zufällige .exe dateien

basti51 · 29.09.2009, 17:20

Vielen Dank!

ich werde alles durcharbeiten und mich dann zurückmelden

john.doe · 29.09.2009, 17:30

Hallo und

Zitat:

hört sich nicht so positiv an

Lies das => ThreatExpert Report: Trojan-Spy.Zbot.YETH, Trojan-Spy.Win32.Zbot.gen, Packed.Generic.232..

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

basti51 · 29.09.2009, 17:54

Vielen Dank!

werde mal alles durcharbeiten und mich dann zurückmelden

basti51 · 29.09.2009, 18:24

also habe mal alles durchgearbeitet und es scheint ales würden mich keine .exe dateien mehr nerven, gibt es sonst noch etwas zu beachten? braucht ihr n .log file ?

Vielen Dank nochmal

john.doe · 29.09.2009, 18:26

Zitat:

braucht ihr n .log file ?

Ja, alle und bitte vollständig. Sollten sie zu lang sein, dann kannst du sie auch in den Anhang packen.

ciao, andreas

basti51 · 29.09.2009, 18:27

-sorry irgendwas lief hier extrem schief-

LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-09-29 19:31:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (55%) free of 15 GB
Total RAM: 3327 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:56, on 29.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Miranda IM\miranda32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Basti\RSIT.exe
C:\Programme\HijackThis\Admin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Miranda32.lnk = C:\Programme\Miranda IM\miranda32.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4080 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2009-07-01 37888]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"COMODO Internet Security"=C:\Programme\Comodo\COMODO Internet Security\cfp.exe [2009-09-18 1799952]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D92 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE [2006-09-27 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"JavaQuickStarterService"=2
"TuneUp.ProgramStatisticsSvc"=2

C:\Documents and Settings\Admin\Start Menu\Programs\Startup
Miranda32.lnk - C:\Programme\Miranda IM\miranda32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-08-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Miranda IM\miranda32.exe"="C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe"="D:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"D:\Programme\uTorrent\uTorrent.exe"="D:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Programme\Dead Space\Dead Space.exe"="D:\Programme\Dead Space\Dead Space.exe:*:Enabled

