Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spyhunter opfer...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.06.2008, 21:08   #1
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



nun , auf der suche nach einem besseren programm hab ich mir dieses ding( Spyhunter) eingefangen , sitz schon den ganzen tag daran zu versuchen eine lösung zu finden... bisher hat es sich nicht geäussert , ausser dass es nach der deinstallation und dem löschen auf wundersame art und weise nach dem neustart wieder in meinem programmordner rumgeistert. ich habe mir kaspersky und counterspy zugelegt , aber beide finden nach merhmaligen scans gar nichts. Ok ehrlich gesagt konnte ich das system nicht vollständig mit kaspersky scannen , da es bei 38% stecken bleibt und der rechner ( und kaspersky auch ) nach ner satten halben stunde das handtuch werfen... aber ich nehme mal an das ist ein ganz anderes problem.

ich hoffe mal ihr könnt mir weiterhelfen und ich hab soweit keine grossen regelverstösse beim post begangen...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:12, on 29.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Windows\ehome\ehtray.exe
C:\Users\*\Program Files\DNA\btdna.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MS*Ncom
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\***\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: SCALEO wake up.lnk = ?
O4 - Global Startup: Windows Home Server.lnk = ?
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: Windows Home Server-Connectordienst (WHSConnector) - Unknown owner - C:\Program Files\Windows Home Server\WHSConnector.exe (file missing)

--
End of file - 9793 bytes


Vielen vielen dank für eure hilfe und eure zeit schonmal im voraus.

Geändert von drachior (29.06.2008 um 21:28 Uhr)

Alt 29.06.2008, 21:54   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Spyhunter opfer... - Standard

Spyhunter opfer...



edit

an undoreal weiterreich

edit
__________________

__________________

Alt 29.06.2008, 21:54   #3
undoreal
/// AVZ-Toolkit Guru
 
Spyhunter opfer... - Standard

Spyhunter opfer...



Halli hallo.


1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken. Nachdem die Bereinigung KOMPLETT beendet ist kann sie wieder aktiviert werden.

2) Deinstalliere Java über die Systemsteuerung.

3) Blacklight bitte laufen lassen und das log posten.. evtl. Funde bitte umbennen lassen!

4) Run Combofix. Poste den erscheinenden Text.

5) Überprüfe dein System mit SASW.

6) Mache einen letzten Maleware-Check mit Malewarebytes.

7) Checke dein System mit dem ESET Online Scanner. (Klicke nach dem Scan auf "Print this Page" oben rechts in der Ecke und kopiere das nachfolgende Fenster in deinen Post.)

8) Räume mit cCleaner auf. (Punkt 1 und 2)

9) Lasse Silentrunners laufen und poste das logFile

10) Führe einen escan durch und poste das mit Hilfe der find.bat ausgewertete log.

11) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).
Hinweis zum iClean Bericht: Kürze im log bitte die 032 und 033 redirected Einträge. (Diese wurden von Spybot erstellt.)


[EDIT:] Hi schrauber.
__________________
__________________

Geändert von undoreal (29.06.2008 um 22:04 Uhr)

Alt 29.06.2008, 21:55   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Spyhunter opfer... - Standard

Spyhunter opfer...



Hi undoreal

ich lass Dir den Vortritt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.06.2008, 21:11   #5
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



03 Blacklight log

06/29/08 23:46:34 [Info]: BlackLight Engine 1.0.70 initialized
06/29/08 23:46:34 [Info]: OS: 6.0 build 6001 (Service Pack 1)
06/29/08 23:46:34 [Note]: 7019 4
06/29/08 23:46:34 [Note]: 7005 0
06/29/08 23:50:43 [Note]: 7006 0
06/29/08 23:50:43 [Note]: 7027 0
06/29/08 23:50:43 [Note]: 7035 0
06/29/08 23:50:43 [Note]: 7026 0
06/29/08 23:50:43 [Note]: 7026 0
06/29/08 23:50:46 [Note]: FSRAW library version 1.7.1024
06/29/08 23:51:26 [Note]: 4015 39271
06/29/08 23:51:26 [Note]: 4027 39271 1310720
06/29/08 23:51:26 [Note]: 4020 39133 1310720
06/29/08 23:51:26 [Note]: 4022 39133
06/29/08 23:51:39 [Note]: 4015 38243
06/29/08 23:51:39 [Note]: 4027 38243 720896
06/29/08 23:51:39 [Note]: 4020 37912 655360
06/29/08 23:51:39 [Note]: 4018 37912 655360
06/30/08 00:01:13 [Note]: 7007 0




04 Combofix
ComboFix 08-06-20.4 - media 2008-06-30 0:39:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1099 [GMT 2:00]
ausgeführt von:: C:\Users\media\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\media\AppData\Local\Microsoft\Windows\Temporary Internet Files\ENCounterSpyConsumer.2.5.1043.0.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-28 bis 2008-06-29 ))))))))))))))))))))))))))))))
.

