Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   20 TAN Trojaner versteckt sich irgendwo (https://www.trojaner-board.de/90850-20-tan-trojaner-versteckt-irgendwo.html)

DatHirschi 16.09.2010 15:23
20 TAN Trojaner versteckt sich irgendwo
 
Hallo!

Ein Arbeitskollege hat sich irgendwo einen 20 TAN Trojaner eingefangen. Bisher konnten wir ihn allerdings noch nicht lokalisieren. Kann jemand weiterhelfen?

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:51, on 13.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [Arm32] C:\Users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe
O4 - HKCU\..\Run: [ciphzard] rundll32 "C:\Users\STEFAN~1\AppData\Local\Temp\dcomSTAT.dll",ClientDllStartup
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9aa5572c8845e) (gupdate1c9aa5572c8845e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8262 bytes

markusg 16.09.2010 15:28
hi,
1. bank anrufen, online banking sperren.
2. hab ich ihn schon gesehen. das beste ist aber dann nachher neu aufzusetzen um ganz sicher zu sein, ich möchte aber noch dateien einsenden, um sie an antivirus hersteller einzusenden, damit alle besser geschützt sind.
ich helfe euch dann, den pc für die zukunft abzusichern, er hat ihn sich warscheinlich über ne sicherheitslücke gefanen.
3.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

DatHirschi 16.09.2010 15:44
Sorry, aber ich komme an den PC erst nächste Woche wieder dran. Könntest du etwas genauer werden mit deinem "gesehen"?

1. Online Banking ist schon lange gesperrt

2. Sicherheitslücke eigentlich nicht...war alles aktuell

3. Also ich habe ja so meine Hemmungen mit "Fremdprogrammen" und wie gesagt komme erst nächste Woche dazu

markusg 16.09.2010 16:07
hi, was ist denn hjt, ist doch auch nen programm und das allein würde niemals ausreichen das problem zu lösen.
wenn ich dir sage, das hier noch offene sicherheitslücken sind, kannst du mir das ruhig glauben.
O4 - HKCU\..\Run: [Arm32] C:\Users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe
da ist eine infizierte datei, aber das wird bestimmt net die einzige sein und bitte nicht löschen sie muss analysiert werden evtl.
warum kann dein bekannter sich nicht selbst anmelden, dann gehts schneller

DatHirschi 16.09.2010 16:45
...weil der sich nur auf Musik hören und Videos gucken beschränkt :crazy:

markusg 16.09.2010 16:59
na und, wir hatten schon sehr viele hier die behaupteten sie könnens net, am ende habens 99 % selbst hinbekommen. man, oder die leute selbst, trauen sich immer viel weniger zu als sie dann hinterher zeigen.

DatHirschi 16.09.2010 17:04
Das Combofix-Log wird wohl morgen irgendwann kommen...

markusg 16.09.2010 17:04
ok. also bis dann :-)

DatHirschi 17.09.2010 04:47
Code:
ComboFix 10-09-16.04 - stefan schneider 16.09.2010  23:03:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2037.1107 [GMT 2:00]
ausgeführt von:: c:\users\stefan schneider\Documents\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\stefan schneider\AppData\Roaming\Adobe\Update\flacor.dat
c:\users\stefan schneider\AppData\Roaming\Microsoft\Windows\Recent\JDownloader.exe
c:\users\stefan schneider\Documents\cc_20100911_134430.reg
c:\users\STEFAN~1\AppData\Local\Temp\dcomSTAT.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-16 bis 2010-09-16  ))))))))))))))))))))))))))))))
.