ead Space ™"
"D:\Programme\Steam\SteamApps\szeppe\team fortress 2\hl2.exe"="D:\Programme\Steam\SteamApps\szeppe\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Programme\RESIDENT EVIL 5\RE5DX9.EXE"="D:\Programme\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"D:\Programme\RESIDENT EVIL 5\RE5DX10.EXE"="D:\Programme\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
"D:\Programme\Steam\steam.exe"="D:\Programme\Steam\steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-29 19:20:19 ----D---- C:\rsit
2009-09-29 19:00:53 ----D---- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2009-09-29 19:00:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-29 16:37:15 ----D---- C:\WINDOWS\ERUNT
2009-09-29 16:36:07 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-27 17:57:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-18 15:13:52 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-16 12:51:41 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2009-09-16 12:51:40 ----A---- C:\WINDOWS\system32\E_FLBBZE.DLL
2009-09-16 12:51:40 ----A---- C:\WINDOWS\system32\E_FD4BBZE.DLL
2009-09-16 12:51:10 ----D---- C:\Program Files\EPSON
2009-09-16 12:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2009-09-12 14:58:06 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-09-12 14:55:32 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-09-12 14:49:13 ----A---- C:\WINDOWS\WININIT.INI
2009-09-11 23:21:36 ----D---- C:\WINDOWS\system32\Futuremark
2009-09-11 23:21:35 ----D---- C:\Program Files\Common Files\Futuremark Shared
2009-09-11 23:21:13 ----D---- C:\WINDOWS\Sun
2009-09-11 23:20:17 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-11 23:20:17 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-11 23:20:17 ----A---- C:\WINDOWS\system32\java.exe
2009-09-11 23:20:17 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-11 23:20:06 ----D---- C:\Program Files\Java
2009-09-11 23:19:34 ----D---- C:\Documents and Settings\Admin\Application Data\Sun
2009-09-11 18:47:01 ----D---- C:\Program Files\OpenAL
2009-09-11 18:47:01 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-09-11 18:46:59 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-09-11 14:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-09-11 14:00:50 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-09-11 14:00:37 ----D---- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
2009-09-11 13:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-09-07 14:29:41 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-07 14:29:13 ----D---- C:\WINDOWS\SxsCaPendDel
2009-09-07 14:26:03 ----D---- C:\WINDOWS\system32\xlive
2009-09-07 14:26:02 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-09-06 19:59:21 ----RHD---- C:\Documents and Settings\Admin\Application Data\SecuROM
2009-09-06 19:47:22 ----D---- C:\Program Files\AMD
2009-09-06 19:46:11 ----D---- C:\WINDOWS\system32\AGEIA
2009-09-06 19:46:11 ----D---- C:\Program Files\AGEIA Technologies
2009-09-06 19:45:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-06 19:30:01 ----D---- C:\Documents and Settings\Admin\Application Data\WinRAR
2009-09-06 19:14:14 ----D---- C:\Program Files\WinRAR
2009-09-01 18:23:12 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-09-01 18:23:02 ----D---- C:\Documents and Settings\Admin\Application Data\id Software
2009-09-01 18:23:00 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-01 18:23:00 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-09-01 18:23:00 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-09-01 18:22:51 ----D---- C:\Documents and Settings\All Users\Application Data\id Software
2009-08-30 19:13:48 ----D---- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Pro
2009-08-30 17:24:58 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2009-08-30 17:07:00 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2009-08-30 17:02:41 ----D---- C:\WINDOWS\pss
2009-08-30 17:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-30 16:56:39 ----A---- C:\WINDOWS\ODBC.INI
2009-08-30 16:56:36 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-08-30 16:55:55 ----D---- C:\Program Files\Common Files\DESIGNER
2009-08-30 16:55:49 ----D---- C:\WINDOWS\SHELLNEW
2009-08-30 16:55:47 ----D---- C:\Program Files\Microsoft.NET
2009-08-30 16:40:09 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-08-30 16:40:08 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-08-30 16:40:07 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-08-30 16:38:59 ----D---- C:\Documents and Settings\Admin\Application Data\TuneUp Software
2009-08-30 16:38:49 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-08-30 16:37:58 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-30 16:31:00 ----A---- C:\WINDOWS\system32\h323log.txt
2009-08-30 16:27:15 ----D---- C:\Program Files\Common Files\Adobe
2009-08-30 16:26:45 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-30 16:25:25 ----A---- C:\WINDOWS\imsins.BAK
2009-08-30 16:25:22 ----SHD---- C:\WINDOWS\Installer
2009-08-30 16:25:22 ----D---- C:\Program Files\Common Files\ODBC
2009-08-30 16:25:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-30 16:25:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-08-30 16:25:18 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-30 16:25:17 ----RD---- C:\Program Files
2009-08-30 16:25:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-30 16:25:17 ----D---- C:\Program Files\Common Files
2009-08-30 16:25:14 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-08-30 16:25:13 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-08-30 16:25:13 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-08-30 16:25:11 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-08-30 16:25:08 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-08-30 16:25:06 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-08-30 16:25:06 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-08-30 16:25:06 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-08-30 16:25:06 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-08-30 16:25:06 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-08-30 16:25:04 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-08-30 16:25:02 ----A---- C:\WINDOWS\system32\irclass.dll
2009-08-30 16:25:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-08-30 16:25:01 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-08-30 16:25:01 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-08-30 16:25:01 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-08-30 16:24:58 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-08-30 16:24:58 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-08-30 16:24:58 ----A---- C:\WINDOWS\system32\batt.dll
