| |
| |||||||
Log-Analyse und Auswertung: Virus/Trojaner oder von allem etwas?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.08.2009, 00:01
| #61 |
 |  Virus/Trojaner oder von allem etwas? c:\bases_x\AVCBack\plugins\emalware.i81 c:\bases_x\AVCBack\plugins\emalware.i82 c:\bases_x\AVCBack\plugins\emalware.i83 c:\bases_x\AVCBack\plugins\emalware.i84 c:\bases_x\AVCBack\plugins\emalware.i85 c:\bases_x\AVCBack\plugins\emalware.i86 c:\bases_x\AVCBack\plugins\emalware.i87 c:\bases_x\AVCBack\plugins\emalware.i88 c:\bases_x\AVCBack\plugins\emalware.i89 c:\bases_x\AVCBack\plugins\emalware.i90 c:\bases_x\AVCBack\plugins\emalware.i91 c:\bases_x\AVCBack\plugins\emalware.i92 c:\bases_x\AVCBack\plugins\emalware.i93 c:\bases_x\AVCBack\plugins\emalware.i94 c:\bases_x\AVCBack\plugins\emalware.i95 c:\bases_x\AVCBack\plugins\emalware.i96 c:\bases_x\AVCBack\plugins\emalware.i97 c:\bases_x\AVCBack\plugins\emalware.i98 c:\bases_x\AVCBack\plugins\emalware.i99 c:\bases_x\AVCBack\plugins\emalware.ivd c:\bases_x\AVCBack\plugins\epoc.xmd c:\bases_x\AVCBack\plugins\gvmscripts.cvd c:\bases_x\AVCBack\plugins\gzip.xmd c:\bases_x\AVCBack\plugins\ha.xmd c:\bases_x\AVCBack\plugins\hlp.xmd c:\bases_x\AVCBack\plugins\hpe.cvd c:\bases_x\AVCBack\plugins\hqx.xmd c:\bases_x\AVCBack\plugins\html.xmd c:\bases_x\AVCBack\plugins\imp.xmd c:\bases_x\AVCBack\plugins\inno.xmd c:\bases_x\AVCBack\plugins\instyler.xmd c:\bases_x\AVCBack\plugins\iso.xmd c:\bases_x\AVCBack\plugins\java.cvd c:\bases_x\AVCBack\plugins\java.xmd c:\bases_x\AVCBack\plugins\jpeg.xmd c:\bases_x\AVCBack\plugins\lha.xmd c:\bases_x\AVCBack\plugins\lnk.xmd c:\bases_x\AVCBack\plugins\mbox.xmd c:\bases_x\AVCBack\plugins\mbx.xmd c:\bases_x\AVCBack\plugins\mdx.xmd c:\bases_x\AVCBack\plugins\mdx_97.cvd c:\bases_x\AVCBack\plugins\mdx_97.ivd c:\bases_x\AVCBack\plugins\mdx_w95.cvd c:\bases_x\AVCBack\plugins\mdx_x95.cvd c:\bases_x\AVCBack\plugins\mdx_xf.cvd c:\bases_x\AVCBack\plugins\mime.xmd c:\bases_x\AVCBack\plugins\mobmalware.cvd c:\bases_x\AVCBack\plugins\mobmalware.xmd c:\bases_x\AVCBack\plugins\mso.xmd c:\bases_x\AVCBack\plugins\na.cvd c:\bases_x\AVCBack\plugins\nelf.cvd c:\bases_x\AVCBack\plugins\nelf.xmd c:\bases_x\AVCBack\plugins\nsis.xmd c:\bases_x\AVCBack\plugins\objd.xmd c:\bases_x\AVCBack\plugins\orice.rvd c:\bases_x\AVCBack\plugins\pdf.xmd c:\bases_x\AVCBack\plugins\proc.xmd c:\bases_x\AVCBack\plugins\pst.xmd c:\bases_x\AVCBack\plugins\rar.xmd c:\bases_x\AVCBack\plugins\regarch.cvd c:\bases_x\AVCBack\plugins\regarch.xmd c:\bases_x\AVCBack\plugins\regscan.cvd c:\bases_x\AVCBack\plugins\regscan.xmd c:\bases_x\AVCBack\plugins\rpm.xmd c:\bases_x\AVCBack\plugins\rtf.xmd c:\bases_x\AVCBack\plugins\rup.cvd c:\bases_x\AVCBack\plugins\rup.xmd c:\bases_x\AVCBack\plugins\sdx.cvd c:\bases_x\AVCBack\plugins\sdx.ivd c:\bases_x\AVCBack\plugins\sdx.xmd c:\bases_x\AVCBack\plugins\sfx.xmd c:\bases_x\AVCBack\plugins\swf.xmd c:\bases_x\AVCBack\plugins\tar.xmd c:\bases_x\AVCBack\plugins\td0.xmd c:\bases_x\AVCBack\plugins\thebat.xmd c:\bases_x\AVCBack\plugins\tnef.xmd c:\bases_x\AVCBack\plugins\uif.xmd c:\bases_x\AVCBack\plugins\unpack.cvd c:\bases_x\AVCBack\plugins\unpack.ivd c:\bases_x\AVCBack\plugins\unpack.xmd c:\bases_x\AVCBack\plugins\update.txt c:\bases_x\AVCBack\plugins\uudecode.xmd c:\bases_x\AVCBack\plugins\ve.cvd c:\bases_x\AVCBack\plugins\ve.ivd c:\bases_x\AVCBack\plugins\ve.xmd c:\bases_x\AVCBack\plugins\vedata.cvd c:\bases_x\AVCBack\plugins\viza.xmd c:\bases_x\AVCBack\plugins\wise.xmd c:\bases_x\AVCBack\plugins\xar.xmd c:\bases_x\AVCBack\plugins\xcookies.xmd c:\bases_x\AVCBack\plugins\xishield.xmd c:\bases_x\AVCBack\plugins\xlmrd.cvd c:\bases_x\AVCBack\plugins\xlmrd.ivd c:\bases_x\AVCBack\plugins\z.xmd c:\bases_x\AVCBack\plugins\zip.xmd c:\bases_x\AVCBack\plugins\zoo.xmd c:\bases_x\AVCBack\prLoader.dll c:\bases_x\AVCBack\red32.dll c:\bases_x\AVCBack\reload.exe c:\bases_x\AVCBack\scan.dll c:\bases_x\AVCBack\ScanningProcess.exe c:\bases_x\AVCBack\setpriv.exe c:\bases_x\AVCBack\test2.exe c:\bases_x\AVCBack\unregx.exe c:\bases_x\AVCBack\viewtcp.exe c:\bases_x\avlib.ppl c:\bases_x\Avp1.ppl c:\bases_x\AVP3Info.ppl c:\bases_x\avpgs.ppl c:\bases_x\AvpMgr.ppl c:\bases_x\avs.ppl c:\bases_x\avspm.ppl c:\bases_x\avxdisk.dll c:\bases_x\Base64.ppl c:\bases_x\Base64P.ppl c:\bases_x\bdc.exe c:\bases_x\bdc.ini c:\bases_x\bdcore.dll c:\bases_x\bdfltlib.dll c:\bases_x\bdfltlib2k.dll c:\bases_x\bdupdateservice.dll c:\bases_x\bitmap1.bmp c:\bases_x\btdisk.ppl c:\bases_x\btimages.ppl c:\bases_x\buffer.ppl c:\bases_x\CAB.ppl c:\bases_x\Chinese.Age c:\bases_x\Chinese.con c:\bases_x\Chinese.dow c:\bases_x\Chinese.lic c:\bases_x\Chinese.tcp c:\bases_x\Chinese.win c:\bases_x\ChineseSimplified.con c:\bases_x\ChineseSimplified.dow c:\bases_x\ChineseSimplified.tcp c:\bases_x\clean.bat c:\bases_x\complete.avi c:\bases_x\ComStmIO.ppl c:\bases_x\config.lan c:\bases_x\cr.avs c:\bases_x\cr2.avs c:\bases_x\crpthlpr.ppl c:\bases_x\Czech.Age c:\bases_x\Czech.con c:\bases_x\Czech.dow c:\bases_x\Czech.lic c:\bases_x\Czech.tcp c:\bases_x\deflate.ppl c:\bases_x\DEVCON.EXE c:\bases_x\diff.ppl c:\bases_x\dmap.ppl c:\bases_x\download.exe c:\bases_x\Download.lan c:\bases_x\dtreg.ppl c:\bases_x\encdec.dll c:\bases_x\English.Age c:\bases_x\English.con c:\bases_x\English.dow c:\bases_x\English.lic c:\bases_x\English.tcp c:\bases_x\English.win c:\bases_x\erootdrv.sys c:\bases_x\esmain.avi c:\bases_x\esupd.ini c:\bases_x\esupdate.exe c:\bases_x\esupdate.log c:\bases_x\EUpdate.ini c:\bases_x\Explode.ppl c:\bases_x\farbuffer.ppl c:\bases_x\faristream.ppl c:\bases_x\filelist.lst c:\bases_x\Finnish.Age c:\bases_x\Finnish.con c:\bases_x\Finnish.dow c:\bases_x\Finnish.lic c:\bases_x\Finnish.tcp c:\bases_x\Finnish.win c:\bases_x\fmw.avs c:\bases_x\French.Age c:\bases_x\French.con c:\bases_x\French.dow c:\bases_x\French.lic c:\bases_x\French.tcp c:\bases_x\French.win c:\bases_x\FsDrvPlg.ppl c:\bases_x\FSSync.dll c:\bases_x\FtpTempF\cr.avs c:\bases_x\FtpTempF\httpsite.txt c:\bases_x\FtpTempF\iplist.ini c:\bases_x\FtpTempF\PHUPDN.TXT c:\bases_x\FtpTempF\phupdn.txz c:\bases_x\FtpTempF\remove.ini c:\bases_x\FtpTempF\spydb.avs c:\bases_x\FtpTempF\update.txt c:\bases_x\German.Age c:\bases_x\German.con c:\bases_x\German.dow c:\bases_x\German.lic c:\bases_x\German.tcp c:\bases_x\German.win c:\bases_x\Getvlist.exe c:\bases_x\global.dat c:\bases_x\global.daz c:\bases_x\HashCont.ppl c:\bases_x\HashMD5.PPL c:\bases_x\HCCMP.ppl c:\bases_x\httpsite.txt c:\bases_x\Icelandic.Age c:\bases_x\Icelandic.con c:\bases_x\Icelandic.dow c:\bases_x\Icelandic.lic c:\bases_x\Icelandic.tcp c:\bases_x\Icelandic.win c:\bases_x\ichk2.ppl c:\bases_x\iChkSA.ppl c:\bases_x\ikave.dll c:\bases_x\IMAPprtc.ppl c:\bases_x\Inflate.ppl c:\bases_x\IniFile.ppl c:\bases_x\ipc.dll c:\bases_x\iplist.ini c:\bases_x\Italian.Age c:\bases_x\Italian.con c:\bases_x\Italian.dow c:\bases_x\Italian.lic c:\bases_x\Italian.tcp c:\bases_x\Italian.win c:\bases_x\IUpdate.ini c:\bases_x\IWGen.ppl c:\bases_x\kave.dll c:\bases_x\kavvlg.dll c:\bases_x\keyid.dat c:\bases_x\klavsrch.ppl c:\bases_x\L_llio.ppl c:\bases_x\language.ini c:\bases_x\lha.ppl c:\bases_x\lic60.ppl c:\bases_x\license.txt c:\bases_x\LicMgr.ppl c:\bases_x\Log\Download.log c:\bases_x\MailDisp.ppl c:\bases_x\MailMsg.ppl c:\bases_x\main.avi c:\bases_x\mc.ppl c:\bases_x\mdb.ppl c:\bases_x\MDMAP.ppl c:\bases_x\MemModSc.ppl c:\bases_x\MemScan.ppl c:\bases_x\mexe.com c:\bases_x\Microsoft.VC80.CRT.manifest c:\bases_x\MicroWorld Toolkit Utility.txt c:\bases_x\minizip.ppl c:\bases_x\MKavIO.ppl c:\bases_x\msoe.ppl c:\bases_x\msvclnt.dll c:\bases_x\msvl64.dll c:\bases_x\msvlclnt.dll c:\bases_x\mwav.bmp c:\bases_x\mwav.ini c:\bases_x\MWAV.LOG c:\bases_x\MWAVC.LOG c:\bases_x\MWAVDB.LOG c:\bases_x\MWAVL.exe c:\bases_x\MWAVReg.EXE c:\bases_x\MWAVSCAN.COM c:\bases_x\mwunzip.dll c:\bases_x\mwXface.log c:\bases_x\ndetect.ppl c:\bases_x\nfio.ppl c:\bases_x\NNTPprtc.ppl c:\bases_x\NTFSstrm.ppl c:\bases_x\nvlist.avs c:\bases_x\oas.ppl c:\bases_x\ods.ppl c:\bases_x\og.ppl c:\bases_x\owl.avs c:\bases_x\params.ppl c:\bases_x\passdmap.ppl c:\bases_x\PDM.ppl c:\bases_x\pdm2rt.ppl c:\bases_x\phish.avs c:\bases_x\phupdn.txt c:\bases_x\phupdn.txz c:\bases_x\plugins.htm c:\bases_x\plugins\7zip.xmd c:\bases_x\plugins\access.xmd c:\bases_x\plugins\ace.xmd c:\bases_x\plugins\adsntfs.xmd c:\bases_x\plugins\alz.xmd c:\bases_x\plugins\arc.xmd c:\bases_x\plugins\arj.xmd c:\bases_x\plugins\aspy_emu.cvd c:\bases_x\plugins\bach.xmd c:\bases_x\plugins\boot.xmd c:\bases_x\plugins\bzip2.xmd c:\bases_x\plugins\cab.xmd c:\bases_x\plugins\ceva_dll.cvd c:\bases_x\plugins\ceva_emu.cvd c:\bases_x\plugins\ceva_vfs.cvd c:\bases_x\plugins\ceva_vfs.ivd c:\bases_x\plugins\cevakrnl.cvd c:\bases_x\plugins\cevakrnl.ivd c:\bases_x\plugins\cevakrnl.rv0 c:\bases_x\plugins\cevakrnl.rvd c:\bases_x\plugins\cevakrnl.xmd c:\bases_x\plugins\chm.xmd c:\bases_x\plugins\cookie.cvd c:\bases_x\plugins\cookie.xmd c:\bases_x\plugins\cpio.xmd c:\bases_x\plugins\cran.cvd c:\bases_x\plugins\cran.ivd c:\bases_x\plugins\dbx.xmd c:\bases_x\plugins\docfile.xmd c:\bases_x\plugins\dummyarch.xmd c:\bases_x\plugins\dummyscan.xmd c:\bases_x\plugins\e_spyw.cvd c:\bases_x\plugins\e_spyw.i01 c:\bases_x\plugins\e_spyw.i02 c:\bases_x\plugins\e_spyw.i03 c:\bases_x\plugins\e_spyw.i04 c:\bases_x\plugins\e_spyw.i05 c:\bases_x\plugins\e_spyw.i06 c:\bases_x\plugins\e_spyw.i07 c:\bases_x\plugins\e_spyw.i08 c:\bases_x\plugins\e_spyw.i09 c:\bases_x\plugins\e_spyw.i10 c:\bases_x\plugins\e_spyw.i11 c:\bases_x\plugins\e_spyw.i12 c:\bases_x\plugins\e_spyw.i13 c:\bases_x\plugins\e_spyw.i14 c:\bases_x\plugins\e_spyw.i15 c:\bases_x\plugins\e_spyw.i16 c:\bases_x\plugins\e_spyw.i17 c:\bases_x\plugins\e_spyw.i18 c:\bases_x\plugins\e_spyw.i19 c:\bases_x\plugins\e_spyw.i20 c:\bases_x\plugins\e_spyw.i21 c:\bases_x\plugins\e_spyw.i22 c:\bases_x\plugins\e_spyw.i23 c:\bases_x\plugins\e_spyw.i24 c:\bases_x\plugins\e_spyw.i25 c:\bases_x\plugins\e_spyw.i26 c:\bases_x\plugins\e_spyw.i27 c:\bases_x\plugins\e_spyw.i28 c:\bases_x\plugins\e_spyw.i29 c:\bases_x\plugins\e_spyw.i30 c:\bases_x\plugins\e_spyw.i31 c:\bases_x\plugins\e_spyw.i32 c:\bases_x\plugins\e_spyw.i33 c:\bases_x\plugins\e_spyw.i34 c:\bases_x\plugins\e_spyw.i35 c:\bases_x\plugins\e_spyw.i36 c:\bases_x\plugins\e_spyw.i37 c:\bases_x\plugins\e_spyw.i38 c:\bases_x\plugins\e_spyw.i39 c:\bases_x\plugins\e_spyw.i40 c:\bases_x\plugins\e_spyw.i41 c:\bases_x\plugins\e_spyw.i42 c:\bases_x\plugins\e_spyw.i43 c:\bases_x\plugins\e_spyw.i44 c:\bases_x\plugins\e_spyw.i45 c:\bases_x\plugins\e_spyw.i46 c:\bases_x\plugins\e_spyw.i47 c:\bases_x\plugins\e_spyw.i48 c:\bases_x\plugins\e_spyw.i49 c:\bases_x\plugins\e_spyw.ivd c:\bases_x\plugins\emalware.001 