| |
| |||||||
Log-Analyse und Auswertung: udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.08.2010, 16:48
| #1 |
| |  udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt Hallo liebe TB user und mods ect. Ich versuch mich kurz zu fassen.: Ich schaute zu später stunde ein paar "feminiene Bilder im web an als plötzlich kis(cbe) anschlug wegen einem udp network angriff ...... alles war noch ok bis ich am nächsten tag den pc starten wollte wurde der dhcp-client nichtr mit gestartet wodurch (vista) die uhr oben rechts nicht mehr angezeigt wurde und die browser nicht mehr funktionierten... probiert probiert letztendlich beim 2ten versuch klappte die systemwiederherstellung und dann war aber kis die daten bak defekt und lies sich nicht updaten bzw reparieren. Also neues kis11 gekauft und alles geht wieder aber ich habe trotzallem massive netzwerk und cpu verbräuche. Ich habe alles aus dem TB tut befolgt und poste hier nun meine logs. :Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4424 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 13.08.2010 16:57:50 mbam-log-2010-08-13 (16-57-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 129062 Laufzeit: 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und der andere: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by ******* at 2010-08-13 17:00:44 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 197 GB (41%) free of 477 GB Total RAM: 3582 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:00:57, on 13.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files\ICQ7.1\ICQ.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\********\Downloads\++TB tut\RSIT.exe C:\Program Files\trend micro\******.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.c*m/fwlink/?LinkId=***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.c***********************ream/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=***** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=5**** R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=5***** R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=6**** R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MessengerPlusLive Germany TB Toolbar - {*********************** - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18***81C-E8A*-4*83-A596-FA5*8C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-402-4AF-8EC-516476863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE85869-2E5C-4ED4-87B-F1F7851A497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-4A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: ICQToolBar - {855F316-6D32-4FE6-8A56-BB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll O3 - Toolbar: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Geräteerkennung) - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe -- End of file - 10428 bytes ======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{D2B5F805-A34C-4DB9-90CF-084D78278A84}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}] Messenger Plus Live Germany Toolbar - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll [2010-04-15 2515552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-05-07 68280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}] MessengerPlusLive Germany TB Toolbar - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll [2010-06-13 2734688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-08-05 191160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592] {542e4d79-1970-4e95-9862-fdb96f61b280} - Messenger Plus Live Germany Toolbar - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll [2010-04-15 2515552] {76aeea42-e04a-4b62-83ab-df4b2be2541e} - MessengerPlusLive Germany TB Toolbar - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll [2010-06-13 2734688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] "SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] "AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] "NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-02-25 37888] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-05-07 344736] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424] "Steam"=C:\Program Files\Steam\Steam.exe [2010-06-04 1238352] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2010-07-25 1492944] "ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-08-09 133432] C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2010-05-07 228024] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-13 17:00:44 ----D---- C:\rsit 2010-08-13 17:00:44 ----D---- C:\Program Files\trend micro 2010-08-13 16:51:45 ----D---- C:\Users\********\AppData\Roaming\Malwarebytes 2010-08-13 16:51:19 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-13 16:51:18 ----D---- C:\ProgramData\Malwarebytes 2010-08-13 16:51:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-13 16:51:17 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-13 16:42:39 ----D---- C:\Program Files\CCleaner 2010-08-12 14:41:58 ----A---- C:\Windows\system32\iertutil.dll 2010-08-12 14:41:57 ----A---- C:\Windows\system32\mshtml.dll 2010-08-12 14:41:57 ----A---- C:\Windows\system32\ieframe.