2009-08-30 16:24:57 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-30 16:24:57 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-08-30 16:24:49 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-08-30 16:22:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-30 16:22:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-30 16:22:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-30 16:22:23 ----D---- C:\Documents and Settings
2009-08-30 16:22:22 ----SHD---- C:\System Volume Information
2009-08-30 16:17:15 ----SD---- C:\WINDOWS\Offline Web Pages
2009-08-30 16:17:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-30 16:17:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-30 16:17:15 ----RSD---- C:\WINDOWS\Fonts
2009-08-30 16:17:15 ----RD---- C:\WINDOWS\Web
2009-08-30 16:17:15 ----HD---- C:\WINDOWS\inf
2009-08-30 16:17:15 ----D---- C:\WINDOWS\WinSxS
2009-08-30 16:17:15 ----D---- C:\WINDOWS\WBEM
2009-08-30 16:17:15 ----D---- C:\WINDOWS\twain_32
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Temp
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\wins
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\wbem
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\usmt
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\spool
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\ShellExt
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\Setup
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\scripting
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\ras
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\oobe
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\npp
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\mui
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\Macromed
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\IME
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\icsxml
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\ias
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\export
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\en-US
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\en
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\drivers
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\dhcp
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\config
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\3com_dmi
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32\1033
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system32
2009-08-30 16:17:15 ----D---- C:\WINDOWS\system
2009-08-30 16:17:15 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-30 16:17:15 ----D---- C:\WINDOWS\security
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Resources
2009-08-30 16:17:15 ----D---- C:\WINDOWS\repair
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Provisioning
2009-08-30 16:17:15 ----D---- C:\WINDOWS\PeerNet
2009-08-30 16:17:15 ----D---- C:\WINDOWS\pchealth
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Network Diagnostic
2009-08-30 16:17:15 ----D---- C:\WINDOWS\mui
2009-08-30 16:17:15 ----D---- C:\WINDOWS\msapps
2009-08-30 16:17:15 ----D---- C:\WINDOWS\msagent
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Media
2009-08-30 16:17:15 ----D---- C:\WINDOWS\L2Schemas
2009-08-30 16:17:15 ----D---- C:\WINDOWS\java
2009-08-30 16:17:15 ----D---- C:\WINDOWS\ime
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Help
2009-08-30 16:17:15 ----D---- C:\WINDOWS\ehome
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Driver Cache
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Debug
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Cursors
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Connection Wizard
2009-08-30 16:17:15 ----D---- C:\WINDOWS\Config
2009-08-30 16:17:15 ----D---- C:\WINDOWS\AppPatch
2009-08-30 16:17:15 ----D---- C:\WINDOWS\addins
2009-08-30 16:17:15 ----D---- C:\WINDOWS
2009-08-30 15:51:49 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-08-30 15:51:48 ----A---- C:\WINDOWS\system32\guard32.dll
2009-08-30 15:51:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-30 15:51:40 ----D---- C:\Program Files\ATI Technologies
2009-08-30 15:51:24 ----D---- C:\Program Files\Common Files\InstallShield
2009-08-30 15:47:43 ----D---- C:\Documents and Settings\Admin\Application Data\Macromedia
2009-08-30 15:47:43 ----D---- C:\Documents and Settings\Admin\Application Data\Adobe
2009-08-30 15:46:01 ----D---- C:\Documents and Settings\Admin\Application Data\Winamp
2009-08-30 15:45:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-30 15:45:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-30 15:45:13 ----D---- C:\Program Files\Intel
2009-08-30 15:42:14 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-30 15:41:07 ----D---- C:\Documents and Settings\Admin\Application Data\Identities
2009-08-30 15:41:05 ----HD---- C:\Program Files\Uninstall Information
2009-08-30 15:41:02 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2009-08-30 15:41:02 ----ASH---- C:\Documents and Settings\Admin\Application Data\desktop.ini
2009-08-30 15:40:05 ----D---- C:\WINDOWS\Prefetch
2009-08-30 15:40:04 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-30 15:40:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-30 15:37:21 ----D---- C:\WINDOWS\system32\xircom
2009-08-30 15:37:21 ----D---- C:\Program Files\xerox
2009-08-30 15:37:21 ----D---- C:\Program Files\microsoft frontpage
2009-08-30 15:37:02 ----A---- C:\WINDOWS\control.ini
2009-08-30 15:37:02 ----A---- C:\AUTOEXEC.BAT
2009-08-30 15:36:52 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-30 15:36:48 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-08-30 15:36:09 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-08-30 15:36:07 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-08-30 15:36:03 ----HD---- C:\Program Files\WindowsUpdate
2009-08-30 15:35:41 ----D---- C:\WINDOWS\system32\DirectX
2009-08-30 15:35:31 ----A---- C:\WINDOWS\system32\atrace.dll
2009-08-30 15:35:28 ----A---- C:\WINDOWS\system32\desktop.ini
2009-08-30 15:35:28 ----A---- C:\WINDOWS\desktop.ini
2009-08-30 15:35:20 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-08-30 15:35:18 ----A---- C:\WINDOWS\system32\acctres.dll
2009-08-30 15:35:17 ----D---- C:\Program Files\Common Files\Services
2009-08-30 15:35:14 ----SD---- C:\WINDOWS\Tasks
2009-08-30 15:35:14 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-08-30 15:35:13 ----D---- C:\Program Files\Common Files\MSSoap

