| |
| |||||||
Log-Analyse und Auswertung: 20 TAN Trojaner versteckt sich irgendwoWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.09.2010, 15:23
| #1 |
 |  20 TAN Trojaner versteckt sich irgendwo Hallo! Ein Arbeitskollege hat sich irgendwo einen 20 TAN Trojaner eingefangen. Bisher konnten wir ihn allerdings noch nicht lokalisieren. Kann jemand weiterhelfen? Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:51, on 13.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell R3 - Default URLSearchHook is missing O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [Arm32] C:\Users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe O4 - HKCU\..\Run: [ciphzard] rundll32 "C:\Users\STEFAN~1\AppData\Local\Temp\dcomSTAT.dll",ClientDllStartup O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate1c9aa5572c8845e) (gupdate1c9aa5572c8845e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8262 bytes |
|
16.09.2010, 15:28
| #2 |
| /// Malware-holic   | 20 TAN Trojaner versteckt sich irgendwo hi,
__________________1. bank anrufen, online banking sperren. 2. hab ich ihn schon gesehen. das beste ist aber dann nachher neu aufzusetzen um ganz sicher zu sein, ich möchte aber noch dateien einsenden, um sie an antivirus hersteller einzusenden, damit alle besser geschützt sind. ich helfe euch dann, den pc für die zukunft abzusichern, er hat ihn sich warscheinlich über ne sicherheitslücke gefanen. 3. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
16.09.2010, 15:44
| #3 |
| | 20 TAN Trojaner versteckt sich irgendwo Sorry, aber ich komme an den PC erst nächste Woche wieder dran. Könntest du etwas genauer werden mit deinem "gesehen"?
__________________1. Online Banking ist schon lange gesperrt 2. Sicherheitslücke eigentlich nicht...war alles aktuell 3. Also ich habe ja so meine Hemmungen mit "Fremdprogrammen" und wie gesagt komme erst nächste Woche dazu |
|
16.09.2010, 16:07
| #4 |
| /// Malware-holic | 20 TAN Trojaner versteckt sich irgendwo hi, was ist denn hjt, ist doch auch nen programm und das allein würde niemals ausreichen das problem zu lösen. wenn ich dir sage, das hier noch offene sicherheitslücken sind, kannst du mir das ruhig glauben. O4 - HKCU\..\Run: [Arm32] C:\Users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe da ist eine infizierte datei, aber das wird bestimmt net die einzige sein und bitte nicht löschen sie muss analysiert werden evtl. warum kann dein bekannter sich nicht selbst anmelden, dann gehts schneller |
|
16.09.2010, 16:45
| #5 |
| | 20 TAN Trojaner versteckt sich irgendwo ...weil der sich nur auf Musik hören und Videos gucken beschränkt  |
|
16.09.2010, 16:59
| #6 |
| /// Malware-holic | 20 TAN Trojaner versteckt sich irgendwo na und, wir hatten schon sehr viele hier die behaupteten sie könnens net, am ende habens 99 % selbst hinbekommen. man, oder die leute selbst, trauen sich immer viel weniger zu als sie dann hinterher zeigen. |
|
16.09.2010, 17:04
| #7 |
| | 20 TAN Trojaner versteckt sich irgendwo Das Combofix-Log wird wohl morgen irgendwann kommen... |
|
16.09.2010, 17:04
| #8 |
| /// Malware-holic | 20 TAN Trojaner versteckt sich irgendwo ok. also bis dann :-) |
|
17.09.2010, 04:47
| #9 |
| | 20 TAN Trojaner versteckt sich irgendwoCode:
ATTFilter ComboFix 10-09-16.04 - stefan schneider 16.09.2010 23:03:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1107 [GMT 2:00]
ausgeführt von:: c:\users\stefan schneider\Documents\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\stefan schneider\AppData\Roaming\Adobe\Update\flacor.dat
c:\users\stefan schneider\AppData\Roaming\Microsoft\Windows\Recent\JDownloader.exe
c:\users\stefan schneider\Documents\cc_20100911_134430.reg
c:\users\STEFAN~1\AppData\Local\Temp\dcomSTAT.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 ))))))))))))))))))))))))))))))
.
