgeschützt Nicht geprüft
         

Alt 13.07.2009, 17:10   #14
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



Code:
ATTFilter
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CERTCONS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CF_ENG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CFSCONV.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CG16EH.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CG32EH.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CGMAIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CGMENU.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CGW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHANGER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHEM.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHEMDRAW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHESS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHEXNOW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHKVXD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHMAGENT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CHOMP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CIV.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CKANLYST.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CKRUN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CKRUN.PIF Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLARION3.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLIKAPP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLINK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLIPPER.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CLNSWEEP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CM4000.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMAGENT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMAPPFRM.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMDLAGNT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CMUSRPFL.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CNFNOT32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CNNTC94.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COM32UPD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COMBATFS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COMCTL32.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COMPAT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Conf.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CONQUEST.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CONVDSN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Convert.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]COPYDEFS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Coreldrw.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CORELFLW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CORELGAL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CORELPNT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPAV.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPRTST16.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPRTST32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPTEST16.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CPTEST32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CRAYONS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CROSSWD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CRWACC20.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CS32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSALLOC4.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSALLOC5.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSAPPL.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSAUTOEX.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSBROWSE.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCDROM.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCLOCK.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCMPORT.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSCONFIG.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSDSPLY.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSFDC.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSFLDRV.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSFS.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSGAME.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSHDC.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSHOP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSHRDRV.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSINET.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSINI.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSKEYBRD.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSLOGPRB.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSLPPORT.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMEMORY.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMODEM.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMONITR.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSMOUSE.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNET.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETCLI.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETIC.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETSVC.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSNETTRN.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSPRINT.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSREG.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSSOUND.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSUNDO.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSWIN95.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CSWINCMD.OCX Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUBIC.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUNEI.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUPWIN5.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Custom.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CUTFTP32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]CW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]D3EDIT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DARKLAND.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Dash.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DATALNK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DATASAFE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DAZZLE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DB32W.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DBASE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Dbasewin.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DC3.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DCOMP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DCW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DCWIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DD.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DD3.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DDAY.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DECK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DECO4.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DEER HUNTER 2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DELREMOV.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DEMO32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DESCENT 3.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DETROIT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DGPRO35.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DHWIN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Diablo.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIE16.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIE32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIGDUG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIGIMORF.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DINOPARK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DINOSAUR.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIRECT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Director.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DISKEDIT.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DISKEDIT.PIF Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DIVIL.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DMS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DMW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DN1.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOCTOR.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOOM2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DOS4GW.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DP.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]Draw.exe Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRBOOK.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRDAN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRIVELTR.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRUG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DRVMAP9X.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DS40.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DSPLDR.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DST_SUNS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DSUN.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTIMEINI.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTO2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTO2_95.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DTORG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DUNE2.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DUNE2000.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DUNEPRG.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DV32.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DWEAS.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNA.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNODEX.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNONOTE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]DYNOPAGE.EXE Passwortgeschützt Nicht geprüft 
F:\System Volume Information\_restore{C3679AE0-423B-4F58-B9A3-4B48A78A4301}\RP6\A0015269.cfg=]EAP.EXE Passwortgeschützt Nicht geprüft
         

Alt 13.07.2009, 18:52   #15
neinnein
 
Trojaner gefunden - Standard

Trojaner gefunden



Code:
ATTFilter
Fix Navipromo version 4.0.0 began on 10/07/2009 at 14:27:10.17

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!

Fix running from C:\Program Files\navilog1

Updated on 19.06.2009 at 20h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user1 ( Administrator )
BOOT : Normal boot

Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall  : BitDefender Firewall 12.0 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (Local Disk) - NTFS - Total:29 Go (Free:26 Go)
F:\ (Local Disk) - NTFS - Total:38 Go (Free:18 Go)
G:\ (Local Disk) - NTFS - Total:38 Go (Free:18 Go)
H:\ (Local Disk) - NTFS - Total:27 Go (Free:19 Go)
I:\ (Local Disk) - NTFS - Total:97 Go (Free:97 Go)
J:\ (Local Disk) - NTFS - Total:105 Go (Free:76 Go)
K:\ (Local Disk) - NTFS - Total:44 Go (Free:6 Go)
L:\ (CD or DVD)


Search done in normal mode


No Infection Navipromo/Egdaccess Found



*** Scan completed the 10/07/2009 at 14:32:12.28 ***
         

Antwort

Themen zu Trojaner gefunden
add-on, adobe, bho, bonjour, cdburnerxp, computer, defender, desktop, excel, firefox, google, google update, gupdate, helper, hijack, hijackthis, internet, internet explorer, maßnahme, mozilla, object, rundll, scan, server, shortcut, software, system, toolbars, trojaner, trojaner gefunden, virus, windows, windows xp




Ähnliche Themen: Trojaner gefunden


  1. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  2. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  3. wigon.PB Trojaner und PSW.Agent.NUS Trojaner von ESET im Arbeitsspeicher gefunden
    Log-Analyse und Auswertung - 27.02.2013 (16)
  4. Trojaner gefunden, was tun?
    Log-Analyse und Auswertung - 28.01.2013 (14)
  5. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  6. Trojaner gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (7)
  7. CPU Auslastung bei 100 % / Spiele ruckeln/ Viren und Trojaner gefunden ( Trojaner TR/Ramson.EJ.18..)
    Log-Analyse und Auswertung - 09.02.2012 (28)
  8. Trojaner gefunden - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (19)
  9. Trojaner Gefunden
    Log-Analyse und Auswertung - 12.04.2011 (25)
  10. Trojaner/ZbotR.Gen und Trojaner/Trash.Gen auf Pc gefunden!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (10)
  11. Trojaner gefunden-was nun?
    Log-Analyse und Auswertung - 18.01.2011 (4)
  12. Trojaner gefunden
    Log-Analyse und Auswertung - 11.08.2010 (17)
  13. Trojaner 'TR/Crypt.XPACK.Gen' gefunden, Sorge um weitere Trojaner
    Log-Analyse und Auswertung - 28.09.2008 (0)
  14. trojaner gefunden!!!!!!
    Mülltonne - 30.06.2008 (0)
  15. Trojaner gefunden was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2008 (25)
  16. Trojaner gefunden
    Log-Analyse und Auswertung - 18.09.2005 (6)
  17. Trojaner gefunden
    Log-Analyse und Auswertung - 01.05.2005 (12)

Zum Thema Trojaner gefunden - hallo allerseits Ich habe glaube ich schon länger Probleme mit meinen Rechner die darauf hinwiesen das mein Rechner Infiziert war jedoch hatten Virenscanner oder Auswertung der logs nichts erkennen lassen. - Trojaner gefunden...
Archiv
Du betrachtest: Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.