2010-09-14 20:45 . 2010-04-16 16:46    502272    ----a-w-    c:\windows\system32\usp10.dll
2010-09-14 20:45 . 2010-08-17 14:11    128000    ----a-w-    c:\windows\system32\spoolsv.exe
2010-09-14 20:45 . 2010-04-05 17:02    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2010-09-14 20:44 . 2010-05-27 20:08    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2010-09-13 18:42 . 2010-03-05 14:01    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-09-13 18:29 . 2010-09-13 18:29    --------    d-----w-    c:\program files\Bonjour Print Services
2010-09-13 18:29 . 2010-09-13 18:29    --------    d-----w-    c:\program files\Bonjour
2010-09-13 18:19 . 2010-09-13 18:19    --------    d-----w-    c:\program files\Common Files\Java
2010-09-13 18:17 . 2010-09-13 18:17    --------    d-----w-    c:\program files\Java
2010-09-13 18:13 . 2010-09-13 18:13    --------    d-----w-    c:\programdata\FreeDownloadManager.ORG
2010-09-13 18:06 . 2010-09-13 18:06    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Avira
2010-09-13 18:01 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-09-13 18:01 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-09-13 17:41 . 2010-09-13 17:41    --------    d-----w-    c:\program files\Windows Portable Devices
2010-09-13 17:38 . 2010-06-26 06:05    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-13 17:38 . 2010-06-26 06:02    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-09-13 17:37 . 2010-06-26 06:02    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-09-13 17:37 . 2010-06-26 04:25    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-09-13 17:35 . 2009-09-10 02:01    3023360    ----a-w-    c:\windows\system32\UIRibbon.dll
2010-09-13 17:35 . 2009-09-10 02:00    1164800    ----a-w-    c:\windows\system32\UIRibbonRes.dll
2010-09-13 17:35 . 2009-09-10 02:00    92672    ----a-w-    c:\windows\system32\UIAnimation.dll
2010-09-13 17:35 . 2009-09-25 01:33    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2010-09-13 17:35 . 2009-09-24 22:54    258048    ----a-w-    c:\windows\system32\winspool.drv
2010-09-13 17:33 . 2010-09-13 17:33    --------    d-----w-    c:\program files\Winamp Detect
2010-09-13 17:32 . 2009-10-08 21:08    555520    ----a-w-    c:\windows\system32\UIAutomationCore.dll
2010-09-13 17:32 . 2009-10-08 21:08    234496    ----a-w-    c:\windows\system32\oleacc.dll
2010-09-13 17:32 . 2009-10-08 21:07    4096    ----a-w-    c:\windows\system32\oleaccrc.dll
2010-09-13 17:26 . 2010-09-13 17:26    --------    d-----w-    c:\program files\Microsoft.NET
2010-09-13 17:21 . 2010-01-25 12:00    471552    ----a-w-    c:\windows\system32\secproc_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00    471552    ----a-w-    c:\windows\system32\secproc.dll
2010-09-13 17:21 . 2010-01-25 12:00    152576    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00    152064    ----a-w-    c:\windows\system32\secproc_ssp.dll
2010-09-13 17:21 . 2010-01-25 11:58    332288    ----a-w-    c:\windows\system32\msdrm.dll
2010-09-13 17:21 . 2010-01-25 08:21    526336    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21    346624    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21    518144    ----a-w-    c:\windows\system32\RMActivate.exe
2010-09-13 17:21 . 2010-01-25 08:21    347136    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2010-09-13 17:21 . 2010-01-06 15:39    1696256    ----a-w-    c:\windows\system32\gameux.dll
2010-09-13 17:21 . 2010-04-16 16:43    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-09-13 17:21 . 2010-04-16 14:39    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-13 17:20 . 2009-09-10 14:58    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2010-09-13 17:20 . 2009-09-10 14:59    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-09-13 17:14 . 2010-09-13 17:14    --------    d-----w-    c:\users\stefan schneider\AppData\Local\Secunia PSI
2010-09-13 17:14 . 2010-09-13 17:14    --------    d-----w-    c:\program files\Secunia
2010-09-13 14:01 . 2010-09-13 14:01    --------    d-----w-    c:\program files\Trend Micro
2010-09-01 08:30 . 2010-09-01 08:30    15544    ----a-w-    c:\windows\system32\drivers\psi_mf.sys
2010-08-26 12:49 . 2010-08-26 12:49    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Helper
2010-08-26 12:48 . 2010-09-12 15:14    281600    ----a-w-    c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 20:48 . 2009-04-30 01:34    674582    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-16 20:48 . 2009-04-30 01:34    146234    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-16 20:46 . 2009-03-21 18:46    --------    d-----w-    c:\programdata\Google Updater