2010-09-14 20:45 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 20:45 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 20:45 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 20:44 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 18:42 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-13 18:29 . 2010-09-13 18:29 -------- d-----w- c:\program files\Bonjour Print Services
2010-09-13 18:29 . 2010-09-13 18:29 -------- d-----w- c:\program files\Bonjour
2010-09-13 18:19 . 2010-09-13 18:19 -------- d-----w- c:\program files\Common Files\Java
2010-09-13 18:17 . 2010-09-13 18:17 -------- d-----w- c:\program files\Java
2010-09-13 18:13 . 2010-09-13 18:13 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-09-13 18:06 . 2010-09-13 18:06 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Avira
2010-09-13 18:01 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-13 18:01 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-13 17:41 . 2010-09-13 17:41 -------- d-----w- c:\program files\Windows Portable Devices
2010-09-13 17:38 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-13 17:38 . 2010-06-26 06:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-13 17:37 . 2010-06-26 06:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-13 17:37 . 2010-06-26 04:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-13 17:35 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-13 17:35 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-13 17:35 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-13 17:35 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2010-09-13 17:35 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2010-09-13 17:33 . 2010-09-13 17:33 -------- d-----w- c:\program files\Winamp Detect
2010-09-13 17:32 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-13 17:32 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-13 17:32 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-13 17:26 . 2010-09-13 17:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-13 17:21 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-09-13 17:21 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-13 17:21 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-09-13 17:21 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-13 17:21 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-13 17:21 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-09-13 17:21 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-09-13 17:21 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-13 17:20 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-13 17:20 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 17:14 . 2010-09-13 17:14 -------- d-----w- c:\users\stefan schneider\AppData\Local\Secunia PSI
2010-09-13 17:14 . 2010-09-13 17:14 -------- d-----w- c:\program files\Secunia
2010-09-13 14:01 . 2010-09-13 14:01 -------- d-----w- c:\program files\Trend Micro
2010-09-01 08:30 . 2010-09-01 08:30 15544 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-08-26 12:49 . 2010-08-26 12:49 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Helper
2010-08-26 12:48 . 2010-09-12 15:14 281600 ----a-w- c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 20:48 . 2009-04-30 01:34 674582 ----a-w- c:\windows\system32\perfh007.dat
2010-09-16 20:48 . 2009-04-30 01:34 146234 ----a-w- c:\windows\system32\perfc007.dat
2010-09-16 20:46 . 2009-03-21 18:46 -------- d-----w- c:\programdata\Google Updater
2010-09-16 10:50 . 2010-07-25 09:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-16 09:31 . 2009-03-23 16:41 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\UseNeXT
2010-09-15 09:21 . 2009-02-20 10:56 2850 ----a-w- c:\users\stefan schneider\AppData\Roaming\wklnhst.dat
2010-09-14 20:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 10:08 . 2009-05-08 14:38 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Free Download Manager
2010-09-13 19:01 . 2009-02-12 20:58 -------- d-----w- c:\program files\Microsoft Works
2010-09-13 18:35 . 2009-02-12 21:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-13 18:17 . 2010-04-26 09:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 18:13 . 2009-05-08 14:38 -------- d-----w- c:\program files\Free Download Manager
2010-09-13 17:46 . 2009-04-29 18:30 86920 ----a-w- c:\users\stefan schneider\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-13 17:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-13 17:40 . 2010-09-13 17:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-13 17:40 . 2010-09-13 17:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-13 17:37 . 2009-11-02 14:34 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Winamp