john.doe · 29.09.2009, 18:31

In deinem Beitrag unten rechts, da steht Editieren drauf.

ciao, andreas

basti51 · 29.09.2009, 18:37

Zitat:

Zitat von john.doe

In deinem Beitrag unten rechts, da steht Editieren drauf.

ciao, andreas

Ja dann lag es wohl an mir oder meinem Browser da stand nur beim 1.Beitrag Editieren und unten dann nicht mehr.

LOG Teil 2

2009-08-30 15:35:04 ----D---- C:\WINDOWS\srchasst
2009-08-30 15:35:01 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-30 15:35:01 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-30 15:35:01 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-08-30 15:35:01 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-08-30 15:35:00 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-30 15:35:00 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-30 15:35:00 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-08-30 15:35:00 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-30 15:35:00 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-30 15:34:59 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-08-30 15:34:59 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-08-30 15:34:59 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-08-30 15:34:59 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-08-30 15:34:59 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-08-30 15:34:54 ----D---- C:\Program Files\Movie Maker
2009-08-30 15:34:33 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-08-30 15:34:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-08-30 15:34:33 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-08-30 15:34:33 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-08-30 15:34:28 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-08-30 15:34:27 ----D---- C:\WINDOWS\system32\Restore
2009-08-30 15:34:27 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-08-30 15:34:27 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-08-30 15:34:27 ----A---- C:\WINDOWS\system32\srclient.dll
2009-08-30 15:34:27 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-08-30 15:34:26 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-08-30 15:34:26 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-08-30 15:34:26 ----A---- C:\WINDOWS\system32\ils.dll
2009-08-30 15:34:25 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-08-30 15:34:25 ----A---- C:\WINDOWS\system32\msconf.dll
2009-08-30 15:34:25 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-08-30 15:34:21 ----D---- C:\Program Files\NetMeeting
2009-08-30 15:34:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-08-30 15:34:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-08-30 15:34:20 ----A---- C:\WINDOWS\system32\inetres.dll
2009-08-30 15:34:19 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-08-30 15:34:17 ----D---- C:\Program Files\Outlook Express
2009-08-30 15:34:17 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-08-30 15:34:17 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-08-30 15:34:17 ----A---- C:\WINDOWS\system32\mstask.dll
2009-08-30 15:34:16 ----A---- C:\WINDOWS\system32\isign32.dll
2009-08-30 15:34:16 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-08-30 15:34:16 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-08-30 15:34:16 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-08-30 15:34:09 ----D---- C:\Program Files\Common Files\System
2009-08-30 15:34:07 ----D---- C:\Program Files\Internet Explorer
2009-08-30 15:33:34 ----D---- C:\Program Files\ComPlus Applications
2009-08-30 15:33:32 ----A---- C:\WINDOWS\vbaddin.ini
2009-08-30 15:33:32 ----A---- C:\WINDOWS\vb.ini
2009-08-30 15:33:27 ----D---- C:\WINDOWS\Registration
2009-08-30 15:33:19 ----D---- C:\Program Files\Online Services
2009-08-30 15:33:13 ----D---- C:\Program Files\Unlocker
2009-08-30 15:33:13 ----D---- C:\Program Files\Microsoft PowerToys
2009-08-30 15:33:13 ----D---- C:\Program Files\HashTab Shell Extension
2009-08-30 15:33:05 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-30 15:33:04 ----D---- C:\Program Files\Windows Media Player
2009-08-30 15:33:03 ----D---- C:\Program Files\Messenger
2009-08-30 15:32:58 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-30 15:32:58 ----A---- C:\WINDOWS\system32\write.exe
2009-08-30 15:32:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-08-30 15:32:47 ----A---- C:\WINDOWS\system32\hticons.dll
2009-08-30 15:32:47 ----A---- C:\WINDOWS\system32\avwav.dll
2009-08-30 15:32:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-08-30 15:32:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-08-30 15:32:46 ----A---- C:\WINDOWS\system32\winchat.exe
2009-08-30 15:32:38 ----A---- C:\WINDOWS\system32\getuname.dll
2009-08-30 15:32:38 ----A---- C:\WINDOWS\system32\charmap.exe
2009-08-30 15:32:37 ----A---- C:\WINDOWS\system32\sol.exe
2009-08-30 15:32:37 ----A---- C:\WINDOWS\system32\calc.exe
2009-08-30 15:32:36 ----A---- C:\WINDOWS\system32\winmine.exe
2009-08-30 15:32:36 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-08-30 15:32:36 ----A---- C:\WINDOWS\system32\reset.exe
2009-08-30 15:32:36 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-08-30 15:32:36 ----A---- C:\WINDOWS\system32\freecell.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\tskill.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\tscon.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\shadow.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\regini.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-08-30 15:32:35 ----A---- C:\WINDOWS\system32\msg.exe
2009-08-30 15:32:34 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-08-30 15:32:34 ----A---- C:\WINDOWS\system32\logoff.exe
2009-08-30 15:32:34 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-08-30 15:32:27 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-08-30 15:32:13 ----D---- C:\Program Files\MSN
2009-08-30 15:32:12 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-08-30 15:32:12 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-08-30 15:32:12 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-08-30 15:32:12 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-08-30 15:32:11 ----D---- C:\Program Files\Windows NT
2009-08-30 15:32:11 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-08-30 15:32:10 ----A---- C:\WINDOWS\system32\spider.exe
2009-08-30 15:32:10 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-08-30 15:32:09 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-08-30 15:32:09 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-08-30 15:32:09 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-08-30 15:32:08 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-08-30 15:32:08 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-08-30 15:32:07 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-08-30 15:32:07 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-08-30 15:32:07 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-08-30 15:32:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-08-30 15:32:07 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-08-30 15:32:07 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-08-30 15:32:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-08-30 15:32:05 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-30 15:32:05 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-08-30 15:32:05 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-08-30 15:32:05 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-08-30 15:32:05 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-08-30 15:32:04 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-08-30 15:32:04 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-08-30 15:32:04 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-08-30 15:32:03 ----D---- C:\WINDOWS\system32\Com