2010-09-16 10:50 . 2010-07-25 09:45    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-09-16 09:31 . 2009-03-23 16:41    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\UseNeXT
2010-09-15 09:21 . 2009-02-20 10:56    2850    ----a-w-    c:\users\stefan schneider\AppData\Roaming\wklnhst.dat
2010-09-14 20:48 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-09-14 10:08 . 2009-05-08 14:38    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Free Download Manager
2010-09-13 19:01 . 2009-02-12 20:58    --------    d-----w-    c:\program files\Microsoft Works
2010-09-13 18:35 . 2009-02-12 21:25    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-09-13 18:17 . 2010-04-26 09:38    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-13 18:13 . 2009-05-08 14:38    --------    d-----w-    c:\program files\Free Download Manager
2010-09-13 17:46 . 2009-04-29 18:30    86920    ----a-w-    c:\users\stefan schneider\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-13 17:40 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\inf\drvindex.dat
2010-09-13 17:40 . 2010-09-13 17:40    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-13 17:40 . 2010-09-13 17:40    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-13 17:37 . 2009-11-02 14:34    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Winamp
2010-09-13 17:35 . 2009-11-02 14:34    --------    d-----w-    c:\program files\Winamp
2010-09-13 14:43 . 2009-05-05 14:29    6648    ----a-w-    c:\users\stefan schneider\AppData\Local\d3d9caps.dat
2010-09-12 16:17 . 2010-04-23 14:44    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Obnuoz
2010-09-12 16:17 . 2009-11-10 10:51    --------    d-----w-    c:\program files\Mozilla Thunderbird
2010-09-12 11:39 . 2010-07-17 10:18    --------    d-----w-    c:\programdata\CanonIJ
2010-09-08 16:37 . 2010-02-10 15:49    --------    d-----w-    c:\programdata\CanonIJPLM
2010-08-19 20:49 . 2009-03-23 16:41    --------    d-----w-    c:\program files\UseNeXT
2010-08-19 12:56 . 2010-02-16 00:03    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Zyfoa
2010-08-19 12:38 . 2010-07-25 09:45    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2010-08-19 12:29 . 2009-08-17 06:07    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Ytad
2010-08-16 22:04 . 2009-10-18 11:50    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Thunderbird
2010-08-12 11:19 . 2009-07-24 11:54    --------    d-----w-    c:\program files\CdCoverCreator
2010-08-09 12:08 . 2010-04-28 19:58    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Nyzo
2010-08-09 11:46 . 2009-08-08 20:44    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Ykud
2010-08-05 13:46 . 2010-07-20 08:18    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-08-04 14:43 . 2010-07-17 10:17    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Canon
2010-08-04 10:18 . 2009-12-25 20:33    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Paydoh
2010-07-27 09:30 . 2010-07-26 18:40    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Uqicz
2010-07-25 10:58 . 2010-02-10 15:32    --------    d--h--w-    c:\programdata\CanonIJEGV
2010-07-25 09:18 . 2010-07-25 09:18    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Uniblue
2010-07-20 08:18 . 2010-07-20 08:18    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-20 08:18 . 2010-07-20 08:18    --------    d-----w-    c:\program files\DVDVideoSoft
2010-07-20 08:11 . 2010-07-20 08:11    --------    d-----w-    c:\program files\CCleaner
2010-06-21 13:37 . 2010-08-12 09:57    2037760    ----a-w-    c:\windows\system32\win32k.sys
2009-02-13 05:07 . 2009-02-13 05:02    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arm32]
2010-09-12 15:14    281600    ----a-w-    c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2008-12-02 19:34    70144    ----a-w-    c:\windows\System32\mmrtkrnl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44    248552    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-21 18:46    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9aa5572c8845e;Google Update Service (gupdate1c9aa5572c8845e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [2007-09-06 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 18:46]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]

