| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.04.2010, 15:23
| #1 |
| |  3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" Hallo, gestern wollte mein PC nicht richtig hochfahren (Windows lief zwar, aber ich konnte - wenn überhaupt - nur sehr langsam irgendwas machen). Nach etlichen Neustarts ist er richtig hochgefahren und direkt meldete sich Antivir nacheinander mit 3 Meldungen: 1. C:\WINDOWS\system32\sshnas21.dll' ist befallen von 'TR/Renos.214528' [trojan] 2. 'C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\temp\Xtd.exe' ist befallen von 'TR/Dldr.Zlob.caz' [trojan] 3. 'C:\WINDOWS\Xnunaa.exe' ist befallen von 'TR/Dldr.Zlob.cay' [trojan] Ich habe mal nach den einzelnen gegoogelt, aber keine wirkliche Hilfe gefunden. Zu einem der drei gab es hauptsächlich Seiten auf japanisch? chinesisch? Und vielleicht ist es ja auch relevant, dass diese drei zusammen auftreten. Ich hoffe, mir kann geholfen werden. Also, Malwarebytes fand 13 infizierte Dateien und hat die auch, soweit ich das beurteilen kann, beseitigt. Seitdem treten auch keine Meldungen mehr auf. Hier das log-file: Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.04.2010 06:59:34
mbam-log-2010-04-21 (06-59-34).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 105448
Laufzeit: 17 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\webperform.DLL (Adware.WebPerform) -> No action taken.
HKEY_CLASSES_ROOT\Web.Perform (Adware.WebPerform) -> No action taken.
HKEY_CLASSES_ROOT\Web.Perform.1 (Adware.WebPerform) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Stephan\Lokale Einstellungen\temp\Xtd.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
Dann das log-file von RSIT: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Stephan at 2010-04-21 15:45:18 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 3 GB (3%) free of 95 GB Total RAM: 1014 MB (35% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:45:39, on 21.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe C:\Programme\Gacela\Nurago-Reporting.exe C:\Programme\Gacela\Nurago-Updater.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe c:\programme\uniprogramme\wdservice.exe C:\Programme\Apoint2K\Apoint.exe C:\Programme\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\NAVI\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internetprogramme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\xxx\Desktop\RSIT.exe C:\Programme\Schutzprogramme\HijackThis\xxx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Gacela2 - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Gacela - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Programme\Gacela\Gacela2.dll O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\NAVI\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Programme\Optimierungsprogramme\PSI\psi.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\NAVI\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\NAVI\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\NAVI\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll O9 - Extra 'Tools' menuitem: Über Gacela - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\Gacela\Gacela2.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {8B123450-3855-4BA9-9CCE-488400DA054E} (SceneGraphControl Class) - hxxp://www.yourgeo.de/plugin/AthensX.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe O23 - Service: Nurago-Reporting-Service - Unknown owner - C:\Programme\Gacela\Nurago-Reporting.exe O23 - Service: Nurago-Update-Service - Unknown owner - C:\Programme\Gacela\Nurago-Updater.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - c:\programme\uniprogramme\wdservice.exe O23 - Service: WebSecurityProxy - Unknown owner - C:\Programme\Uniprogramme\ILWIS\WSC.NTService_1.1.2\WSC.NTService_1.1.2\jsl\jsl.exe (file missing) -- End of file - 10048 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{F4A66AE9-A5DD-48F2-A731-0F5C826E58A8}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BEEA052-726D-4A6E-B65D-A6BD07C263F3}] Gacela - C:\Programme\Gacela\Gacela2.dll [2010-09-22 1438720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-11-07 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Programme\Search Settings\SearchSettings.dll [2010-01-08 1109504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-07 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408] {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - Gacela - C:\Programme\Gacela\Gacela2.dll [2010-09-22 1438720] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Programme\Apoint2K\Apoint.exe [2004-03-24 196608] "TPNF"=C:\Programme\TOSHIBA\TouchPad\TPTray.exe [2005-08-25 53248] "SVPWUTIL"=C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536] "Zooming"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576] "TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-08-22 28672] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-12 266240] "SmoothView"=C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [2005-05-13 118784] "TFncKy"=TFncKy.exe [] "Tvs"=C:\Programme\TOSHIBA\Tvs\TvsTray.exe [2005-04-05 73728] "NDSTray.exe"=NDSTray.exe [] "PadTouch"=C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe [2005-08-30 1077328] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168] "ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "avgnt"=C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "CeEKEY"=C:\Programme\TOSHIBA\E-KEY\CeEKey.exe [2005-09-06 671744] "SearchSettings"=C:\Programme\Search Settings\SearchSettings.exe [2010-01-08 974848] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "H/PC Connection Agent"=C:\Programme\CatrinsNAVI\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-09 401491] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-05-24 1226288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrpdfprsrv.exe] C:\Programme\PowerPDF\pwrpdfsrv.exe [2003-02-07 4219904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe /nosplash /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Schnellstart.lnk] C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^Secunia PSI.lnk] C:\PROGRA~1\SCHUTZ~1\PSI\psi.exe [] C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart Secunia PSI.lnk - C:\Programme\Optimierungsprogramme\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner" "C:\Programme\Kommunikatonsprogramme\ICQ6\ICQ.exe"="C:\Programme\Kommunikatonsprogramme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Kommunikatonsprogramme\Skype\Phone\Skype.exe"="C:\Programme\Kommunikatonsprogramme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c434157-9319-11de-9ea7-00040ec2c466}] shell\AutoRun\command - E:\Toshiba\more4you.