c:\bases_x\plugins\emalware.002 c:\bases_x\plugins\emalware.003 c:\bases_x\plugins\emalware.004 c:\bases_x\plugins\emalware.005 c:\bases_x\plugins\emalware.006 c:\bases_x\plugins\emalware.007 c:\bases_x\plugins\emalware.008 c:\bases_x\plugins\emalware.009 c:\bases_x\plugins\emalware.010 c:\bases_x\plugins\emalware.011 c:\bases_x\plugins\emalware.012 c:\bases_x\plugins\emalware.013 c:\bases_x\plugins\emalware.014 c:\bases_x\plugins\emalware.015 c:\bases_x\plugins\emalware.016 c:\bases_x\plugins\emalware.017 c:\bases_x\plugins\emalware.018 c:\bases_x\plugins\emalware.019 c:\bases_x\plugins\emalware.020 c:\bases_x\plugins\emalware.021 c:\bases_x\plugins\emalware.022 c:\bases_x\plugins\emalware.023 c:\bases_x\plugins\emalware.024 c:\bases_x\plugins\emalware.025 c:\bases_x\plugins\emalware.026 c:\bases_x\plugins\emalware.027 c:\bases_x\plugins\emalware.028 c:\bases_x\plugins\emalware.029 c:\bases_x\plugins\emalware.030 c:\bases_x\plugins\emalware.031 c:\bases_x\plugins\emalware.032 c:\bases_x\plugins\emalware.033 c:\bases_x\plugins\emalware.034 c:\bases_x\plugins\emalware.035 c:\bases_x\plugins\emalware.036 c:\bases_x\plugins\emalware.037 c:\bases_x\plugins\emalware.038 c:\bases_x\plugins\emalware.039 c:\bases_x\plugins\emalware.040 c:\bases_x\plugins\emalware.041 c:\bases_x\plugins\emalware.042 c:\bases_x\plugins\emalware.043 c:\bases_x\plugins\emalware.044 c:\bases_x\plugins\emalware.045 c:\bases_x\plugins\emalware.046 c:\bases_x\plugins\emalware.047 c:\bases_x\plugins\emalware.048 c:\bases_x\plugins\emalware.049 c:\bases_x\plugins\emalware.050 c:\bases_x\plugins\emalware.051 c:\bases_x\plugins\emalware.052 c:\bases_x\plugins\emalware.053 c:\bases_x\plugins\emalware.054 c:\bases_x\plugins\emalware.055 c:\bases_x\plugins\emalware.056 c:\bases_x\plugins\emalware.057 c:\bases_x\plugins\emalware.058 c:\bases_x\plugins\emalware.059 c:\bases_x\plugins\emalware.060 c:\bases_x\plugins\emalware.061 c:\bases_x\plugins\emalware.062 c:\bases_x\plugins\emalware.063 c:\bases_x\plugins\emalware.064 c:\bases_x\plugins\emalware.065 c:\bases_x\plugins\emalware.066 c:\bases_x\plugins\emalware.067 c:\bases_x\plugins\emalware.068 c:\bases_x\plugins\emalware.069 c:\bases_x\plugins\emalware.070 c:\bases_x\plugins\emalware.071 c:\bases_x\plugins\emalware.072 c:\bases_x\plugins\emalware.073 c:\bases_x\plugins\emalware.074 c:\bases_x\plugins\emalware.075 c:\bases_x\plugins\emalware.076 c:\bases_x\plugins\emalware.077 c:\bases_x\plugins\emalware.078 c:\bases_x\plugins\emalware.079 c:\bases_x\plugins\emalware.080 c:\bases_x\plugins\emalware.081 c:\bases_x\plugins\emalware.082 c:\bases_x\plugins\emalware.083 c:\bases_x\plugins\emalware.084 c:\bases_x\plugins\emalware.085 c:\bases_x\plugins\emalware.086 c:\bases_x\plugins\emalware.087 c:\bases_x\plugins\emalware.088 c:\bases_x\plugins\emalware.089 c:\bases_x\plugins\emalware.090 c:\bases_x\plugins\emalware.091 c:\bases_x\plugins\emalware.092 c:\bases_x\plugins\emalware.093 c:\bases_x\plugins\emalware.094 c:\bases_x\plugins\emalware.095 c:\bases_x\plugins\emalware.096 c:\bases_x\plugins\emalware.097 c:\bases_x\plugins\emalware.098 c:\bases_x\plugins\emalware.099 c:\bases_x\plugins\emalware.100 c:\bases_x\plugins\emalware.101 c:\bases_x\plugins\emalware.102 c:\bases_x\plugins\emalware.103 c:\bases_x\plugins\emalware.104 c:\bases_x\plugins\emalware.105 c:\bases_x\plugins\emalware.106 c:\bases_x\plugins\emalware.107 c:\bases_x\plugins\emalware.108 c:\bases_x\plugins\emalware.109 c:\bases_x\plugins\emalware.110 c:\bases_x\plugins\emalware.111 c:\bases_x\plugins\emalware.112 c:\bases_x\plugins\emalware.113 c:\bases_x\plugins\emalware.114 c:\bases_x\plugins\emalware.115 c:\bases_x\plugins\emalware.116 c:\bases_x\plugins\emalware.117 c:\bases_x\plugins\emalware.118 c:\bases_x\plugins\emalware.119 c:\bases_x\plugins\emalware.120 c:\bases_x\plugins\emalware.121 c:\bases_x\plugins\emalware.122 c:\bases_x\plugins\emalware.123 c:\bases_x\plugins\emalware.124 c:\bases_x\plugins\emalware.125 c:\bases_x\plugins\emalware.126 c:\bases_x\plugins\emalware.127 c:\bases_x\plugins\emalware.128 c:\bases_x\plugins\emalware.129 c:\bases_x\plugins\emalware.130 c:\bases_x\plugins\emalware.131 c:\bases_x\plugins\emalware.132 c:\bases_x\plugins\emalware.133 c:\bases_x\plugins\emalware.134 c:\bases_x\plugins\emalware.135 c:\bases_x\plugins\emalware.136 c:\bases_x\plugins\emalware.137 c:\bases_x\plugins\emalware.138 c:\bases_x\plugins\emalware.139 c:\bases_x\plugins\emalware.140 |
|
09.08.2009, 00:02
| #62 |
| | Virus/Trojaner oder von allem etwas? c:\bases_x\plugins\emalware.141
__________________c:\bases_x\plugins\emalware.142 c:\bases_x\plugins\emalware.143 c:\bases_x\plugins\emalware.144 c:\bases_x\plugins\emalware.145 c:\bases_x\plugins\emalware.146 c:\bases_x\plugins\emalware.147 c:\bases_x\plugins\emalware.148 c:\bases_x\plugins\emalware.149 c:\bases_x\plugins\emalware.150 c:\bases_x\plugins\emalware.151 c:\bases_x\plugins\emalware.152 c:\bases_x\plugins\emalware.153 c:\bases_x\plugins\emalware.154 c:\bases_x\plugins\emalware.155 c:\bases_x\plugins\emalware.156 c:\bases_x\plugins\emalware.157 c:\bases_x\plugins\emalware.158 c:\bases_x\plugins\emalware.159 c:\bases_x\plugins\emalware.160 c:\bases_x\plugins\emalware.161 c:\bases_x\plugins\emalware.162 c:\bases_x\plugins\emalware.163 c:\bases_x\plugins\emalware.164 c:\bases_x\plugins\emalware.165 c:\bases_x\plugins\emalware.166 c:\bases_x\plugins\emalware.167 c:\bases_x\plugins\emalware.168 c:\bases_x\plugins\emalware.169 c:\bases_x\plugins\emalware.170 c:\bases_x\plugins\emalware.171 c:\bases_x\plugins\emalware.172 c:\bases_x\plugins\emalware.173 c:\bases_x\plugins\emalware.174 c:\bases_x\plugins\emalware.175 c:\bases_x\plugins\emalware.176 c:\bases_x\plugins\emalware.177 c:\bases_x\plugins\emalware.178 c:\bases_x\plugins\emalware.179 c:\bases_x\plugins\emalware.180 c:\bases_x\plugins\emalware.181 c:\bases_x\plugins\emalware.182 c:\bases_x\plugins\emalware.183 c:\bases_x\plugins\emalware.184 c:\bases_x\plugins\emalware.185 c:\bases_x\plugins\emalware.186 c:\bases_x\plugins\emalware.187 c:\bases_x\plugins\emalware.188 c:\bases_x\plugins\emalware.189 c:\bases_x\plugins\emalware.190 c:\bases_x\plugins\emalware.191 c:\bases_x\plugins\emalware.192 c:\bases_x\plugins\emalware.193 c:\bases_x\plugins\emalware.194 c:\bases_x\plugins\emalware.195 c:\bases_x\plugins\emalware.196 c:\bases_x\plugins\emalware.197 c:\bases_x\plugins\emalware.198 c:\bases_x\plugins\emalware.199 c:\bases_x\plugins\emalware.200 c:\bases_x\plugins\emalware.201 c:\bases_x\plugins\emalware.202 c:\bases_x\plugins\emalware.203 c:\bases_x\plugins\emalware.204 c:\bases_x\plugins\emalware.205 c:\bases_x\plugins\emalware.206 c:\bases_x\plugins\emalware.207 c:\bases_x\plugins\emalware.208 c:\bases_x\plugins\emalware.209 c:\bases_x\plugins\emalware.210 c:\bases_x\plugins\emalware.211 c:\bases_x\plugins\emalware.212 c:\bases_x\plugins\emalware.213 c:\bases_x\plugins\emalware.214 c:\bases_x\plugins\emalware.215 c:\bases_x\plugins\emalware.216 c:\bases_x\plugins\emalware.217 c:\bases_x\plugins\emalware.218 c:\bases_x\plugins\emalware.219 c:\bases_x\plugins\emalware.220 c:\bases_x\plugins\emalware.221 c:\bases_x\plugins\emalware.222 c:\bases_x\plugins\emalware.223 c:\bases_x\plugins\emalware.224 c:\bases_x\plugins\emalware.225 c:\bases_x\plugins\emalware.226 c:\bases_x\plugins\emalware.227 c:\bases_x\plugins\emalware.228 c:\bases_x\plugins\emalware.229 c:\bases_x\plugins\emalware.230 c:\bases_x\plugins\emalware.231 c:\bases_x\plugins\emalware.232 c:\bases_x\plugins\emalware.233 c:\bases_x\plugins\emalware.234 c:\bases_x\plugins\emalware.235 c:\bases_x\plugins\emalware.236 c:\bases_x\plugins\emalware.237 c:\bases_x\plugins\emalware.238 c:\bases_x\plugins\emalware.239 c:\bases_x\plugins\emalware.240 c:\bases_x\plugins\emalware.241 c:\bases_x\plugins\emalware.242 c:\bases_x\plugins\emalware.243 c:\bases_x\plugins\emalware.244 c:\bases_x\plugins\emalware.245 c:\bases_x\plugins\emalware.246 c:\bases_x\plugins\emalware.247 c:\bases_x\plugins\emalware.248 c:\bases_x\plugins\emalware.249 c:\bases_x\plugins\emalware.250 c:\bases_x\plugins\emalware.251 c:\bases_x\plugins\emalware.252 c:\bases_x\plugins\emalware.253 c:\bases_x\plugins\emalware.254 c:\bases_x\plugins\emalware.255 c:\bases_x\plugins\emalware.256 c:\bases_x\plugins\emalware.257 c:\bases_x\plugins\emalware.258 c:\bases_x\plugins\emalware.259 c:\bases_x\plugins\emalware.260 c:\bases_x\plugins\emalware.261 c:\bases_x\plugins\emalware.262 c:\bases_x\plugins\emalware.263 c:\bases_x\plugins\emalware.264 c:\bases_x\plugins\emalware.265 c:\bases_x\plugins\emalware.266 c:\bases_x\plugins\emalware.267 c:\bases_x\plugins\emalware.268 c:\bases_x\plugins\emalware.269 c:\bases_x\plugins\emalware.270 c:\bases_x\plugins\emalware.271 c:\bases_x\plugins\emalware.272 c:\bases_x\plugins\emalware.273 c:\bases_x\plugins\emalware.274 c:\bases_x\plugins\emalware.275 c:\bases_x\plugins\emalware.276 c:\bases_x\plugins\emalware.277 c:\bases_x\plugins\emalware.278 c:\bases_x\plugins\emalware.279 c:\bases_x\plugins\emalware.280 c:\bases_x\plugins\emalware.281 c:\bases_x\plugins\emalware.282 c:\bases_x\plugins\emalware.283 c:\bases_x\plugins\emalware.284 c:\bases_x\plugins\emalware.285 c:\bases_x\plugins\emalware.286 c:\bases_x\plugins\emalware.287 c:\bases_x\plugins\emalware.288 c:\bases_x\plugins\emalware.289 c:\bases_x\plugins\emalware.290 c:\bases_x\plugins\emalware.291 c:\bases_x\plugins\emalware.292 c:\bases_x\plugins\emalware.293 c:\bases_x\plugins\emalware.294 c:\bases_x\plugins\emalware.295 c:\bases_x\plugins\emalware.296 c:\bases_x\plugins\emalware.297 c:\bases_x\plugins\emalware.298 c:\bases_x\plugins\emalware.299 c:\bases_x\plugins\emalware.300 c:\bases_x\plugins\emalware.301 c:\bases_x\plugins\emalware.302 c:\bases_x\plugins\emalware.303 c:\bases_x\plugins\emalware.304 c:\bases_x\plugins\emalware.305 c:\bases_x\plugins\emalware.306 c:\bases_x\plugins\emalware.307 c:\bases_x\plugins\emalware.308 c:\bases_x\plugins\emalware.309 c:\bases_x\plugins\emalware.310 c:\bases_x\plugins\emalware.311 c:\bases_x\plugins\emalware.312 c:\bases_x\plugins\emalware.313 c:\bases_x\plugins\emalware.314 c:\bases_x\plugins\emalware.315 c:\bases_x\plugins\emalware.316 c:\bases_x\plugins\emalware.317 c:\bases_x\plugins\emalware.318 c:\bases_x\plugins\emalware.319 c:\bases_x\plugins\emalware.320 c:\bases_x\plugins\emalware.321 c:\bases_x\plugins\emalware.322 c:\bases_x\plugins\emalware.323 c:\bases_x\plugins\emalware.324 c:\bases_x\plugins\emalware.325 c:\bases_x\plugins\emalware.326 c:\bases_x\plugins\emalware.327 c:\bases_x\plugins\emalware.328 c:\bases_x\plugins\emalware.329 c:\bases_x\plugins\emalware.330 c:\bases_x\plugins\emalware.331 