2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{03628AF1-07FB-4ED4-8F9D-6D71E135D365}.job
- c:\windows\system32\msfeedssync.exe [2010-09-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
mSearch Bar = about:blank
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\stefan schneider\AppData\Roaming\Mozilla\Firefox\Profiles\k22q29dq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{6EED0530-4FBF-4581-A267-A90508A82A7C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Getdo - (no file)
MSConfigStartUp-TQ566808 - E:\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-16 23:24
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithProgids]
"++y_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\.*W%W%y*]
@Allowed: (Read) (RestrictedCode)
@="++y_auto_file"

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\edit\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-16  23:28:12
ComboFix-quarantined-files.txt  2010-09-16 21:28

Vor Suchlauf: 10 Verzeichnis(se), 173.550.186.496 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 172.763.820.032 Bytes frei

- - End Of File - - 475ED489BAC46C25DAB8379466D2DDF1

markusg 17.09.2010 09:38
start programme zubehör editor,
kopiere rein:

Killall::
File::
c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe


datei speichern unter, ort dort wo sich combofix.exe befindet, typ alle dateien, name
cfscript.txt
ziehe cfscript auf combofix, programm startet, log posten.

DatHirschi 20.09.2010 12:10
Code:
ComboFix 10-09-16.07 - stefan schneider 18.09.2010  0:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2037.1036 [GMT 2:00]
ausgeführt von:: c:\users\stefan schneider\Documents\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\stefan schneider\Documents\cfscript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-17 bis 2010-09-17  ))))))))))))))))))))))))))))))
.

2010-09-17 22:31 . 2010-09-17 22:33    --------    d-----w-    c:\users\stefan schneider\AppData\Local\temp
2010-09-17 22:31 . 2010-09-17 22:31    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-09-17 22:31 . 2010-09-17 22:31    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-09-14 20:45 . 2010-04-16 16:46    502272    ----a-w-    c:\windows\system32\usp10.dll
2010-09-14 20:45 . 2010-08-17 14:11    128000    ----a-w-    c:\windows\system32\spoolsv.exe
2010-09-14 20:45 . 2010-04-05 17:02    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2010-09-14 20:44 . 2010-05-27 20:08    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2010-09-13 18:42 . 2010-03-05 14:01    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-09-13 18:29 . 2010-09-13 18:29    --------    d-----w-    c:\program files\Bonjour Print Services
2010-09-13 18:29 . 2010-09-13 18:29    --------    d-----w-    c:\program files\Bonjour
2010-09-13 18:19 . 2010-09-13 18:19    --------    d-----w-    c:\program files\Common Files\Java
2010-09-13 18:17 . 2010-09-13 18:17    --------    d-----w-    c:\program files\Java
2010-09-13 18:13 . 2010-09-13 18:13    --------    d-----w-    c:\programdata\FreeDownloadManager.ORG
2010-09-13 18:06 . 2010-09-13 18:06    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Avira
2010-09-13 18:01 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-09-13 18:01 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-09-13 17:41 . 2010-09-13 17:41    --------    d-----w-    c:\program files\Windows Portable Devices
2010-09-13 17:38 . 2010-06-26 06:05    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-13 17:38 . 2010-06-26 06:02    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-09-13 17:37 . 2010-06-26 06:02    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-09-13 17:37 . 2010-06-26 04:25    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-09-13 17:35 . 2009-09-10 02:01    3023360    ----a-w-    c:\windows\system32\UIRibbon.dll
2010-09-13 17:35 . 2009-09-10 02:00    1164800    ----a-w-    c:\windows\system32\UIRibbonRes.dll
2010-09-13 17:35 . 2009-09-10 02:00    92672    ----a-w-    c:\windows\system32\UIAnimation.dll
2010-09-13 17:35 . 2009-09-25 01:33    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2010-09-13 17:35 . 2009-09-24 22:54    258048    ----a-w-    c:\windows\system32\winspool.drv
2010-09-13 17:33 . 2010-09-13 17:33    --------    d-----w-    c:\program files\Winamp Detect
2010-09-13 17:32 . 2009-10-08 21:08    555520    ----a-w-    c:\windows\system32\UIAutomationCore.dll
2010-09-13 17:32 . 2009-10-08 21:08    234496    ----a-w-    c:\windows\system32\oleacc.dll
2010-09-13 17:32 . 2009-10-08 21:07    4096    ----a-w-    c:\windows\system32\oleaccrc.dll
2010-09-13 17:26 . 2010-09-13 17:26    --------    d-----w-    c:\program files\Microsoft.NET
2010-09-13 17:21 . 2010-01-25 12:00    471552    ----a-w-    c:\windows\system32\secproc_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00    471552    ----a-w-    c:\windows\system32\secproc.dll
2010-09-13 17:21 . 2010-01-25 12:00    152576    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2010-09-13 17:21 . 2010-01-25 12:00    152064    ----a-w-    c:\windows\system32\secproc_ssp.dll
2010-09-13 17:21 . 2010-01-25 11:58    332288    ----a-w-    c:\windows\system32\msdrm.dll
2010-09-13 17:21 . 2010-01-25 08:21    526336    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21    346624    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-13 17:21 . 2010-01-25 08:21    518144    ----a-w-    c:\windows\system32\RMActivate.exe
2010-09-13 17:21 . 2010-01-25 08:21    347136    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2010-09-13 17:21 . 2010-01-06 15:39    1696256    ----a-w-    c:\windows\system32\gameux.dll
2010-09-13 17:21 . 2010-04-16 16:43    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-09-13 17:21 . 2010-04-16 14:39    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-13 17:20 . 2009-09-10 14:58    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2010-09-13 17:20 . 2009-09-10 14:59    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-09-13 17:14 . 2010-09-13 17:14    --------    d-----w-    c:\users\stefan schneider\AppData\Local\Secunia PSI
2010-09-13 17:14 . 2010-09-13 17:14    --------    d-----w-    c:\program files\Secunia
2010-09-13 14:01 . 2010-09-13 14:01    --------    d-----w-    c:\program files\Trend Micro
2010-09-01 08:30 . 2010-09-01 08:30    15544    ----a-w-    c:\windows\system32\drivers\psi_mf.sys
2010-08-26 12:49 . 2010-08-26 12:49    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Helper