2008-06-29 17:38 . 2008-06-29 17:38 0 --a------ C:\Windows\System32\SBRC.dat
2008-06-29 17:38 . 2008-06-29 17:38 0 --a------ C:\Windows\System32\SBFC.dat
2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\Users\****\AppData\Roaming\Sunbelt Software
2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\ProgramData\Sunbelt Software
2008-06-29 17:32 . 2008-06-29 17:32 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-06-29 15:27 . 2008-06-29 15:35 96,966 --a------ C:\Windows\System32\drivers\klin.dat
2008-06-29 15:27 . 2008-06-29 15:35 88,774 --a------ C:\Windows\System32\drivers\klick.dat
2008-06-29 15:26 . 2008-06-29 18:33 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-06-29 15:26 . 2008-06-29 18:33 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-06-29 15:26 . 2008-06-29 15:26 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-29 15:26 . 2008-06-29 20:12 3,433,504 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-06-29 15:26 . 2008-06-30 00:41 466,976 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-06-29 15:26 . 2008-06-29 20:01 24,752 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-06-29 15:26 . 2008-06-30 00:40 2,536 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-06-29 15:10 . 2008-06-29 15:10 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-29 15:10 . 2008-06-29 15:10 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-06-29 12:39 . 2008-06-29 12:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 11:28 . 2008-06-29 11:28 <DIR> d-------- C:\Users\All Users\Azureus
2008-06-29 11:28 . 2008-06-29 11:28 <DIR> d-------- C:\ProgramData\Azureus
2008-06-29 11:23 . 2008-06-29 23:30 <DIR> d-------- C:\Users\***\AppData\Roaming\Azureus
2008-06-29 11:23 . 2008-06-29 14:13 <DIR> d-------- C:\Program Files\Azureus
2008-06-28 20:35 . 2008-06-28 20:35 <DIR> d-------- C:\Users\***\Program Files
2008-06-28 20:29 . 2008-06-28 20:29 225 --a------ C:\Windows\Brpfx04a.ini
2008-06-28 20:29 . 2008-06-28 20:29 93 --a------ C:\Windows\brpcfx.ini
2008-06-28 20:29 . 2008-06-28 20:29 50 --a------ C:\Windows\System32\bridf06a.dat
2008-06-28 20:27 . 2006-12-04 19:29 56,320 --a------ C:\Windows\System32\brinsstr.dll
2008-06-28 20:25 . 2008-06-28 20:25 <DIR> d-------- C:\Users\All Users\Brother
2008-06-28 20:25 . 2008-06-28 20:25 <DIR> d-------- C:\ProgramData\Brother
2008-06-28 20:25 . 2008-06-28 20:27 <DIR> d-------- C:\Program Files\Brother
2008-06-28 20:25 . 2006-04-13 17:12 163,840 --a------ C:\Windows\System32\NSSearch.dll
2008-06-28 20:25 . 2004-12-10 16:35 147,456 --a------ C:\Windows\brunin03.dll
2008-06-28 20:25 . 2006-01-17 01:03 126,976 --a------ C:\Windows\System32\BrfxD05a.dll
2008-06-28 20:25 . 2002-11-26 13:43 106,496 --a------ C:\Windows\System32\BrMuSNMP.dll
2008-06-28 20:25 . 2006-08-21 06:19 61,440 --a------ C:\Windows\System32\BrMfNt.dll
2008-06-28 20:25 . 2001-11-15 01:00 6,224 --a------ C:\Windows\CVRPAGE.bmp
2008-06-28 20:25 . 2008-06-28 20:29 66 --a------ C:\Windows\Brfaxrx.ini
2008-06-28 20:25 . 2003-11-28 18:57 0 --a------ C:\Windows\brdfxspd.dat
2008-06-28 19:47 . 2008-06-28 20:30 425 --a------ C:\Windows\BRWMARK.INI
2008-06-28 19:47 . 2008-06-28 20:30 27 --a------ C:\Windows\BRPP2KA.INI
2008-06-28 19:44 . 2008-06-28 19:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-28 17:21 . 2008-06-28 17:21 <DIR> d-------- C:\Program Files\portalgraphics
2008-06-28 17:08 . 2008-06-30 00:32 <DIR> d-------- C:\Users\***\AppData\Roaming\DNA
2008-06-28 17:08 . 2008-06-29 14:13 <DIR> d-------- C:\Users\***\AppData\Roaming\BitTorrent
2008-06-28 17:08 . 2008-06-28 17:08 <DIR> d-------- C:\Program Files\DNA
2008-06-28 17:08 . 2008-06-28 17:08 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-28 13:04 . 2008-06-28 13:04 <DIR> d-------- C:\PerfLogs
2008-06-28 12:13 . 2008-01-08 13:10 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-06-28 12:13 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-06-28 12:12 . 2008-01-15 11:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe
2008-06-28 12:12 . 2008-01-07 19:30 2,156,544 --a------ C:\Windows\System32\RtkAPO.dll
2008-06-28 12:12 . 2008-01-15 19:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-06-28 12:12 . 2007-11-07 17:31 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-06-28 12:12 . 2008-01-09 18:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll
2008-06-28 12:12 . 2007-11-13 12:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-06-28 12:12 . 2007-07-25 09:33 135,168 --a------ C:\Windows\System32\SRSWOW.dll