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\wininet.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\urlmon.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\occache.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\mstime.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\msfeeds.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\ieUnatt.exe 2010-08-12 14:41:56 ----A---- C:\Windows\system32\ieui.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iesysprep.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iesetup.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iernonce.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iepeers.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-12 14:41:56 ----A---- C:\Windows\system32\ie4uinit.exe 2010-08-12 14:41:55 ----A---- C:\Windows\system32\iccvid.dll 2010-08-12 14:41:54 ----A---- C:\Windows\system32\schannel.dll 2010-08-12 14:41:49 ----A---- C:\Windows\system32\win32k.sys 2010-08-12 14:41:43 ----A---- C:\Windows\system32\rtutils.dll 2010-08-12 14:41:34 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-12 14:41:34 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-12 14:41:31 ----A---- C:\Windows\system32\msxml3.dll 2010-08-12 14:41:28 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-12 14:41:28 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-12 14:41:27 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-09 11:07:50 ----A---- C:\Windows\system32\javaws.exe 2010-08-09 11:07:50 ----A---- C:\Windows\system32\javaw.exe 2010-08-09 11:07:50 ----A---- C:\Windows\system32\java.exe 2010-08-08 19:41:56 ----D---- C:\Users\*******\AppData\Roaming\mIRC 2010-08-08 19:41:56 ----D---- C:\Program Files\mIRC 2010-08-08 15:15:40 ----D---- C:\Program Files\Daedalic Entertainment 2010-08-05 22:10:20 ----D---- C:\Program Files\MessengerPlusLive_Germany_TB 2010-08-05 14:34:49 ----D---- C:\Program Files\Kaspersky Lab 2010-08-05 14:34:25 ----A---- C:\Windows\system32\drivers\klif.sys 2010-08-05 14:22:33 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-08-05 13:58:52 ----A---- C:\Windows\system32\shell32.dll 2010-08-01 13:56:41 ----A---- C:\Windows\system32\XAudio2_7.dll 2010-08-01 13:56:41 ----A---- C:\Windows\system32\XAPOFX1_5.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\xactengine3_7.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\D3DX9_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dx11_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dx10_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\d3dcsx_43.dll 2010-08-01 13:56:40 ----A---- C:\Windows\system32\D3DCompiler_43.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAudio2_6.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAudio2_5.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\XAPOFX1_4.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\xactengine3_6.dll 2010-08-01 13:56:39 ----A---- C:\Windows\system32\X3DAudio1_7.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\xactengine3_5.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dx11_42.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dx10_42.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\d3dcsx_42.dll 2010-08-01 13:56:38 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2010-08-01 13:56:37 ----A---- C:\Windows\system32\D3DX9_42.dll 2010-08-01 13:56:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-08-01 13:56:32 ----A---- C:\Windows\system32\XAudio2_3.dll 2010-08-01 13:56:32 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\XAudio2_2.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\xactengine3_3.dll 2010-08-01 13:56:31 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2010-08-01 13:56:30 ----A---- C:\Windows\system32\xactengine3_2.dll 2010-08-01 13:51:11 ----D---- C:\Program Files\Paradox Interactive 2010-07-29 23:22:49 ----D---- C:\Windows\system32\Adobe 2010-07-29 19:57:45 ----D---- C:\ProgramData\Zylom 2010-07-25 17:41:01 ----D---- C:\ProgramData\TrueCrypt 2010-07-25 17:31:46 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2010-07-25 16:59:45 ----D---- C:\Users\******\AppData\Roaming\TrueCrypt 2010-07-25 16:54:20 ----A---- C:\Windows\system32\drivers\truecrypt.sys 2010-07-25 16:53:56 ----D---- C:\Program Files\TrueCrypt 2010-07-24 15:04:11 ----D---- C:\Program Files\DAMN NFO Viewer 2010-07-23 17:01:00 ----D---- C:\ProgramData\Kaspersky Lab 2010-07-21 17:53:11 ----A---- C:\Windows\system32\devil.dll 2010-07-21 17:53:11 ----A---- C:\Windows\system32\avisynth.dll 2010-07-21 17:53:04 ----A---- C:\Windows\system32\yv12vfw.dll 2010-07-21 17:53:04 ----A---- C:\Windows\system32\i420vfw.dll 2010-07-21 17:53:04 ----A---- C:\Windows\system32\AVSredirect.dll 2010-07-21 17:53:03 ----D---- C:\Program Files\AviSynth 2.5 2010-07-21 17:52:19 ----RSH---- C:\Windows\system32\nbDX.dll 2010-07-21 17:52:19 ----RSH---- C:\Windows\system32\msfDX.dll 2010-07-21 17:52:18 ----RSH---- C:\Windows\system32\flvDX.dll 2010-07-21 17:51:59 ----D---- C:\Program Files\eRightSoft 2010-07-21 11:24:02 ----D---- C:\Users\***AppData\Roaming\HU2011 2010-07-21 11:20:33 ----D---- C:\Program