c:\bases_x\plugins\emalware.332 c:\bases_x\plugins\emalware.333 c:\bases_x\plugins\emalware.334 c:\bases_x\plugins\emalware.335 c:\bases_x\plugins\emalware.336 c:\bases_x\plugins\emalware.337 c:\bases_x\plugins\emalware.338 c:\bases_x\plugins\emalware.339 c:\bases_x\plugins\emalware.340 c:\bases_x\plugins\emalware.341 c:\bases_x\plugins\emalware.342 c:\bases_x\plugins\emalware.343 c:\bases_x\plugins\emalware.344 c:\bases_x\plugins\emalware.345 c:\bases_x\plugins\emalware.346 c:\bases_x\plugins\emalware.347 c:\bases_x\plugins\emalware.348 c:\bases_x\plugins\emalware.349 c:\bases_x\plugins\emalware.350 c:\bases_x\plugins\emalware.351 c:\bases_x\plugins\emalware.352 c:\bases_x\plugins\emalware.353 c:\bases_x\plugins\emalware.354 c:\bases_x\plugins\emalware.355 c:\bases_x\plugins\emalware.356 c:\bases_x\plugins\emalware.357 c:\bases_x\plugins\emalware.358 c:\bases_x\plugins\emalware.359 c:\bases_x\plugins\emalware.360 c:\bases_x\plugins\emalware.361 c:\bases_x\plugins\emalware.362 c:\bases_x\plugins\emalware.363 c:\bases_x\plugins\emalware.364 c:\bases_x\plugins\emalware.365 c:\bases_x\plugins\emalware.366 c:\bases_x\plugins\emalware.367 c:\bases_x\plugins\emalware.368 c:\bases_x\plugins\emalware.369 c:\bases_x\plugins\emalware.c00 c:\bases_x\plugins\emalware.c01 c:\bases_x\plugins\emalware.c02 c:\bases_x\plugins\emalware.c03 c:\bases_x\plugins\emalware.c04 c:\bases_x\plugins\emalware.c05 c:\bases_x\plugins\emalware.c06 c:\bases_x\plugins\emalware.c07 c:\bases_x\plugins\emalware.c08 c:\bases_x\plugins\emalware.c09 c:\bases_x\plugins\emalware.c10 c:\bases_x\plugins\emalware.c11 c:\bases_x\plugins\emalware.cvd c:\bases_x\plugins\emalware.i01 c:\bases_x\plugins\emalware.i02 c:\bases_x\plugins\emalware.i03 c:\bases_x\plugins\emalware.i04 c:\bases_x\plugins\emalware.i05 c:\bases_x\plugins\emalware.i06 c:\bases_x\plugins\emalware.i07 c:\bases_x\plugins\emalware.i08 c:\bases_x\plugins\emalware.i09 c:\bases_x\plugins\emalware.i10 c:\bases_x\plugins\emalware.i11 c:\bases_x\plugins\emalware.i12 c:\bases_x\plugins\emalware.i13 c:\bases_x\plugins\emalware.i14 c:\bases_x\plugins\emalware.i15 c:\bases_x\plugins\emalware.i16 c:\bases_x\plugins\emalware.i17 c:\bases_x\plugins\emalware.i18 c:\bases_x\plugins\emalware.i19 c:\bases_x\plugins\emalware.i20 c:\bases_x\plugins\emalware.i21 c:\bases_x\plugins\emalware.i22 c:\bases_x\plugins\emalware.i23 c:\bases_x\plugins\emalware.i24 c:\bases_x\plugins\emalware.i25 c:\bases_x\plugins\emalware.i26 c:\bases_x\plugins\emalware.i27 c:\bases_x\plugins\emalware.i28 c:\bases_x\plugins\emalware.i29 c:\bases_x\plugins\emalware.i30 c:\bases_x\plugins\emalware.i31 c:\bases_x\plugins\emalware.i32 c:\bases_x\plugins\emalware.i33 c:\bases_x\plugins\emalware.i34 c:\bases_x\plugins\emalware.i35 c:\bases_x\plugins\emalware.i36 c:\bases_x\plugins\emalware.i37 c:\bases_x\plugins\emalware.i38 c:\bases_x\plugins\emalware.i39 c:\bases_x\plugins\emalware.i40 c:\bases_x\plugins\emalware.i41 c:\bases_x\plugins\emalware.i42 c:\bases_x\plugins\emalware.i43 c:\bases_x\plugins\emalware.i44 c:\bases_x\plugins\emalware.i45 c:\bases_x\plugins\emalware.i46 c:\bases_x\plugins\emalware.i47 c:\bases_x\plugins\emalware.i48 c:\bases_x\plugins\emalware.i49 c:\bases_x\plugins\emalware.i50 c:\bases_x\plugins\emalware.i51 c:\bases_x\plugins\emalware.i52 c:\bases_x\plugins\emalware.i53 c:\bases_x\plugins\emalware.i54 c:\bases_x\plugins\emalware.i55 c:\bases_x\plugins\emalware.i56 c:\bases_x\plugins\emalware.i57 c:\bases_x\plugins\emalware.i58 c:\bases_x\plugins\emalware.i59 c:\bases_x\plugins\emalware.i60 c:\bases_x\plugins\emalware.i61 c:\bases_x\plugins\emalware.i62 c:\bases_x\plugins\emalware.i63 c:\bases_x\plugins\emalware.i64 c:\bases_x\plugins\emalware.i65 c:\bases_x\plugins\emalware.i66 c:\bases_x\plugins\emalware.i67 c:\bases_x\plugins\emalware.i68 c:\bases_x\plugins\emalware.i69 c:\bases_x\plugins\emalware.i70 c:\bases_x\plugins\emalware.i71 c:\bases_x\plugins\emalware.i72 c:\bases_x\plugins\emalware.i73 c:\bases_x\plugins\emalware.i74 c:\bases_x\plugins\emalware.i75 c:\bases_x\plugins\emalware.i76 c:\bases_x\plugins\emalware.i77 c:\bases_x\plugins\emalware.i78 c:\bases_x\plugins\emalware.i79 c:\bases_x\plugins\emalware.i80 c:\bases_x\plugins\emalware.i81 c:\bases_x\plugins\emalware.i82 c:\bases_x\plugins\emalware.i83 c:\bases_x\plugins\emalware.i84 c:\bases_x\plugins\emalware.i85 c:\bases_x\plugins\emalware.i86 c:\bases_x\plugins\emalware.i87 c:\bases_x\plugins\emalware.i88 c:\bases_x\plugins\emalware.i89 c:\bases_x\plugins\emalware.i90 c:\bases_x\plugins\emalware.i91 c:\bases_x\plugins\emalware.i92 c:\bases_x\plugins\emalware.i93 c:\bases_x\plugins\emalware.i94 c:\bases_x\plugins\emalware.i95 c:\bases_x\plugins\emalware.i96 c:\bases_x\plugins\emalware.i97 c:\bases_x\plugins\emalware.i98 c:\bases_x\plugins\emalware.i99 c:\bases_x\plugins\emalware.ivd c:\bases_x\plugins\epoc.xmd c:\bases_x\plugins\gvmscripts.cvd c:\bases_x\plugins\gzip.xmd c:\bases_x\plugins\ha.xmd c:\bases_x\plugins\hlp.xmd c:\bases_x\plugins\hpe.cvd c:\bases_x\plugins\hqx.xmd c:\bases_x\plugins\html.xmd c:\bases_x\plugins\imp.xmd c:\bases_x\plugins\inno.xmd c:\bases_x\plugins\instyler.xmd c:\bases_x\plugins\iso.xmd c:\bases_x\plugins\java.cvd c:\bases_x\plugins\java.xmd c:\bases_x\plugins\jpeg.xmd c:\bases_x\plugins\lha.xmd c:\bases_x\plugins\lnk.xmd c:\bases_x\plugins\mbox.xmd c:\bases_x\plugins\mbx.xmd c:\bases_x\plugins\mdx.xmd c:\bases_x\plugins\mdx_97.cvd c:\bases_x\plugins\mdx_97.ivd c:\bases_x\plugins\mdx_w95.cvd c:\bases_x\plugins\mdx_x95.cvd c:\bases_x\plugins\mdx_xf.cvd c:\bases_x\plugins\mime.xmd c:\bases_x\plugins\mobmalware.cvd c:\bases_x\plugins\mobmalware.xmd c:\bases_x\plugins\mso.xmd c:\bases_x\plugins\na.cvd c:\bases_x\plugins\nelf.cvd c:\bases_x\plugins\nelf.xmd c:\bases_x\plugins\nsis.xmd c:\bases_x\plugins\objd.xmd c:\bases_x\plugins\orice.rvd c:\bases_x\plugins\pdf.xmd c:\bases_x\plugins\proc.xmd c:\bases_x\plugins\pst.xmd c:\bases_x\plugins\rar.xmd c:\bases_x\plugins\regarch.cvd c:\bases_x\plugins\regarch.xmd c:\bases_x\plugins\regscan.cvd c:\bases_x\plugins\regscan.xmd c:\bases_x\plugins\rpm.xmd c:\bases_x\plugins\rtf.xmd c:\bases_x\plugins\rup.cvd c:\bases_x\plugins\rup.xmd c:\bases_x\plugins\sdx.cvd c:\bases_x\plugins\sdx.ivd c:\bases_x\plugins\sdx.xmd c:\bases_x\plugins\sfx.xmd c:\bases_x\plugins\swf.xmd c:\bases_x\plugins\tar.xmd c:\bases_x\plugins\td0.xmd c:\bases_x\plugins\thebat.xmd c:\bases_x\plugins\tnef.xmd c:\bases_x\plugins\uif.xmd c:\bases_x\plugins\unpack.cvd c:\bases_x\plugins\unpack.ivd c:\bases_x\plugins\unpack.xmd c:\bases_x\plugins\update.txt c:\bases_x\plugins\uudecode.xmd c:\bases_x\plugins\ve.cvd c:\bases_x\plugins\ve.ivd c:\bases_x\plugins\ve.xmd c:\bases_x\plugins\vedata.cvd c:\bases_x\plugins\versions.dat c:\bases_x\plugins\viza.xmd c:\bases_x\plugins\wise.xmd c:\bases_x\plugins\xar.xmd c:\bases_x\plugins\xcookies.xmd c:\bases_x\plugins\xishield.xmd c:\bases_x\plugins\xlmrd.cvd c:\bases_x\plugins\xlmrd.ivd c:\bases_x\plugins\z.xmd c:\bases_x\plugins\zip.xmd c:\bases_x\plugins\zoo.xmd c:\bases_x\Polish.Age c:\bases_x\Polish.con c:\bases_x\Polish.dow c:\bases_x\Polish.lic c:\bases_x\Polish.tcp c:\bases_x\Polish.win c:\bases_x\PopupChk.ppl c:\bases_x\Portuguese.Age c:\bases_x\Portuguese.con c:\bases_x\Portuguese.dow c:\bases_x\Portuguese.lic c:\bases_x\Portuguese.tcp c:\bases_x\Portuguese.win c:\bases_x\prKernel.ppl c:\bases_x\prLoader.dll c:\bases_x\procmon.ppl c:\bases_x\product.bmp c:\bases_x\prseqio.ppl c:\bases_x\PrUpdate.ppl c:\bases_x\PrUtil.ppl c:\bases_x\pxstub.ppl c:\bases_x\Quantum.ppl c:\bases_x\rar.ppl c:\bases_x\recycler.reg c:\bases_x\red32.dll c:\bases_x\reggrd.ppl |
|
09.08.2009, 00:03
| #63 |
| | Virus/Trojaner oder von allem etwas? c:\bases_x\reload.exe
__________________c:\bases_x\remove.ini c:\bases_x\resip.ppl c:\bases_x\Romanian.Age c:\bases_x\Romanian.con c:\bases_x\Romanian.dow c:\bases_x\Romanian.lic c:\bases_x\Romanian.tcp c:\bases_x\Romanian.win c:\bases_x\S08000F0.TTF c:\bases_x\sc.ppl c:\bases_x\scan.dll c:\bases_x\ScanningProcess.exe c:\bases_x\Schedule.Lan c:\bases_x\schedule.ppl c:\bases_x\setpriv.exe c:\bases_x\sfdb.PPL c:\bases_x\Spanish.Age c:\bases_x\Spanish.con c:\bases_x\Spanish.dow c:\bases_x\Spanish.lic c:\bases_x\Spanish.tcp c:\bases_x\Spanish.win c:\bases_x\Spanishl.Age c:\bases_x\Spanishl.con c:\bases_x\Spanishl.dow c:\bases_x\Spanishl.lic c:\bases_x\Spanishl.tcp c:\bases_x\Spanishl.win c:\bases_x\spydb.avs c:\bases_x\spydb.old c:\bases_x\StdComp.ppl c:\bases_x\StEnum2.ppl c:\bases_x\stored.ppl c:\bases_x\success.sem c:\bases_x\superio.ppl c:\bases_x\sysr.txt c:\bases_x\Tamil.Age c:\bases_x\Tamil.con c:\bases_x\Tamil.dow c:\bases_x\Tamil.lic c:\bases_x\Tamil.tcp c:\bases_x\TempFile.ppl c:\bases_x\test2.exe c:\bases_x\thpimpl.ppl c:\bases_x\Thumbs.db c:\bases_x\Timer.ppl c:\bases_x\tm.ppl c:\bases_x\TrainSup.ppl c:\bases_x\Turkish.Age c:\bases_x\Turkish.con c:\bases_x\Turkish.dow c:\bases_x\Turkish.lic c:\bases_x\Turkish.tcp c:\bases_x\Turkish.win c:\bases_x\UnArj.ppl c:\bases_x\UniArc.ppl c:\bases_x\UnLZX.ppl c:\bases_x\Unreduce.ppl c:\bases_x\unregx.exe c:\bases_x\UNSHRINK.ppl c:\bases_x\UnStored.ppl c:\bases_x\up.avs c:\bases_x\update.txt c:\bases_x\versions.dat c:\bases_x\viewtcp.exe c:\bases_x\ViewTCP.lan c:\bases_x\virus.avi c:\bases_x\WDiskIO.ppl c:\bases_x\WIN.PRO c:\bases_x\WinReg.ppl c:\bases_x\wmihlpr.ppl c:\bases_x\xorio.ppl c:\bases_x\zcompare.ppl c:\dokumente und einstellungen\User\Anwendungsdaten\eMule c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Common\698c001a19.exe c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT c:\programme\Lavasoft c:\programme\Lavasoft\Ad-Aware SE Personal\defs.ref.old c:\programme\Panda Security c:\programme\VideoLAN c:\windows\R.COM c:\windows\system32\eEmpty.exe c:\windows\system32\msvcp80.dll c:\windows\system32\msvcr80.dll c:\windows\system32\perfc007.dat c:\windows\system32\perfh007.dat c:\windows\system32\T.COM . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PAVBOOT ((((((((((((((((((((((( Dateien erstellt von 2009-07-08 bis 2009-08-08 )))))))))))))))))))))))))))))) . 2009-08-08 21:30 . 2009-08-08 21:32 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-08-08 20:45 . 2009-08-08 20:45 -------- d-s---w- C:\cofiexe 2009-08-08 13:42 . 2009-08-08 16:05 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Skype 2009-08-08 13:06 . 2009-08-08 14:36 -------- d-----w- c:\programme\The KMPlayer 2009-08-08 13:03 . 2009-08-08 13:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype 2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\programme\Foxit Software 2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Foxit 2009-08-08 12:58 . 