2009-08-30 15:32:03 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-08-30 15:32:03 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-08-30 15:32:03 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-08-30 15:32:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-08-30 15:32:03 ----A---- C:\WINDOWS\system32\colbact.dll
2009-08-30 15:32:02 ----A---- C:\WINDOWS\system32\stclient.dll
2009-08-30 15:32:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-08-30 15:32:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-08-30 15:32:02 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-08-30 15:32:02 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-08-30 15:32:01 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-08-30 15:32:01 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-08-30 15:32:01 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-08-30 15:32:00 ----A---- C:\WINDOWS\system32\comuid.dll
2009-08-30 15:32:00 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-08-30 15:32:00 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-08-30 15:31:52 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-08-30 15:31:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-08-30 15:31:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-08-30 15:31:52 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-08-30 15:29:18 ----N---- C:\WINDOWS\system32\px.dll
2009-08-30 15:26:20 ----D---- C:\Documents and Settings\Admin\Application Data\ATI
2009-08-30 15:26:03 ----D---- C:\WINDOWS\system32\Lang
2009-08-30 15:23:59 ----D---- C:\WINDOWS\system32\RTCOM
2009-08-30 15:23:57 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-30 15:23:53 ----A---- C:\WINDOWS\vncutil.exe
2009-08-30 15:23:53 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-08-30 15:23:53 ----A---- C:\WINDOWS\SkyTel.exe
2009-08-30 15:23:53 ----A---- C:\WINDOWS\RtlUpd.exe
2009-08-30 15:23:52 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-08-30 15:23:52 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-08-30 15:23:52 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-08-30 15:23:51 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-08-30 15:23:50 ----D---- C:\Program Files\Realtek
2009-08-30 15:23:50 ----A---- C:\WINDOWS\MicCal.exe
2009-08-30 15:23:50 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-08-30 15:23:50 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-08-30 15:23:47 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-08-30 15:18:00 ----D---- C:\Program Files\MSBuild
2009-08-30 15:17:57 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-30 15:17:54 ----D---- C:\Program Files\Reference Assemblies
2009-08-30 15:17:36 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-08-30 15:17:34 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-30 15:17:06 ----RSD---- C:\WINDOWS\assembly
2009-08-30 15:16:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-30 15:04:10 ----D---- C:\Documents and Settings\Admin\Application Data\Mozilla
2009-08-30 15:04:02 ----D---- C:\Programme
2009-08-30 14:58:42 ----SHD---- C:\RECYCLER
2009-08-30 14:56:29 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-30 14:56:29 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-30 14:56:29 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-30 14:56:29 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-30 14:56:29 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-30 14:56:28 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-30 14:56:28 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-30 14:56:28 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-08-30 14:56:28 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-08-30 14:56:28 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-08-30 14:56:27 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-08-30 14:56:27 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-08-30 14:56:27 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-08-30 14:56:27 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-08-30 14:56:27 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-08-30 14:56:27 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-08-30 14:56:26 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-08-30 14:56:26 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-08-30 14:56:26 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-08-30 14:56:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-08-30 14:56:26 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-08-30 14:56:26 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-08-30 14:56:25 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-08-30 14:56:25 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-08-30 14:56:25 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-08-30 14:56:25 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-08-30 14:56:25 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-08-30 14:56:24 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-08-30 14:56:24 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-08-30 14:56:24 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-08-30 14:56:24 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-30 14:56:24 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-30 14:56:23 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-08-30 14:56:23 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-30 14:56:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-08-30 14:56:23 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-08-30 14:56:23 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-08-30 14:56:22 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-08-30 14:56:22 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-08-30 14:56:22 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-08-30 14:56:22 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-08-30 14:56:21 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-30 14:56:21 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-08-30 14:56:21 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-08-30 14:56:21 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-08-30 14:56:21 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-08-30 14:56:21 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-08-30 14:56:20 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-08-30 14:56:20 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-08-30 14:56:20 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-08-30 14:56:20 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-08-30 14:56:20 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-08-30 14:56:19 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-08-30 14:56:18 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-08-30 14:56:18 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-08-30 14:56:18 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-08-30 14:56:18 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-08-30 14:56:18 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-08-30 14:56:18 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-08-30 14:56:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-08-30 14:55:09 ----D---- C:\WINDOWS\Logs