2008-06-28 12:12 . 2008-01-14 16:18 29,696 --a------ C:\Windows\System32\RtkCoInst.dll
2008-06-28 12:11 . 2008-06-28 12:11 <DIR> d-------- C:\Users\***\AppData\Roaming\WinBatch
2008-06-26 23:21 . 2008-06-26 23:21 <DIR> d-------- C:\Users\All Users\InstallShield
2008-06-26 23:21 . 2008-06-26 23:21 <DIR> d-------- C:\ProgramData\InstallShield
2008-06-26 23:17 . 2008-06-26 23:17 <DIR> d-------- C:\Program Files\gPotato.eu
2008-06-26 23:17 . 2005-08-11 15:29 73,728 --a------ C:\Windows\System32\ISUSPM.cpl
2008-06-26 19:34 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-06-26 19:34 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-06-26 19:32 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-26 19:31 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-26 19:30 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-26 19:30 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-26 19:30 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-26 19:30 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-26 19:30 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-26 19:30 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-26 19:30 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-26 19:30 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-26 19:30 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-26 19:30 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-06-26 19:01 . 2008-06-26 19:01 <DIR> d-------- C:\Users\All Users\ArcSoft
2008-06-26 19:01 . 2008-06-26 19:01 <DIR> d-------- C:\ProgramData\ArcSoft
2008-06-26 18:55 . 2008-06-26 18:55 <DIR> d-------- C:\Users\***\AppData\Roaming\Panasonic
2008-06-25 22:12 . 2008-06-29 14:14 <DIR> d-------- C:\Users\***\AppData\Roaming\gtk-2.0
2008-06-25 22:06 . 2008-06-25 22:06 <DIR> d-------- C:\Users\***\.thumbnails
2008-06-25 22:00 . 2008-06-29 14:42 <DIR> d-------- C:\Users\***\.gimp-2.4
2008-06-25 22:00 . 2008-06-25 22:00 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-06-25 21:01 . 2008-06-25 21:02 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-25 20:00 . 2008-06-25 20:00 26 --a------ C:\UpdaterforApp.ini
2008-06-25 19:59 . 2008-06-25 20:00 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-06-25 19:59 . 2005-02-23 14:58 11,776 --a------ C:\Windows\System32\drivers\afc.sys
2008-06-25 19:58 . 2008-06-25 19:59 <DIR> d-------- C:\Windows\System32\MediaImpression Slideshow
2008-06-25 19:58 . 2008-06-25 19:58 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-25 19:58 . 2007-03-07 16:05 126,976 --a------ C:\Windows\System32\MediaImpression Slideshow.scr
2008-06-25 19:54 . 2008-06-25 19:54 <DIR> d-------- C:\Users\***\AppData\Roaming\InstallShield
2008-06-25 19:54 . 2008-06-25 20:35 <DIR> d-------- C:\Program Files\Panasonic
2008-06-25 19:54 . 2005-03-07 19:44 45,056 --a------ C:\Windows\System32\PhDi2.sys
2008-06-25 18:56 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-25 18:56 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-25 18:56 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-25 18:56 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-25 18:56 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-25 18:56 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-25 18:56 . 2007-07-04 00:16 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-06-25 00:49 . 2008-06-25 00:49 988,216 --a------ C:\Windows\System32\winload.exe
2008-06-25 00:49 . 2008-06-25 00:49 927,288 --a------ C:\Windows\System32\winresume.exe
2008-06-25 00:49 . 2008-06-25 00:49 615,992 --a------ C:\Windows\System32\ci.dll
2008-06-25 00:49 . 2008-06-25 00:49 378,368 --a------ C:\Windows\System32\srcore.dll
2008-06-25 00:49 . 2008-06-25 00:49 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-06-25 00:49 . 2008-06-25 00:49 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-06-25 00:49 . 2008-06-25 00:49 40,960 --a------ C:\Windows\System32\srclient.dll