2009-08-08 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-08 12:57 . 2009-08-08 12:57 152576 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-08 00:07 . 2009-08-08 00:07 -------- d-----w- c:\programme\CCleaner 2009-08-07 22:45 . 2009-08-07 22:45 -------- d-----w- c:\programme\trend micro 2009-08-07 18:12 . 2009-08-07 18:12 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien 2009-08-07 18:11 . 2009-08-07 18:11 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache 2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes 2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-sh--w- c:\dokumente und einstellungen\Default User\IETldCache 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\MSBuild 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\Reference Assemblies 2009-08-06 02:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-06 02:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-06 02:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-06 02:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-06 02:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-06 02:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-06 02:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-31 14:28 . 2009-07-31 14:28 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten 2009-07-31 14:04 . 2009-08-05 23:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-31 14:04 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-31 14:04 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-31 14:04 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\programme\Avira 2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-08 22:50 . 2009-08-08 22:50 54456 ------w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-08-08 22:47 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2009-08-08 22:47 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----r- c:\programme\Skype 2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype 2009-08-08 12:58 . 2007-02-12 09:42 -------- d-----w- c:\programme\Java 2009-08-08 12:15 . 2007-02-12 11:56 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe 2009-07-18 17:38 . 2009-07-18 17:38 56968 ----a-w- c:\windows\Fonts\USUn000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 41952 ----a-w- c:\windows\Fonts\Blue000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 38012 ----a-w- c:\windows\Fonts\Rude000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 31820 ----a-w- c:\windows\Fonts\Suss000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 24460 ----a-w- c:\windows\Fonts\Eval000.ttf 2009-07-03 16:55 . 2003-04-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-28 21:01 . 2007-04-21 23:56 -------- d-----w- c:\programme\IrfanView 2009-06-26 22:28 . 2007-04-19 00:18 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\dvdcss 2009-06-19 19:15 . 2009-02-05 16:51 1 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-16 14:36 . 2003-04-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2003-04-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2007-02-09 15:19 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-05-26 00:31 . 2009-05-26 00:31 60416 ----a-w- c:\windows\ALCFDRTM.EXE 2009-05-26 00:07 . 2009-05-26 00:07 184 ----a-w- c:\windows\system32\e000002.dat 2009-05-16 19:41 . 2009-05-16 19:41 299824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzlib.dll 2009-05-16 19:41 . 2009-05-16 19:41 98360 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\bass.dll 2009-05-16 19:41 . 2009-05-16 19:41 366896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzprores.dll 2009-05-16 19:41 . 2009-05-16 19:41 1262896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzpro2.dll 2008-11-30 22:17 . 2008-11-30 22:17 1804050 ----a-w- c:\programme\Multidecoder_1.0.0.48.zip . ((((((((((((((((((((((((((((( SnapShot@2009-08-08_22.05.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-08 22:49 . 2009-08-08 22:49 16384 c:\windows\temp\Perflib_Perfdata_144.dat + 2009-08-08 22:47 . 2009-08-08 22:47 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-08 22:47 . 2009-08-08 22:47 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-08 22:47 . 2009-08-08 22:47 233472 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT + 2009-08-08 22:47 . 2009-08-08 22:47 208896 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-08 22:47 . 2009-08-08 22:47 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-08 22:47 . 2009-08-08 22:47 11370496 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="c:\programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984] "CTSysVol"="c:\programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-08-08 149280] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Hochfahren.bat [2008-4-28 65] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2007-11-3 692224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SATARAID5.lnk backup=c:\windows\pss\SATARAID5.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "d:\\Spiele\\Worms World Party\\wwp.exe"= "c:\\Programme\\Paltalk Messenger\\paltalk.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17010:TCP"= 17010:TCP:worms world party "17011:TCP"= 17011:TCP:Worms world Party "17012:TCP"= 17012:TCP:Worms world party R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [31.07.2009 16:04 108289] R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26.05.2009 01:38 15840] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [04.04.2009 17:23 562176] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [04.04.2009 17:23 15616] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.02.2009 17:07 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.02.2009 17:07 8320] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNMp50.sys --> c:\windows\system32\drivers\PDNMp50.sys [?] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNSp50.sys --> c:\windows\system32\drivers\PDNSp50.sys [?] S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys --> c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.gmx.de/ mStart Page = about:blank TCP: {7D12C82E-EF19-40E1-A2F1-469F20F0A96E} = 213.191.74.19 62.109.123.197 FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.trojaner-board.de/76194-virus-trojaner-oder-von-allem-etwas-6.html#post455014 FF - prefs.js: keyword.enabled - false FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: browser.history_expire_days - 3 FF - user.js: browser.history_expire_days_min - 3 FF - user.js: browser.history_expire_sites - 40000 FF - user.js: dom.storage.enabled - true FF - user.js: privacy.sanitize.sanitizeOnShutdown - false FF - user.js: privacy.sanitize.promptOnSanitize - false FF - user.js: privacy.item.offlineApps - false FF - user.js: browser.safebrowsing.malware.enabled - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: network.http.pipelining - true FF - user.js: network.prefetch-next - true FF - user.js: config.trim_on_minimize - true FF - user.js: browser.sessionhistory.max_total_viewers - 0 FF - user.js: browser.cache.memory.capacity - 18432 FF - user.js: browser.cache.disk.capacity - 20000 FF - user.js: browser.cache.offline.capacity - 25000 FF - user.js: browser.sessionstore.interval - 30000000 FF - user.js: browser.sessionstore.max_tabs_undo - 10 FF - user.js: browser.urlbar.maxRichResults - 0 FF - user.js: keyword.enabled - false FF - user.js: browser.fixup.alternate.suffix - .com FF - user.js: browser.urlbar.doubleClickSelectsAll - false FF - user.js: browser.urlbar.clickSelectsAll - true FF - user.js: browser.zoom.siteSpecific - false FF - user.js: browser.search.openintab - true FF - user.js: browser.tabs.loadDivertedInBackground - true FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.download.manager.useWindow - true FF - user.js: browser.download.manager.retention - 1 FF - user.js: browser.download.manager.closeWhenDone - true FF - user.js: extensions.checkCompatibility - true FF - user.js: extensions.hideInstallButton - true c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-09 00:49 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7412) c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll c:\programme\Logitech\SetPoint\GameHook.dll c:\programme\Logitech\SetPoint\lgscroll.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\CTSVCCDA.EXE c:\programme\Java\jre6\bin\jqs.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe c:\windows\system32\MsPMSPSv.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-08-08 0:55 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-08-08 22:55 ComboFix2.txt 2009-08-08 22:12 ComboFix3.txt 2009-08-08 16:28 Vor Suchlauf: 9 Verzeichnis(se), 37.774.454.784 Bytes frei Nach Suchlauf: 7 Verzeichnis(se), 37.643.722.752 Bytes frei 1926 --- E O F --- 2009-08-07 02:15 |
|
09.08.2009, 00:11
| #64 |
  | Virus/Trojaner oder von allem etwas? 1.) Deaktiviere den Wächter von Avira. 2.) Packe den Ordner c:\qoobox mit Zip oder Rar, lade das Archiv bei einem Filehoster hoch (z.B. www.materialordner.de) und schicke mir den Link als PN. 3.) Aktiviere den Wächter von Avira. Nach den ganzen Löschorgien brauche ich neue Logs. 4.) Poste beide Logs von http://www.trojaner-board.de/74910-a...tion-tool.html Morgen (äh, heute) geht es weiter, aber wir sind kurz vor Ziel. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
09.08.2009, 01:39
| #65 |