======List of files/folders modified in the last 1 months======

2009-09-24 16:51:42 ----A---- C:\WINDOWS\win.ini
2009-09-16 13:21:23 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-09-18 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-09-18 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-05-29 62848]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-10-12 94592]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-24 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 av4dt3f5;av4dt3f5; C:\WINDOWS\system32\drivers\av4dt3f5.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-08-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-08-18 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe [2009-09-18 723632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-27 75064]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25

69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29

46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-30 361216]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-11 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-30 604416]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

john.doe · 29.09.2009, 18:46

Jetzt noch die info.txt von RSIT und das Log von Malwarebytes.

Start => Ausführen => c:\rsit\info.txt (eintippeln) => OK

ciao, andreas

basti51 · 29.09.2009, 18:49

Zitat:

Zitat von john.doe

Jetzt noch die info.txt von RSIT und das Log von Malwarebytes.

Start => Ausführen => c:\rsit\info.txt (eintippeln) => OK

ciao, andreas

da ist sie

info.txt logfile of random's system information tool 1.06 2009-09-29 19:20:36

======Uninstall list======

-->MsiExec /X{6833245E-DD86-479A-882A-8360D62C8194}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"D:\Programme\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
COMODO Internet Security-->C:\Programme\Comodo\COMODO Internet Security\cfpconfg.exe -u
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EvilLyrics-->"D:\Programme\EvilLyrics\uninst.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Guitar Pro 5.2-->"D:\Programme\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Miranda IM 0.7.19-->C:\Programme\Miranda IM\Uninstall.exe
Mozilla Firefox (3.5.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
NDSROM Player-->D:\Programme\NDSROM Player\Uninstal.exe
NVIDIA PhysX-->MsiExec.exe /X{6833245E-DD86-479A-882A-8360D62C8194}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{D9B3B577-26BD-4CB2-9072-8029AE097AFE}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RESIDENT EVIL 5-->MsiExec.exe /X{AC08BBA0-96B9-431A-A7D0-D8598E493775}
Runes of Magic-->"D:\Programme\Runes of Magic\unins000.exe"
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
VLC media player 1.0.1-->C:\Programme\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
WinAVI Video Converter-->"D:\Programme\WinAVI\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack-->C:\Programme\XP Codec Pack\Uninstall.exe