Files\Hunting Unlimited 2011 2010-07-14 20:09:13 ----D---- C:\Program Files\Ubisoft 2010-07-14 17:50:36 ----D---- C:\Program Files\vixy.net 2010-07-14 17:28:22 ----D---- C:\Users\****\AppData\Roaming\streamripper 2010-07-14 17:20:51 ----D---- C:\Program Files\Streamripper 2010-07-14 17:11:56 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-07-14 17:11:55 ----D---- C:\Users\*****\AppData\Roaming\Winamp 2010-07-14 17:11:55 ----D---- C:\Program Files\Winamp ======List of files/folders modified in the last 1 months====== 2010-08-13 17:00:57 ----D---- C:\Windows\Prefetch 2010-08-13 17:00:49 ----D---- C:\Windows\Temp 2010-08-13 17:00:44 ----RD---- C:\Program Files 2010-08-13 17:00:08 ----D---- C:\Users\******\AppData\Roaming\Skype 2010-08-13 16:51:19 ----D---- C:\Windows\system32\drivers 2010-08-13 16:51:18 ----HD---- C:\ProgramData 2010-08-13 16:46:52 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-08-13 16:46:43 ----D---- C:\Windows\Minidump 2010-08-13 16:46:43 ----D---- C:\Windows\Debug 2010-08-13 16:46:43 ----D---- C:\Windows 2010-08-13 16:13:04 ----D---- C:\Windows\System32 2010-08-13 16:13:04 ----D---- C:\Windows\inf 2010-08-13 16:13:04 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-13 16:12:36 ----SHD---- C:\System Volume Information 2010-08-13 16:07:31 ----D---- C:\Users\******\AppData\Roaming\skypePM 2010-08-13 16:07:30 ----D---- C:\Users\*******\AppData\Roaming\ICQ 2010-08-13 16:07:09 ----D---- C:\Program Files\Steam 2010-08-12 17:12:46 ----D---- C:\Windows\Microsoft.NET 2010-08-12 17:12:25 ----RSD---- C:\Windows\assembly 2010-08-12 17:10:28 ----D---- C:\Windows\winsxs 2010-08-12 17:00:47 ----D---- C:\Program Files\ICQ7.1 2010-08-12 16:56:36 ----D---- C:\Windows\system32\migration 2010-08-12 16:56:36 ----D---- C:\Program Files\Movie Maker 2010-08-12 16:56:36 ----D---- C:\Program Files\Internet Explorer 2010-08-12 14:47:23 ----D---- C:\Windows\system32\catroot 2010-08-12 14:47:18 ----D---- C:\Program Files\Windows Mail 2010-08-12 14:41:14 ----D---- C:\Windows\system32\catroot2 2010-08-11 14:36:16 ----D---- C:\ProgramData\PopCap Games 2010-08-11 14:36:16 ----D---- C:\Program Files\PopCap Games 2010-08-11 14:29:35 ----D---- C:\Program Files\JDownloader 2010-08-09 11:08:34 ----SHD---- C:\Windows\Installer 2010-08-09 11:07:47 ----D---- C:\Program Files\Java 2010-08-07 09:16:42 ----D---- C:\Users\******\AppData\Roaming\Adobe 2010-08-05 22:09:52 ----D---- C:\Program Files\Messenger Plus! Live 2010-08-05 13:44:56 ----D---- C:\Windows\system32\Msdtc 2010-08-05 13:44:50 ----D---- C:\Windows\system32\wbem 2010-08-05 11:24:06 ----D---- C:\Windows\system32\config 2010-08-05 11:23:59 ----D---- C:\Windows\Tasks 2010-08-05 11:23:59 ----D---- C:\Windows\system32\Tasks 2010-08-05 11:23:59 ----D---- C:\Windows\system32\spool 2010-08-05 11:23:58 ----D---- C:\Windows\registration 2010-08-03 20:09:32 ----A---- C:\Windows\system32\mrt.exe 2010-08-03 16:57:00 ----D---- C:\Windows\SoftwareDistribution 2010-08-01 15:54:57 ----A---- C:\Windows\NeroDigital.ini 2010-08-01 14:39:13 ----SD---- C:\Users\*******\AppData\Roaming\Microsoft 2010-07-30 09:36:48 ----SD---- C:\Windows\Downloaded Program Files 2010-07-29 21:21:00 ----SD---- C:\ProgramData\Microsoft 2010-07-29 12:40:19 ----D---- C:\Program Files\Windows Live Safety Center 2010-07-21 17:53:02 ----RSD---- C:\Windows\Fonts 2010-07-21 11:20:32 ----HD---- C:\Program Files\InstallShield Installation Information 2010-07-17 05:00:04 ----A---- C:\Windows\system32\deployJava1.dll 2010-07-14 17:11:56 ----D---- C:\Program Files\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2010-05-07 132184] R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-07-25 230736] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-08-05 475224] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2010-05-07 132184] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-06-26 15600] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-05-07 344736] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-05-26 603904] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504] R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-16 136176] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664] S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-05-26 362240] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF----------------- Ich hoffe alles richtig gemacht zu haben und stehe gern bereit eventuelle fragen zu beantworten Ich bendanke mich auch jetzt schon mal bei allen die die logs "durchforsten" Mfg euer heumann  |
| Themen zu udp-network attack , kis datenbank defekt ,vista startet nicht dhcp-client nun sys wiederhergestellt |
| adobe, bereit, bho, browser, cpu, defender, device driver, dhcp-client, error, fontcache, frage, google, hdaudio.sys, hijack, hijackthis, home, home premium, installation, internet security 2011, kaspersky, kis, netzwerk, notepad.exe, nvlddmkm.sys, plug-in, preferences, programdata, realtek, registry, rundll, safer networking, security, skype.exe, software, start menu, starten, svchost.exe, tastatur, udp, verdacht auf trojaner, vista, wscript.exe |
Baum-Darstellung