| | Virus/Trojaner oder von allem etwas? Geht klar! Punkt 1-3 ausgeführt und Dir die Links als PN geschickt, waren über 160 MB deshalb musste ich die Dateien splitten. Hier sind die Logs von RSIT, Nummer 1: info.txt logfile of random's system information tool 1.06 2009-08-09 02:34:00 ======Uninstall list====== -->"C:\Programme\Creative\SBAudigy2ZS\Program\SETUP.EXE" /S /U /W /L:GER -->C:\Programme\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE /W /U /S /L:GER -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3114 SATARAID5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9 ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13} Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7 ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{B7777E08-1344-42E8-975B-6F541F9ADBD8} ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" AusLogics Disk Defrag-->"C:\Programme\AusLogics Disk Defrag\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE Canon Camera Support Core Library-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B9B9863A-32FD-4133-ADB7-46244ED77694} /l1031 Canon Camera Window for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0} Canon Internet Library for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A} Canon MovieEdit Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817} Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D} Canon RAW Image Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9518F764-C54D-47B2-9E73-154B21E79FD2} Canon RemoteCapture Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2C164906-E68F-462A-9010-70DD022223EF} Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE Canon Utilities PhotoStitch 3.1-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401} Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} com! Firefox-3-Optimierer -->C:\Programme\com! Firefox-3-Optimierer\uninst.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Cool & Quiet-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9 Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x7 /remove/remove/remove/remove Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7 /remove Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7 /remove DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe IsoBuster 2.3-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe" Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C} Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Logitech® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE} Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Word 2000-->MsiExec.exe /I{00170407-78E1-11D2-B60F-006097C998E7} Mozilla Firefox (3.5.2)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625} Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E} Nokia MTP driver-->MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68} Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ger_web.exe Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD} Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31} Nokia themes for your device-->MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8} NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74} PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Programme\Paltalk Messenger\irunin.xml" PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD} PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7 PDFCreator-->C:\Programme\PDFCreator\unins000.exe QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" |
|
09.08.2009, 01:40
| #66 |
| | Virus/Trojaner oder von allem etwas? Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash \KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x7 Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} SPSS 15.0 für Windows [Auswertung Version]-->MsiExec.exe /X{6D9B9CF3-1E9C-45B6-B41E-5CF568605556} The KMPlayer (remove only)-->"C:\Programme\The KMPlayer\uninstall.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: LICHTMASCHINE Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Anwendungsverwaltung" gesendet. Record Number: 73513 Source Name: Service Control Manager Time Written: 20090807192545.000000+120 Event Type: Informationen User: LICHTMASCHINE\User Computer Name: LICHTMASCHINE Event Code: 7023 Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Record Number: 73512 Source Name: Service Control Manager Time Written: 20090807192545.000000+120 Event Type: Fehler User: Computer Name: LICHTMASCHINE Event Code: 7036 Message: Dienst "Anwendungsverwaltung" befindet sich jetzt im Status "Beendet". Record Number: 73511 Source Name: Service Control Manager Time Written: 20090807192545.000000+120 Event Type: Informationen User: Computer Name: LICHTMASCHINE Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Anwendungsverwaltung" gesendet. Record Number: 73510 Source Name: Service Control Manager Time Written: 20090807192545.000000+120 Event Type: Informationen User: LICHTMASCHINE\User Computer Name: LICHTMASCHINE Event Code: 7023 Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Record Number: 73509 Source Name: Service Control Manager Time Written: 20090807192545.000000+120 Event Type: Fehler User: =====Application event log===== Computer Name: LICHTMASCHINE Event Code: 1517 Message: Die Registrierung des Benutzers "LICHTMASCHINE\User" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden. Record Number: 25884 Source Name: Userenv Time Written: 20090324081347.000000+060 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: LICHTMASCHINE Event Code: 0 Message: Record Number: 25883 Source Name: gupdate1c987a5477f4f6 Time Written: 20090324070630.000000+060 Event Type: Informationen User: Computer Name: LICHTMASCHINE Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 25882 Source Name: SecurityCenter Time Written: 20090324070604.000000+060 Event Type: Informationen User: Computer Name: LICHTMASCHINE Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 25881 Source Name: Avira AntiVir Time Written: 20090324070604.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: LICHTMASCHINE Event Code: 105 Message: The service was started. Record Number: 25880 Source Name: WMDM PMSP Service Time Written: 20090324070603.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\ATI Technologies\ATI.ACE;C:\Programme\Smart Projects\IsoBuster;C:\Programme\QuickTime\QTSystem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF----------------- RSIT Nummer 2: Logfile of random's system information tool 1.06 (written by random/random) Run by User at 2009-08-09 02:33:33 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 36 GB (72%) free of 50 GB Total RAM: 1023 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:33:58, on 09.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\User\Desktop\RSIT.exe C:\Programme\trend micro\User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - Global Startup: Hochfahren.bat O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7D12C82E-EF19-40E1-A2F1-469F20F0A96E}: NameServer = 213.191.74.19 62.109.123.197 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/User/LOKALE~1/Temp/msoclip1/01/clip_image002.jpg -- End of file - 5121 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-08 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-08 73728] |
|
09.08.2009, 01:41
| #67 |
| | Virus/Trojaner oder von allem etwas? [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"=C:\Programme\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056] "ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968] "ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080] "LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984] "CTSysVol"=C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344] "CTDVDDET"=C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [2003-06-18 45056] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-10-06 24576] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-08-08 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"=C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-10-08 139264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe [2009-07-16 25604904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk] C:\PROGRA~1\SILICO~1\3114SA~1\sam.jar [2004-06-25 1510757] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk] C:\PROGRA~1\WinTV\WinTV7\WINTVT~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Hochfahren.bat Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater" "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "D:\Spiele\Worms World Party\wwp.exe"="D:\Spiele\Worms World Party\wwp.exe:*:Enabled:Worms World Party" "C:\Programme\Paltalk Messenger\paltalk.exe"="C:\Programme\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-08-09 02:33:33 ----D---- C:\rsit 2009-08-09 02:04:46 ----SHD---- C:\RECYCLER 2009-08-09 00:55:47 ----A---- C:\ComboFix.txt 2009-08-09 00:47:07 ----D---- C:\WINDOWS\temp 2009-08-08 23:57:46 ----A---- C:\WINDOWS\zip.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\SWSC.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\SWREG.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\sed.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\PEV.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-08 23:57:46 ----A---- C:\WINDOWS\grep.exe 2009-08-08 23:57:39 ----D---- C:\Qoobox 2009-08-08 23:30:52 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-08-08 22:45:42 ----SD---- C:\cofiexe 2009-08-08 15:42:10 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Skype 2009-08-08 15:06:31 ----D---- C:\Programme\The KMPlayer 2009-08-08 15:03:10 ----D---- C:\Programme\Gemeinsame Dateien\Skype 2009-08-08 15:01:26 ----D---- C:\Programme\Foxit Software 2009-08-08 15:01:26 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Foxit 2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\java.exe 2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-08-08 02:30:13 ----A---- C:\Boot.bak 2009-08-08 02:30:05 ----RASHD---- C:\cmdcons 2009-08-08 02:24:44 ----D---- C:\WINDOWS\ERDNT 2009-08-08 02:07:24 ----D---- C:\Programme\CCleaner 2009-08-08 00:45:21 ----D---- C:\Programme\trend micro 2009-08-07 17:49:45 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes 2009-08-07 17:49:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-07 04:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-06 04:35:13 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-06 04:35:08 ----D---- C:\Programme\MSBuild 2009-08-06 04:35:07 ----D---- C:\WINDOWS\system32\en-US 2009-08-06 04:35:00 ----D---- C:\Programme\Reference Assemblies 2009-08-06 04:34:28 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-06 04:34:27 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-06 04:34:27 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-01 12:28:06 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-31 16:04:44 ----D---- C:\Programme\Avira 2009-07-31 16:04:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-07-15 17:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-15 17:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-15 17:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ ======List of files/folders modified in the last 1 months====== 2009-08-09 02:33:26 ----D---- C:\WINDOWS\Prefetch 2009-08-09 01:06:12 ----HD---- C:\Programme\InstallShield Installation Information 2009-08-09 01:06:12 ----D---- C:\WINDOWS\system32 2009-08-09 01:06:12 ----D---- C:\Programme\PC Inspector File Recovery 2009-08-09 00:57:25 ----D---- C:\Programme\Mozilla Firefox 2009-08-09 00:55:49 ----D---- C:\WINDOWS\system32\drivers 2009-08-09 00:50:19 ----D---- C:\WINDOWS 2009-08-09 00:50:19 ----A---- C:\WINDOWS\system.ini 2009-08-09 00:49:47 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-09 00:47:26 ----D---- C:\WINDOWS\system32\config 2009-08-09 00:47:02 ----RD---- C:\Programme 2009-08-09 00:42:08 ----D---- C:\WINDOWS\AppPatch 2009-08-09 00:42:03 ----D---- C:\Programme\Gemeinsame Dateien 2009-08-08 22:46:03 ----SHD---- C:\System Volume