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-09-29]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-09-29]
O13 - Gopher Prefix: [2009-09-29]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-09-29]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-09-29]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, [2009-09-29]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-09-29]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-09-29]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-09-29]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-09-29]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: COMODO Antivirus (disabled)
FW: COMODO Firewall

======System event log======

Computer Name: FICKAS
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Record Number: 108
Source Name: SideBySide
Time Written: 20090830150532.000000+120
Event Type: error
User:

Computer Name: FICKAS
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\system32\atiadlxx.dll.
Reference error message: The operation completed successfully.
.

Record Number: 107
Source Name: SideBySide
Time Written: 20090830150123.000000+120
Event Type: error
User:

Computer Name: FICKAS
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 106
Source Name: SideBySide
Time Written: 20090830150123.000000+120
Event Type: error
User:

Computer Name: FICKAS
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Record Number: 105
Source Name: SideBySide
Time Written: 20090830150123.000000+120
Event Type: error
User:

Computer Name: FICKAS
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\system32\atiadlxx.dll.
Reference error message: The operation completed successfully.
.

Record Number: 104
Source Name: SideBySide
Time Written: 20090830150035.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: FICKAS
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Record Number: 183
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090830151804.000000+120
Event Type: warning
User:

Computer Name: FICKAS
Event Code: 0
Message: Configuration section system.serviceModel.activation does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 182
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090830151803.000000+120
Event Type: warning
User:

Computer Name: FICKAS
Event Code: 0
Message: Configuration section system.runtime.serialization does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 181
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090830151803.000000+120
Event Type: warning
User:

Computer Name: FICKAS
Event Code: 0
Message: Configuration section system.serviceModel does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 180
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090830151803.000000+120
Event Type: warning
User:

Computer Name: FICKAS
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 178
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090830151803.000000+120
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

john.doe · 29.09.2009, 18:56

Spybot würde ich deinstallieren und stattdessen ab und zu mit Malwarebytes scannen. Ansonsten sieht das ordentlich aus.

Starte HJT => Do a system scan only => Markiere:

Code:

ATTFilter

Alle R0, F2, O2, O8 und O9-Einträge
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

=> Fix checked

Wenn du dann noch das Log von Malwarebytes postest, dann sind wir fertig.

ciao, andreas

basti51 · 29.09.2009, 19:06

Ok werde auf Malwarebytes umsatteln.
Das ctfmon.exe ist meine Firewall gewesen (hab es gefixt)
(Danke!)

hier das log (bin nicht sicher ob es ganz durchgelaufen ist, systempartition wurde aber durchgechecked)

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2872
Windows 5.1.2600 Service Pack 3

29.09.2009 19:20:09
mbam-log-2009-09-29 (19-20-09).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 71366
Laufzeit: 14 minute(s), 49 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Basti\Programme\Alcohol 120% v1.9.7.6221\CRACK\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.

john.doe · 29.09.2009, 19:13

Zitat:

D:\Basti\Programme\Alcohol 120% v1.9.7.6221\CRACK\Alcohol.exe

Einfach keine geklauten Programme einsetzen, dann gibt es auch keine Probleme mit Schädlingen. Ändere von einem sauberen Rechner noch alle deine Kennwörter.

Hier geht es weiter => http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
Andreas

basti51 · 29.09.2009, 19:14

Da hast wohl recht, ist natürlich das einzige was ich habe und von jemand anders und sowieso hab ich mit solchen dingen nichts am hut

Vielen Dank nochmal, warst wirklich eine große Hilfe

EDIT:Mein System wird wohl erstmal bis zum Stabilen Windows 7 so bestehen bleiben

zufällige .exe dateien

Plagegeister aller Art und deren Bekämpfung: zufällige .exe dateien