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1107d73-4f79-11de-9a92-0016d424d4ae}] shell\AutoRun\command - E:\StartVMCLite.exe ======List of files/folders created in the last 1 months====== 2010-04-21 07:03:47 ----D---- C:\rsit 2010-04-18 09:10:00 ----SHD---- C:\Config.Msi 2010-04-17 23:39:04 ----A---- C:\WINDOWS\Xnunaa.exe 2010-04-17 16:47:17 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-23 17:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-03-23 17:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-03-23 17:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-03-23 17:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-03-23 17:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$ 2010-03-23 17:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-23 17:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-03-23 17:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-03-23 17:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-03-23 17:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-03-23 17:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-03-22 13:06:35 ----A---- C:\WINDOWS\CFChg.INI 2010-03-22 13:05:27 ----A---- C:\WINDOWS\NDSBrow.INI ======List of files/folders modified in the last 1 months====== 2010-04-21 15:42:06 ----D---- C:\WINDOWS\Internet Logs 2010-04-21 07:04:02 ----D---- C:\WINDOWS\Prefetch 2010-04-21 07:03:23 ----D---- C:\WINDOWS\Temp 2010-04-21 07:03:15 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-21 07:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2010-04-21 07:01:31 ----D---- C:\WINDOWS\system32\drivers 2010-04-21 07:01:31 ----D---- C:\WINDOWS\system32 2010-04-21 07:01:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-21 07:00:08 ----SD---- C:\WINDOWS\Tasks 2010-04-20 23:19:45 ----D---- C:\WINDOWS 2010-04-20 23:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$ 2010-04-20 23:17:59 ----D---- C:\Programme\Adobe Photoshop CS3 2010-04-20 19:39:50 ----D---- C:\WINDOWS\Debug 2010-04-20 18:21:21 ----HD---- C:\WINDOWS\inf 2010-04-18 09:20:58 ----SHD---- C:\WINDOWS\Installer 2010-04-18 09:17:59 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-04-18 09:13:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-04-18 09:12:14 ----D---- C:\Programme\Adobe 2010-04-18 07:48:16 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\vlc 2010-04-07 18:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-30 20:53:46 ----D---- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon Easy-WebPrint EX 2010-03-29 13:03:06 ----RD---- C:\Programme 2010-03-23 17:37:21 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-23 17:37:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-23 17:36:57 ----D---- C:\WINDOWS\ie8updates 2010-03-23 17:28:16 ----D---- C:\Programme\Movie Maker ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-02 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627] R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-15 28520] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545] R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-06-03 9600] R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-08-05 235840] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys [] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2273] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605] R2 WebDriveFSD;WebDrive File System Driver; \??\c:\programme\uniprogramme\rffsd.sys [] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-03-05 1066278] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-21 2324480] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 101874] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-24 127376] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] R3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176] R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-07-29 30592] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 drhard;DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [] S3 DTV_Capture_2X0;Digital TV Receiver; C:\WINDOWS\System32\Drivers\DTV_Capture_2X0.sys [2004-09-06 18432] S3 DTV_Loader_2X1;Digital TV Loader; C:\WINDOWS\System32\Drivers\DTV_Loader_2X1.sys [2005-04-19 19200] S3 ewdmaudn;ewdmaudn; \??\C:\DOKUME~1\xxx\LOKALE~1\Temp\ewdmaudn.sys [] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088] S3 GT681x;Grand Tech gt681x NT; C:\WINDOWS\system32\DRIVERS\gt681x.sys [] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-11-05 101120] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-09-25 43552] S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 8192] S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\sched.exe [2009-06-15 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Schutzprogramme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Application Updater;Application Updater; C:\Programme\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] R2 CFSvcs;ConfigFree Service; C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-11-07 153376] R2 NMSAccessU;NMSAccessU; C:\Programme\Brennprogramme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096] R2 Nurago-Reporting-Service;Nurago-Reporting-Service; C:\Programme\Gacela\Nurago-Reporting.exe [2009-02-23 102400] R2 Nurago-Update-Service;Nurago-Update-Service; C:\Programme\Gacela\Nurago-Updater.exe [2009-02-23 176128] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2005-09-16 53248] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-02-04 604416] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] R2 WebDriveService;WebDrive Service; c:\programme\uniprogramme\wdservice.exe [2003-03-26 94208] S2 WebSecurityProxy;WebSecurityProxy; C:\Programme\Uniprogramme\ILWIS\WSC.NTService_1.1.2\WSC.NTService_1.1.2\jsl\jsl.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-24 792112] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-04 361216] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341] S4 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
| Themen zu 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay" |
| antivir, antivir guard, avgntflt.sys, avira, bho, canon, cdburnerxp, combofix, desktop, device driver, einstellungen, excel, firefox, fontcache, hijack, hijackthis, hkus\s-1-5-18, home, infizierte dateien, kaspersky, langsam, launch, logfile, mozilla, nodrives, plug-in, realtek, registry, sehr langsam, skype.exe, software, spigot, system, trojan, trojan.downloader, trojaner, windows, windows xp |
Baum-Darstellung