Information 2009-08-08 22:46:03 ----D---- C:\WINDOWS\system32\Restore 2009-08-08 21:37:06 ----A---- C:\WINDOWS\wininit.ini 2009-08-08 19:02:55 ----HD---- C:\WINDOWS\inf 2009-08-08 18:04:26 ----RASH---- C:\boot.ini 2009-08-08 18:04:26 ----A---- C:\WINDOWS\win.ini 2009-08-08 15:03:24 ----SHD---- C:\WINDOWS\Installer 2009-08-08 15:03:22 ----RD---- C:\Programme\Skype 2009-08-08 15:03:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2009-08-08 14:58:12 ----D---- C:\Programme\Java 2009-08-08 14:47:58 ----SD---- C:\WINDOWS\Tasks 2009-08-08 14:47:28 ----RD---- C:\WINDOWS\Web 2009-08-08 14:17:00 ----D---- C:\WINDOWS\system32\Macromed 2009-08-08 14:17:00 ----D---- C:\WINDOWS\system32\Adobe 2009-08-08 14:16:34 ----D---- C:\WINDOWS\WinSxS 2009-08-08 14:15:08 ----D---- C:\Programme\Adobe 2009-08-08 14:15:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-08-08 14:15:00 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-08-08 02:37:22 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-08 02:15:42 ----D---- C:\WINDOWS\Debug 2009-08-07 19:19:11 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-07 13:09:50 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-07 04:15:54 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-06 15:23:36 ----RSD---- C:\WINDOWS\assembly 2009-08-06 04:38:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-06 04:35:05 ----RSD---- C:\WINDOWS\Fonts 2009-08-06 04:34:46 ----D---- C:\WINDOWS\system32\spool 2009-08-03 02:54:58 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia 2009-07-31 18:27:06 ----D---- C:\WINDOWS\ShellNew 2009-07-31 18:27:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-07-30 05:45:04 ----D---- C:\Programme\Internet Explorer 2009-07-30 05:44:05 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-19 18:41:10 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-19 15:11:12 ----A---- C:\WINDOWS\system32\mshtml.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-04-02 63232] R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-04-02 55936] R2 PfDetNT;PfDetNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464] R3 catchme;catchme; \??\C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys [] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-11-05 645392] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-11-19 366160] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-10-08 6096] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-10-08 130288] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-10-13 145488] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-10-21 904496] R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-10-21 148432] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496] R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248] R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632] R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-10-08 178672] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-10-14 332800] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560] S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver; C:\WINDOWS\System32\Drivers\hcw95bda.sys [2008-09-09 562176] S3 hcw95rc;Hauppauge MOD7700 IR Driver; C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2008-09-09 15616] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNMp50.sys [] S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNSp50.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Dokumente und Einstellungen\User\Desktop\SysProtDrv.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.EXE [1999-12-13 44032] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-08 153376] R2 LVPrcSrv;Process Monitor; c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192] S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- 1000 Dank für deine großzügige Hilfe und den unermüdlichen Einsatz! Werde heute (Sonntag) leider erst wieder Abends online sein können. Hoffentlich dann bis bald, bzw. wann auch immer Du Zeit und Lust hast! |
|
09.08.2009, 16:37
| #68 |
| | Virus/Trojaner oder von allem etwas? Der Silentbanker versteckt sich im Macromediaordner (Adobe Flash/Adobe Shockwave), deshalb werden wir ein letztes Mal sehr gründlich aufräumen. Direkt im Anschluss werden bestimmte Dinge nicht mehr funktionieren, die wir aber umgehend neu installieren werden. 1.) Leere den kompletten Inhalt des Ordners
3.) Scripten mit Combofix
Code:
ATTFilter KILLALL::
Folder::
C:\WINDOWS\system32\Macromed
C:\WINDOWS\system32\Adobe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
C:\Programme\Gemeinsame Dateien\Adobe
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. 4.) Installiere (Toolbars immer abwählen, Haken weg):ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
09.08.2009, 22:32
| #69 |
| | Virus/Trojaner oder von allem etwas? Hallo Andreas, Danke dass Du dir wieder Zeit genommen hast! Hier das Combo Log: ComboFix 09-08-09.03 - User 09.08.2009 23:15.7.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.624 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\cofi.exe..exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\User\Desktop\cfscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\All Users\Anwendungsdaten\Adobe c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\cache.armorgames.com\files\games\this-is-the-only-lev-4309.swf\finalLevel.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\cdn-1.moviebox.com\e1\v2\swf\player\moviebox_player.swf\ph_options.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\core.mochibot.com\com.mochibot.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\mochiads.com\__ms_1249762085703_95874.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\mochiads.com\com.mochiads.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\mochiads.com\mochiLCStatus.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\mochiads.com\services.mochiads.com.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\s.ytimg.com\soundData.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\s.ytimg.com\videostats.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\skype.com\#ui\preferences.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\static.flabber.net\files\melkcrisis.swf\soundsettings3.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\static.flabber.net\files\melkcrisis.swf\systemMemory1.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\V46PTW74\www.flabber.nl\analytics.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.armorgames.com\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-1.moviebox.com\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.flabber.net\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.flabber.nl\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Flash Player\youtube.com\soundData.sol c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\dirapi.mch c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\Prefs\GE57REF6\MerlinsRevenge3Keys.txt c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\Prefs\GE57REF6\PlatformPrefs.txt c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\Prefs\GE57REF6\xbrprog.txt c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\Shockwave Log c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound\DirectSound.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset\Flash Asset.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset\Font Asset.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra\Font Xtra.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Havok\Havok.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix\MacroMix.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices\Mix Services.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\PNGImportExport\PNG Import Export.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset\Shockwave 3d Asset.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl\Sound Control.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\swadcmpr.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\SWASTRM.X32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset\Text Asset.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra\TextXtra.x32 c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Shockwave Player\xtras\download\MagicModulesPtyLtd\baMoveCursor\baMoveCursor.x32 c:\programme\Gemeinsame Dateien\Adobe c:\windows\system32\Adobe c:\windows\system32\Adobe\Shockwave 11\UNWISE.INI . ((((((((((((((((((((((( Dateien erstellt von 2009-07-09 bis 2009-08-09 )))))))))))))))))))))))))))))) . 2009-08-09 00:33 . 2009-08-09 00:34 -------- d-----w- C:\rsit 2009-08-08 22:50 . 2009-08-08 22:50 54456 ------w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-08-08 21:30 . 2009-08-08 21:32 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-08-08 20:45 . 2009-08-08 20:45 -------- d-s---w- C:\cofiexe 2009-08-08 13:42 . 2009-08-08 16:05 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Skype 2009-08-08 13:06 . 2009-08-08 14:36 -------- d-----w- c:\programme\The KMPlayer 2009-08-08 13:03 . 2009-08-08 13:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype 2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\programme\Foxit Software 2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Foxit 2009-08-08 12:58 . 2009-08-08 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-08 12:57 . 2009-08-08 12:57 152576 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-08 00:07 . 2009-08-08 00:07 -------- d-----w- c:\programme\CCleaner 2009-08-07 22:45 . 2009-08-09 00:33 -------- d-----w- c:\programme\trend micro 2009-08-07 18:12 . 2009-08-07 18:12 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien 2009-08-07 18:11 . 2009-08-07 18:11 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache 2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes 2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-sh--w- c:\dokumente und einstellungen\Default User\IETldCache 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\MSBuild 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\Reference Assemblies 2009-08-06 02:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-06 02:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-06 02:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-06 02:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-06 02:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-06 02:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-06 02:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-31 14:28 . 2009-07-31 14:28 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten 2009-07-31 14:04 . 