2010-09-13 17:35 . 2009-11-02 14:34 -------- d-----w- c:\program files\Winamp
2010-09-13 14:43 . 2009-05-05 14:29 6648 ----a-w- c:\users\stefan schneider\AppData\Local\d3d9caps.dat
2010-09-12 16:17 . 2010-04-23 14:44 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Obnuoz
2010-09-12 16:17 . 2009-11-10 10:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-12 11:39 . 2010-07-17 10:18 -------- d-----w- c:\programdata\CanonIJ
2010-09-08 16:37 . 2010-02-10 15:49 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-19 20:49 . 2009-03-23 16:41 -------- d-----w- c:\program files\UseNeXT
2010-08-19 12:56 . 2010-02-16 00:03 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Zyfoa
2010-08-19 12:38 . 2010-07-25 09:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-19 12:29 . 2009-08-17 06:07 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Ytad
2010-08-16 22:04 . 2009-10-18 11:50 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Thunderbird
2010-08-12 11:19 . 2009-07-24 11:54 -------- d-----w- c:\program files\CdCoverCreator
2010-08-09 12:08 . 2010-04-28 19:58 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Nyzo
2010-08-09 11:46 . 2009-08-08 20:44 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Ykud
2010-08-05 13:46 . 2010-07-20 08:18 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-04 14:43 . 2010-07-17 10:17 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Canon
2010-08-04 10:18 . 2009-12-25 20:33 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Paydoh
2010-07-27 09:30 . 2010-07-26 18:40 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Uqicz
2010-07-25 10:58 . 2010-02-10 15:32 -------- d--h--w- c:\programdata\CanonIJEGV
2010-07-25 09:18 . 2010-07-25 09:18 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Uniblue
2010-07-20 08:18 . 2010-07-20 08:18 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-20 08:18 . 2010-07-20 08:18 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-20 08:11 . 2010-07-20 08:11 -------- d-----w- c:\program files\CCleaner
2010-06-21 13:37 . 2010-08-12 09:57 2037760 ----a-w- c:\windows\system32\win32k.sys
2009-02-13 05:07 . 2009-02-13 05:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arm32]
2010-09-12 15:14 281600 ----a-w- c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2008-12-02 19:34 70144 ----a-w- c:\windows\System32\mmrtkrnl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-21 18:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9aa5572c8845e;Google Update Service (gupdate1c9aa5572c8845e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [2007-09-06 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 18:46]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{03628AF1-07FB-4ED4-8F9D-6D71E135D365}.job
- c:\windows\system32\msfeedssync.exe [2010-09-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
mSearch Bar = about:blank
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\stefan schneider\AppData\Roaming\Mozilla\Firefox\Profiles\k22q29dq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{6EED0530-4FBF-4581-A267-A90508A82A7C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Getdo - (no file)
MSConfigStartUp-TQ566808 - E:\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-16 23:24
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithProgids]
"++y_auto_file"=hex(0):
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\.*W%W%y*]
@Allowed: (Read) (RestrictedCode)
@="++y_auto_file"
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\edit\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
DUMPHIVE0.003 (REGF)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-16 23:28:12
ComboFix-quarantined-files.txt 2010-09-16 21:28
Vor Suchlauf: 10 Verzeichnis(se), 173.550.186.496 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 172.763.820.032 Bytes frei
- - End Of File - - 475ED489BAC46C25DAB8379466D2DDF1
|
|
17.09.2010, 09:38
| #10 |
| /// Malware-holic | 20 TAN Trojaner versteckt sich irgendwo start programme zubehör editor, kopiere rein: Killall:: File:: c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe datei speichern unter, ort dort wo sich combofix.exe befindet, typ alle dateien, name cfscript.txt ziehe cfscript auf combofix, programm startet, log posten. |
|
20.09.2010, 12:10
| #11 |
| | 20 TAN Trojaner versteckt sich irgendwoCode:
ATTFilter ComboFix 10-09-16.07 - stefan schneider 18.09.2010 0:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1036 [GMT 2:00]
ausgeführt von:: c:\users\stefan schneider\Documents\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\stefan schneider\Documents\cfscript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe"
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-17 bis 2010-09-17 ))))))))))))))))))))))))))))))
.