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 21:49 . 2009-11-10 10:51    --------    d-----w-    c:\program files\Mozilla Thunderbird
2010-09-17 21:47 . 2009-03-21 18:46    --------    d-----w-    c:\programdata\Google Updater
2010-09-17 21:46 . 2009-04-30 01:34    674582    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-17 21:46 . 2009-04-30 01:34    146234    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-16 22:32 . 2009-03-23 16:41    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\UseNeXT
2010-09-16 10:50 . 2010-07-25 09:45    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-09-15 09:21 . 2009-02-20 10:56    2850    ----a-w-    c:\users\stefan schneider\AppData\Roaming\wklnhst.dat
2010-09-14 20:48 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-09-14 10:08 . 2009-05-08 14:38    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Free Download Manager
2010-09-13 19:01 . 2009-02-12 20:58    --------    d-----w-    c:\program files\Microsoft Works
2010-09-13 18:35 . 2009-02-12 21:25    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-09-13 18:17 . 2010-04-26 09:38    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-13 18:13 . 2009-05-08 14:38    --------    d-----w-    c:\program files\Free Download Manager
2010-09-13 17:46 . 2009-04-29 18:30    86920    ----a-w-    c:\users\stefan schneider\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-13 17:40 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\inf\drvindex.dat
2010-09-13 17:40 . 2010-09-13 17:40    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-13 17:40 . 2010-09-13 17:40    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-13 17:37 . 2009-11-02 14:34    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Winamp
2010-09-13 17:35 . 2009-11-02 14:34    --------    d-----w-    c:\program files\Winamp
2010-09-13 14:43 . 2009-05-05 14:29    6648    ----a-w-    c:\users\stefan schneider\AppData\Local\d3d9caps.dat
2010-09-12 16:17 . 2010-04-23 14:44    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Obnuoz
2010-09-12 11:39 . 2010-07-17 10:18    --------    d-----w-    c:\programdata\CanonIJ
2010-09-08 16:37 . 2010-02-10 15:49    --------    d-----w-    c:\programdata\CanonIJPLM
2010-08-19 20:49 . 2009-03-23 16:41    --------    d-----w-    c:\program files\UseNeXT
2010-08-19 12:56 . 2010-02-16 00:03    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Zyfoa
2010-08-19 12:38 . 2010-07-25 09:45    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2010-08-19 12:29 . 2009-08-17 06:07    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Ytad
2010-08-16 22:04 . 2009-10-18 11:50    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Thunderbird
2010-08-12 11:19 . 2009-07-24 11:54    --------    d-----w-    c:\program files\CdCoverCreator
2010-08-09 12:08 . 2010-04-28 19:58    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Nyzo
2010-08-09 11:46 . 2009-08-08 20:44    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Ykud
2010-08-05 13:46 . 2010-07-20 08:18    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2010-08-04 14:43 . 2010-07-17 10:17    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Canon
2010-08-04 10:18 . 2009-12-25 20:33    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Paydoh
2010-07-27 09:30 . 2010-07-26 18:40    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Uqicz
2010-07-25 10:58 . 2010-02-10 15:32    --------    d--h--w-    c:\programdata\CanonIJEGV
2010-07-25 09:18 . 2010-07-25 09:18    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\Uniblue
2010-07-20 08:18 . 2010-07-20 08:18    --------    d-----w-    c:\users\stefan schneider\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-20 08:18 . 2010-07-20 08:18    --------    d-----w-    c:\program files\DVDVideoSoft
2010-07-20 08:11 . 2010-07-20 08:11    --------    d-----w-    c:\program files\CCleaner
2010-06-21 13:37 . 2010-08-12 09:57    2037760    ----a-w-    c:\windows\system32\win32k.sys
2009-02-13 05:07 . 2009-02-13 05:02    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
2008-12-02 19:34    70144    ----a-w-    c:\windows\System32\mmrtkrnl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44    248552    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-21 18:46    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9aa5572c8845e;Google Update Service (gupdate1c9aa5572c8845e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [2007-09-06 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2009-08-31 1821184]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 18:46]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 18:47]