2009-08-05 23:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-31 14:04 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-31 14:04 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-31 14:04 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\programme\Avira 2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-09 21:20 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2009-08-09 21:20 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2009-08-08 23:06 . 2008-02-24 15:41 -------- d-----w- c:\programme\PC Inspector File Recovery 2009-08-08 23:06 . 2007-02-09 15:17 -------- d--h--w- c:\programme\InstallShield Installation Information 2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----r- c:\programme\Skype 2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype 2009-08-08 12:58 . 2007-02-12 09:42 -------- d-----w- c:\programme\Java 2009-07-18 17:38 . 2009-07-18 17:38 56968 ----a-w- c:\windows\Fonts\USUn000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 41952 ----a-w- c:\windows\Fonts\Blue000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 38012 ----a-w- c:\windows\Fonts\Rude000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 31820 ----a-w- c:\windows\Fonts\Suss000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 24460 ----a-w- c:\windows\Fonts\Eval000.ttf 2009-07-03 16:55 . 2003-04-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-28 21:01 . 2007-04-21 23:56 -------- d-----w- c:\programme\IrfanView 2009-06-26 22:28 . 2007-04-19 00:18 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\dvdcss 2009-06-19 19:15 . 2009-02-05 16:51 1 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-16 14:36 . 2003-04-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2003-04-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2007-02-09 15:19 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-05-26 00:31 . 2009-05-26 00:31 60416 ----a-w- c:\windows\ALCFDRTM.EXE 2009-05-26 00:07 . 2009-05-26 00:07 184 ----a-w- c:\windows\system32\e000002.dat 2009-05-16 19:41 . 2009-05-16 19:41 299824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzlib.dll 2009-05-16 19:41 . 2009-05-16 19:41 98360 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\bass.dll 2009-05-16 19:41 . 2009-05-16 19:41 366896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzprores.dll 2009-05-16 19:41 . 2009-05-16 19:41 1262896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzpro2.dll 2008-11-30 22:17 . 2008-11-30 22:17 1804050 ----a-w- c:\programme\Multidecoder_1.0.0.48.zip . ((((((((((((((((((((((((((((( SnapShot@2009-08-08_22.05.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-09 21:22 . 2009-08-09 21:22 16384 c:\windows\temp\Perflib_Perfdata_590.dat + 2009-08-08 22:47 . 2009-08-08 22:47 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-08 22:47 . 2009-08-08 22:47 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-08 22:47 . 2009-08-08 22:47 233472 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT + 2009-08-08 22:47 . 2009-08-08 22:47 208896 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-08 22:47 . 2009-08-08 22:47 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-08 22:47 . 2009-08-08 22:47 11370496 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="c:\programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984] "CTSysVol"="c:\programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-08-08 149280] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Hochfahren.bat [2008-4-28 65] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2007-11-3 692224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SATARAID5.lnk backup=c:\windows\pss\SATARAID5.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "d:\\Spiele\\Worms World Party\\wwp.exe"= "c:\\Programme\\Paltalk Messenger\\paltalk.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17010:TCP"= 17010:TCP:worms world party "17011:TCP"= 17011:TCP:Worms world Party "17012:TCP"= 17012:TCP:Worms world party R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [31.07.2009 16:04 108289] R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26.05.2009 01:38 15840] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [04.04.2009 17:23 562176] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [04.04.2009 17:23 15616] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.02.2009 17:07 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.02.2009 17:07 8320] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNMp50.sys --> c:\windows\system32\drivers\PDNMp50.sys [?] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNSp50.sys --> c:\windows\system32\drivers\PDNSp50.sys [?] S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys --> c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.gmx.de/ mStart Page = about:blank TCP: {7D12C82E-EF19-40E1-A2F1-469F20F0A96E} = 213.191.74.19 62.109.123.197 FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.trojaner-board.de/76194-virus-trojaner-oder-von-allem-etwas-6.html#post455014 FF - prefs.js: keyword.enabled - false FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: browser.history_expire_days - 3 FF - user.js: browser.history_expire_days_min - 3 FF - user.js: browser.history_expire_sites - 40000 FF - user.js: dom.storage.enabled - true FF - user.js: privacy.sanitize.sanitizeOnShutdown - false FF - user.js: privacy.sanitize.promptOnSanitize - false FF - user.js: privacy.item.offlineApps - false FF - user.js: browser.safebrowsing.malware.enabled - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: network.http.pipelining - true FF - user.js: network.prefetch-next - true FF - user.js: config.trim_on_minimize - true FF - user.js: browser.sessionhistory.max_total_viewers - 0 FF - user.js: browser.cache.memory.capacity - 18432 FF - user.js: browser.cache.disk.capacity - 20000 FF - user.js: browser.cache.offline.capacity - 25000 FF - user.js: browser.sessionstore.interval - 30000000 FF - user.js: browser.sessionstore.max_tabs_undo - 10 FF - user.js: browser.urlbar.maxRichResults - 0 FF - user.js: keyword.enabled - false FF - user.js: browser.fixup.alternate.suffix - .com FF - user.js: browser.urlbar.doubleClickSelectsAll - false FF - user.js: browser.urlbar.clickSelectsAll - true FF - user.js: browser.zoom.siteSpecific - false FF - user.js: browser.search.openintab - true FF - user.js: browser.tabs.loadDivertedInBackground - true FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.download.manager.useWindow - true FF - user.js: browser.download.manager.retention - 1 FF - user.js: browser.download.manager.closeWhenDone - true FF - user.js: extensions.checkCompatibility - true FF - user.js: extensions.hideInstallButton - true c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); |
|
09.08.2009, 22:33
| #70 |
| | Virus/Trojaner oder von allem etwas? c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-09 23:22 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7336) c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll c:\programme\Logitech\SetPoint\GameHook.dll c:\programme\Logitech\SetPoint\lgscroll.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\CTSVCCDA.EXE c:\programme\Java\jre6\bin\jqs.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe c:\windows\system32\MsPMSPSv.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-08-09 23:29 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-08-09 21:29 ComboFix2.txt 2009-08-08 22:55 ComboFix3.txt 2009-08-08 22:12 ComboFix4.txt 2009-08-08 16:28 Vor Suchlauf: 8 Verzeichnis(se), 37.744.799.744 Bytes frei Nach Suchlauf: 8 Verzeichnis(se), 37.670.264.832 Bytes frei 333 --- E O F --- 2009-08-07 02:15 Der CC Cleaner konnte das hier nicht löschen: Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} |
|
09.08.2009, 22:45
| #71 |
| | Virus/Trojaner oder von allem etwas? Schon erledigt! |
|
09.08.2009, 22:56
| #72 | |
| | Virus/Trojaner oder von allem etwas?Zitat:
Mittlerweile weiß ich auch, warum die Virenscanner nicht auf die Dateien angesprungen sind. Offensichtlich gab es Probleme beim Download, die Dateien waren nicht vollständig und somit nur Datenmüll. 1.) Scripten mit Combofix
Code:
ATTFilter KILLALL::
Driver::
SysProtDrv.sys
File::
c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys
Folder::
c:\rsit
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. 2.) Start => Ausführen => combofix /u => OK 3.) Poste ein aktuelles HJT-Log. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
09.08.2009, 23:32
| #73 |
| | Virus/Trojaner oder von allem etwas? Punkt 1 ausgeführt, hier ist das Combo Log, werde Punkt2 und 3 ausführen und melde mich gleich zurück: ComboFix 09-08-09.03 - User 10.08.2009 0:16.8.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.542 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\cofi.exe..exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\User\Desktop\cfscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Neuer Wiederherstellungspunkt wurde erstellt FILE :: "c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys" . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\rsit c:\rsit\info.txt c:\rsit\log.txt . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSPROTDRV.SYS -------\Service_SysProtDrv.sys ((((((((((((((((((((((( Dateien erstellt von 2009-07-09 bis 2009-08-09 )))))))))))))))))))))))))))))) . 2009-08-09 21:43 . 2009-08-09 21:43 -------- d-----w- c:\windows\system32\Adobe 2009-08-08 22:50 . 2009-08-08 22:50 54456 ------w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-08-08 21:30 . 2009-08-08 21:32 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-08-08 20:45 . 2009-08-08 20:45 -------- d-s---w- C:\cofiexe 2009-08-08 13:42 . 2009-08-08 16:05 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Skype 2009-08-08 13:06 . 2009-08-08 14:36 -------- d-----w- c:\programme\The KMPlayer 2009-08-08 13:03 . 2009-08-08 13:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype 2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\programme\Foxit Software 2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Foxit 2009-08-08 12:58 . 2009-08-08 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-08 12:57 . 2009-08-08 12:57 152576 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-08 00:07 . 2009-08-08 00:07 -------- d-----w- c:\programme\CCleaner 2009-08-07 22:45 . 2009-08-09 00:33 -------- d-----w- c:\programme\trend micro 2009-08-07 18:12 . 2009-08-07 18:12 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien 2009-08-07 18:11 . 