2010-09-17 22:31 . 2010-09-17 22:33 -------- d-----w- c:\users\stefan schneider\AppData\Local\temp
2010-09-17 22:31 . 2010-09-17 22:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-17 22:31 . 2010-09-17 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-14 20:45 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 20:45 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 20:45 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 20:44 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 18:42 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-13 18:29 . 2010-09-13 18:29 -------- d-----w- c:\program files\Bonjour Print Services
2010-09-13 18:29 . 2010-09-13 18:29 -------- d-----w- c:\program files\Bonjour
2010-09-13 18:19 . 2010-09-13 18:19 -------- d-----w- c:\program files\Common Files\Java
2010-09-13 18:17 . 2010-09-13 18:17 -------- d-----w- c:\program files\Java
2010-09-13 18:13 . 2010-09-13 18:13 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-09-13 18:06 . 2010-09-13 18:06 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Avira
2010-09-13 18:01 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-13 18:01 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-13 17:41 . 2010-09-13 17:41 -------- d-----w- c:\program files\Windows Portable Devices
2010-09-13 17:38 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-13 17:38 . 2010-06-26 06:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-13 17:37 . 2010-06-26 06:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-13 17:37 . 2010-06-26 04:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-13 17:35 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-13 17:35 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-13 17:35 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-13 17:35 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2010-09-13 17:35 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2010-09-13 17:33 . 2010-09-13 17:33 -------- d-----w- c:\program files\Winamp Detect
2010-09-13 17:32 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-13 17:32 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-13 17:32 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-13 17:26 . 2010-09-13 17:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-13 17:21 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-09-13 17:21 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-13 17:21 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-09-13 17:21 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-13 17:21 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-13 17:21 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-09-13 17:21 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-09-13 17:21 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-13 17:20 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-09-13 17:20 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 17:14 . 2010-09-13 17:14 -------- d-----w- c:\users\stefan schneider\AppData\Local\Secunia PSI
2010-09-13 17:14 . 2010-09-13 17:14 -------- d-----w- c:\program files\Secunia
2010-09-13 14:01 . 2010-09-13 14:01 -------- d-----w- c:\program files\Trend Micro
2010-09-01 08:30 . 2010-09-01 08:30 15544 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-08-26 12:49 . 2010-08-26 12:49 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Helper
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 21:49 . 2009-11-10 10:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-17 21:47 . 2009-03-21 18:46 -------- d-----w- c:\programdata\Google Updater
2010-09-17 21:46 . 2009-04-30 01:34 674582 ----a-w- c:\windows\system32\perfh007.dat
2010-09-17 21:46 . 2009-04-30 01:34 146234 ----a-w- c:\windows\system32\perfc007.dat
2010-09-16 22:32 . 2009-03-23 16:41 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\UseNeXT
2010-09-16 10:50 . 2010-07-25 09:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 09:21 . 2009-02-20 10:56 2850 ----a-w- c:\users\stefan schneider\AppData\Roaming\wklnhst.dat
2010-09-14 20:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 10:08 . 2009-05-08 14:38 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Free Download Manager
2010-09-13 19:01 . 2009-02-12 20:58 -------- d-----w- c:\program files\Microsoft Works
2010-09-13 18:35 . 2009-02-12 21:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-13 18:17 . 2010-04-26 09:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 18:13 . 2009-05-08 14:38 -------- d-----w- c:\program files\Free Download Manager
2010-09-13 17:46 . 2009-04-29 18:30 86920 ----a-w- c:\users\stefan schneider\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-13 17:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-13 17:40 . 2010-09-13 17:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-13 17:40 . 2010-09-13 17:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-13 17:37 . 2009-11-02 14:34 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Winamp