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{03628AF1-07FB-4ED4-8F9D-6D71E135D365}.job
- c:\windows\system32\msfeedssync.exe [2010-09-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = about:blank
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\users\stefan schneider\AppData\Roaming\Mozilla\Firefox\Profiles\k22q29dq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Arm32 - c:\users\stefan schneider\AppData\Roaming\Adobe\Update\wid32.exe



**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%W%y*\OpenWithProgids]
"++y_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\.*W%W%y*]
@Allowed: (Read) (RestrictedCode)
@="++y_auto_file"

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\edit\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"

[HKEY_USERS\S-1-5-21-47896835-416990418-343414877-1000_Classes\W%W%y*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"%SystemRoot%\\system32\\NOTEPAD.EXE %1"
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Mouse Driver\KMProcess.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-18  00:41:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-17 22:40
ComboFix2.txt  2010-09-16 21:28

Vor Suchlauf: 14 Verzeichnis(se), 172.429.615.104 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 172.738.965.504 Bytes frei

- - End Of File - - D44F7E1D4177452D71C8BB0A7C76E553

markusg 20.09.2010 13:53
ok rechtsklick avira schirm, guard deaktivieren.
öffne arbeitsplatz, c:\qoobox und dort rechtsklick auf quarantaine und zu quarantaine.rar oder zip hinzufügen, archiv geht an uns.
http://www.trojaner-board.de/54791-a...ner-board.html

DatHirschi 20.09.2010 22:17
Und danach dann Neuinstallation oder was?

markusg 21.09.2010 11:22
genau so ists

DatHirschi 21.09.2010 11:25
Muss ich noch vorher den MBR irgendwie fixen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:08 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131