2009-08-07 18:11 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache 2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes 2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-sh--w- c:\dokumente und einstellungen\Default User\IETldCache 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\MSBuild 2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\Reference Assemblies 2009-08-06 02:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-06 02:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-06 02:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-06 02:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-06 02:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-06 02:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-06 02:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-31 14:28 . 2009-07-31 14:28 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten 2009-07-31 14:04 . 2009-08-05 23:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-31 14:04 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-31 14:04 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-31 14:04 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\programme\Avira 2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-09 22:21 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2009-08-09 22:21 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat 2009-08-08 23:06 . 2008-02-24 15:41 -------- d-----w- c:\programme\PC Inspector File Recovery 2009-08-08 23:06 . 2007-02-09 15:17 -------- d--h--w- c:\programme\InstallShield Installation Information 2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----r- c:\programme\Skype 2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype 2009-08-08 12:58 . 2007-02-12 09:42 -------- d-----w- c:\programme\Java 2009-07-18 17:38 . 2009-07-18 17:38 56968 ----a-w- c:\windows\Fonts\USUn000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 41952 ----a-w- c:\windows\Fonts\Blue000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 38012 ----a-w- c:\windows\Fonts\Rude000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 31820 ----a-w- c:\windows\Fonts\Suss000.ttf 2009-07-18 17:38 . 2009-07-18 17:38 24460 ----a-w- c:\windows\Fonts\Eval000.ttf 2009-07-03 16:55 . 2003-04-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-28 21:01 . 2007-04-21 23:56 -------- d-----w- c:\programme\IrfanView 2009-06-26 22:28 . 2007-04-19 00:18 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\dvdcss 2009-06-19 19:15 . 2009-02-05 16:51 1 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-16 14:36 . 2003-04-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2003-04-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2007-02-09 15:19 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-05-26 00:31 . 2009-05-26 00:31 60416 ----a-w- c:\windows\ALCFDRTM.EXE 2009-05-26 00:07 . 2009-05-26 00:07 184 ----a-w- c:\windows\system32\e000002.dat 2009-05-16 19:41 . 2009-05-16 19:41 299824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzlib.dll 2009-05-16 19:41 . 2009-05-16 19:41 98360 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\bass.dll 2009-05-16 19:41 . 2009-05-16 19:41 366896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzprores.dll 2009-05-16 19:41 . 2009-05-16 19:41 1262896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzpro2.dll 2008-11-30 22:17 . 2008-11-30 22:17 1804050 ----a-w- c:\programme\Multidecoder_1.0.0.48.zip . ((((((((((((((((((((((((((((( SnapShot@2009-08-08_22.05.45 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-09 22:22 . 2009-08-09 22:22 16384 c:\windows\temp\Perflib_Perfdata_13c.dat + 2009-08-09 21:43 . 2009-08-09 21:44 87617 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe + 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll + 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll + 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2009-08-09 22:20 . 2009-08-09 22:20 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-09 22:20 . 2009-08-09 22:20 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-07-21 06:59 . 2009-07-21 06:59 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe + 2009-07-21 08:17 . 2009-07-21 08:17 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe + 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll + 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll + 2009-07-21 06:59 . 2009-07-21 06:59 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll + 2009-07-21 08:04 . 2009-07-21 08:04 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll + 2009-07-21 08:18 . 2009-07-21 08:18 206264 c:\windows\system32\Adobe\Director\SwDir.dll + 2009-07-21 08:03 . 2009-07-21 08:03 131072 c:\windows\system32\Adobe\Director\np32dsw.dll + 2009-08-09 22:20 . 2009-08-09 22:20 233472 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT + 2009-08-09 22:20 . 2009-08-09 22:20 208896 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-09 22:20 . 2009-08-09 22:20 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll + 2009-07-21 06:59 . 2009-07-21 06:59 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe + 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll + 2009-08-09 22:20 . 2009-08-09 22:20 11370496 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="c:\programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984] "CTSysVol"="c:\programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-08-08 149280] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Hochfahren.bat [2008-4-28 65] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2007-11-3 692224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SATARAID5.lnk backup=c:\windows\pss\SATARAID5.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "d:\\Spiele\\Worms World Party\\wwp.exe"= "c:\\Programme\\Paltalk Messenger\\paltalk.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17010:TCP"= 17010:TCP:worms world party "17011:TCP"= 17011:TCP:Worms world Party "17012:TCP"= 17012:TCP:Worms world party R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [31.07.2009 16:04 108289] R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26.05.2009 01:38 15840] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [04.04.2009 17:23 562176] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [04.04.2009 17:23 15616] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.02.2009 17:07 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.02.2009 17:07 8320] S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNMp50.sys --> c:\windows\system32\drivers\PDNMp50.sys [?] S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNSp50.sys --> c:\windows\system32\drivers\PDNSp50.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.gmx.de/ mStart Page = about:blank TCP: {7D12C82E-EF19-40E1-A2F1-469F20F0A96E} = 213.191.74.19 62.109.123.197 FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.trojaner-board.de/76194-virus-trojaner-oder-von-allem-etwas-6.html#post455014 FF - prefs.js: keyword.enabled - false FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: browser.history_expire_days - 3 FF - user.js: browser.history_expire_days_min - 3 FF - user.js: browser.history_expire_sites - 40000 FF - user.js: dom.storage.enabled - true FF - user.js: privacy.sanitize.sanitizeOnShutdown - false FF - user.js: privacy.sanitize.promptOnSanitize - false FF - user.js: privacy.item.offlineApps - false FF - user.js: browser.safebrowsing.malware.enabled - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: network.http.pipelining - true FF - user.js: network.prefetch-next - true FF - user.js: config.trim_on_minimize - true FF - user.js: browser.sessionhistory.max_total_viewers - 0 FF - user.js: browser.cache.memory.capacity - 18432 FF - user.js: browser.cache.disk.capacity - 20000 FF - user.js: browser.cache.offline.capacity - 25000 FF - user.js: browser.sessionstore.interval - 30000000 FF - user.js: browser.sessionstore.max_tabs_undo - 10 FF - user.js: browser.urlbar.maxRichResults - 0 FF - user.js: keyword.enabled - false FF - user.js: browser.fixup.alternate.suffix - .com FF - user.js: browser.urlbar.doubleClickSelectsAll - false FF - user.js: browser.urlbar.clickSelectsAll - true FF - user.js: browser.zoom.siteSpecific - false FF - user.js: browser.search.openintab - true FF - user.js: browser.tabs.loadDivertedInBackground - true FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.download.manager.useWindow - true FF - user.js: browser.download.manager.retention - 1 FF - user.js: browser.download.manager.closeWhenDone - true FF - user.js: extensions.checkCompatibility - true FF - user.js: extensions.hideInstallButton - true c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-10 00:23 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7440) c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll c:\programme\Logitech\SetPoint\GameHook.dll c:\programme\Logitech\SetPoint\lgscroll.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\CTSVCCDA.EXE c:\programme\Java\jre6\bin\jqs.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe c:\windows\system32\MsPMSPSv.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\programme\ATI Technologies\ATI.ACE\CLI.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-08-09 0:29 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-08-09 22:29 ComboFix2.txt 2009-08-09 21:29 ComboFix3.txt 2009-08-08 22:55 ComboFix4.txt 2009-08-08 22:12 ComboFix5.txt 2009-08-09 22:15 Vor Suchlauf: 8 Verzeichnis(se), 37.618.417.664 Bytes frei Nach Suchlauf: 7 Verzeichnis(se), 37.618.196.480 Bytes frei 312 --- E O F --- 2009-08-07 02:15 |
|
09.08.2009, 23:35
| #74 |
| | Virus/Trojaner oder von allem etwas? HijackThis File Log: Logfile of HijackThis v1.99.1 Scan saved at 00:34:15, on 10.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe D:\Computerkram\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - Global Startup: Hochfahren.bat O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7D12C82E-EF19-40E1-A2F1-469F20F0A96E}: NameServer = 213.191.74.19 62.109.123.197 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe |
|
10.08.2009, 00:01
| #75 |
| | Virus/Trojaner oder von allem etwas? Starte HJT => Do a system scan only => Markiere: Code:
ATTFilter Alle R1, O2 und O9-Einträge
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.con f (file missing)
Wie geht es dem Rechner? Noch irgendwelche Meldungen oder Auffälligkeiten? ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu Virus/Trojaner oder von allem etwas? |
| adobe, antivir guard, avg, avira, bho, c:\windows\temp, content.ie5, dateisystem, desktop, einstellungen, entfernen, fehler, firefox, google, hijack, hijackthis, internet, internet explorer, log datei, maßnahme, monitor, mozilla, nicht möglich, problem, software, solution, starten, system, temp, virus/trojaner, windows, windows xp, windows\temp, zu langsam |
Linear-Darstellung