2010-09-13 17:35 . 2009-11-02 14:34 -------- d-----w- c:\program files\Winamp
2010-09-13 14:43 . 2009-05-05 14:29 6648 ----a-w- c:\users\stefan schneider\AppData\Local\d3d9caps.dat
2010-09-12 16:17 . 2010-04-23 14:44 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Obnuoz
2010-09-12 11:39 . 2010-07-17 10:18 -------- d-----w- c:\programdata\CanonIJ
2010-09-08 16:37 . 2010-02-10 15:49 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-19 20:49 . 2009-03-23 16:41 -------- d-----w- c:\program files\UseNeXT
2010-08-19 12:56 . 2010-02-16 00:03 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Zyfoa
2010-08-19 12:38 . 2010-07-25 09:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-19 12:29 . 2009-08-17 06:07 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Ytad
2010-08-16 22:04 . 2009-10-18 11:50 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Thunderbird
2010-08-12 11:19 . 2009-07-24 11:54 -------- d-----w- c:\program files\CdCoverCreator
2010-08-09 12:08 . 2010-04-28 19:58 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Nyzo
2010-08-09 11:46 . 2009-08-08 20:44 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Ykud
2010-08-05 13:46 . 2010-07-20 08:18 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-04 14:43 . 2010-07-17 10:17 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Canon
2010-08-04 10:18 . 2009-12-25 20:33 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Paydoh
2010-07-27 09:30 . 2010-07-26 18:40 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Uqicz
2010-07-25 10:58 . 2010-02-10 15:32 -------- d--h--w- c:\programdata\CanonIJEGV
2010-07-25 09:18 . 2010-07-25 09:18 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\Uniblue
2010-07-20 08:18 . 2010-07-20 08:18 -------- d-----w- c:\users\stefan schneider\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-20 08:18 . 2010-07-20 08:18 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-20 08:11 . 2010-07-20 08:11 -------- d-----w- c:\program files\CCleaner
2010-06-21 13:37 . 2010-08-12 09:57 2037760 ----a-w- c:\windows\system32\win32k.sys
2009-02-13 05:07 . 2009-02-13 05:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2008-12-02 19:34 70144 ----a-w- c:\windows\System32\mmrtkrnl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-21 18:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9aa5572c8845e;Google Update Service (gupdate1c9aa5572c8845e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [2007-09-06 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 18:46]
2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]
2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]
2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{03628AF1-07FB-4ED4-8F9D-6D71E135D365}.job
- c:\windows\system32\msfeedssync.exe [2010-09-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = about:blank
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\stefan schneider\AppData\Roaming\Mozilla\Firefox\Profiles\k22q29dq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Arm32 - c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithProgids]
"++y_auto_file"=hex(0):
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\.*W%W%y*]
@Allowed: (Read) (RestrictedCode)
@="++y_auto_file"
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\edit\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
DUMPHIVE0.003 (REGF)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Mouse Driver\KMProcess.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-18 00:41:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-17 22:40
ComboFix2.txt 2010-09-16 21:28
Vor Suchlauf: 14 Verzeichnis(se), 172.429.615.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 172.738.965.504 Bytes frei
- - End Of File - - D44F7E1D4177452D71C8BB0A7C76E553
|
|
20.09.2010, 13:53
| #12 |
| /// Malware-holic | 20 TAN Trojaner versteckt sich irgendwo ok rechtsklick avira schirm, guard deaktivieren. öffne arbeitsplatz, c:\qoobox und dort rechtsklick auf quarantaine und zu quarantaine.rar oder zip hinzufügen, archiv geht an uns. http://www.trojaner-board.de/54791-a...ner-board.html |
|
20.09.2010, 22:17
| #13 |
| | 20 TAN Trojaner versteckt sich irgendwo Und danach dann Neuinstallation oder was? |
|
21.09.2010, 11:22
| #14 |
| /// Malware-holic | 20 TAN Trojaner versteckt sich irgendwo genau so ists |
|
21.09.2010, 11:25
| #15 |
| | 20 TAN Trojaner versteckt sich irgendwo Muss ich noch vorher den MBR irgendwie fixen? |
|
| Themen zu 20 TAN Trojaner versteckt sich irgendwo |
| 20 tan, 20 tan trojaner, adobe, antivir, antivir guard, avg, avgnt, avira, bho, defender, desktop, explorer, free download, google, hijack, hijackthis, internet, internet explorer, local\temp, logfile, monitor, plug-in, rundll, safer networking, security, server, software, system, tan trojaner, temp, trojaner, versteckt sich, vista, windows |
Linear-Darstellung