2008-06-25 00:49 . 2008-06-25 00:49 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-06-25 00:49 . 2008-06-25 00:49 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-06-25 00:49 . 2008-06-25 00:49 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-06-25 00:48 . 2008-06-25 00:48 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-06-25 00:47 . 2008-06-25 00:47 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-06-25 00:47 . 2008-06-25 00:47 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-25 00:47 . 2008-06-25 00:47 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-25 00:46 . 2008-06-25 00:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-25 00:46 . 2008-06-25 00:46 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-06-25 00:45 . 2008-06-25 00:45 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-25 00:44 . 2008-06-25 00:44 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-25 00:44 . 2008-06-25 00:44 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-24 23:58 . 2008-06-24 23:58 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-24 23:58 . 2003-07-20 20:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-06-24 23:58 . 2005-01-04 11:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-06-24 23:53 . 2008-06-24 23:53 <DIR> d-------- C:\Program Files\GameTribe
2008-06-24 20:43 . 2008-05-16 14:01 1,079,840 --a------ C:\Windows\System32\nvcpluir.dll
2008-06-24 20:43 . 2008-05-16 14:01 768,544 --a------ C:\Windows\System32\nvcplui.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 11:13 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Mail
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Journal
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Defender
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-28 11:05 --------- d-----w C:\Program Files\Windows Calendar
2008-06-28 10:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-28 10:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-28 10:12 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-28 10:12 --------- d-----w C:\Program Files\Realtek
2008-06-26 21:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-24 22:46 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-24 22:46 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-24 22:46 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-24 22:46 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-24 22:46 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-24 18:49 --------- d-----w C:\ProgramData\NVIDIA
2008-06-24 18:03 --------- d-----w C:\ProgramData\Symantec
2008-06-24 18:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-24 17:54 --------- d-----w C:\Program Files\Symantec
2008-06-24 17:14 --------- d-----w C:\Program Files\Google
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-16 12:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
1999-07-07 00:00 6 --sh--r C:\Windows\@@desktop.dat
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"PMCRemote"="" []
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 09:15 109640]
"BitTorrent DNA"="C:\Users\***\Program Files\DNA\btdna.exe" [2008-06-28 20:35 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 14:14 98616]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 20:20 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09 698864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 01:05 73728]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 15:37 44168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO -viewer-.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-06-25 19:54:48 40960]
Pinnacle Streaming Server.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-09-21 14:25:42 577536]
SCALEO wake up.lnk - C:\Windows\Installer\{3B6FCED6-9386-49A9-A29A-EF187EA2B45F}\_7C5631BC68D980D6396125.exe [2008-06-17 14:20:32 15086]
Windows Home Server.lnk - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-06-17 14:21:24 536608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{41134CCE-B0EF-4E12-9377-CDCAE22E565E}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{2B630E57-C424-43AD-B94C-6B07FB6D6FA5}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{4CB29CAB-BE3B-479F-8513-592B64D9988D}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{88E7850D-98B5-4229-9C92-6340A5735A16}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F3F6087F-6464-4095-A511-DE5FD5667308}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3F5C4072-286C-47BD-8CB1-5B6912C93DDA}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FB127690-0EF4-41DD-B615-681AEB93330F}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{4E4DA056-8AD4-4572-8370-9B916F3B65C5}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{F8D5621C-E20F-4C47-933B-539EEF956C1D}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server
"{A5150296-787A-4375-8EB7-7EAD0C7B6E1D}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server
"{E3B02D7F-CDF5-4632-A25D-16185B12D97C}"= UDP:C:\Program Files\Windows Home Server\Discovery.exe:Windows Home Server-Connector
"{34117E69-30EE-4566-B875-781CE0C6CFD0}"= TCP:C:\Program Files\Windows Home Server\Discovery.exe:Windows Home Server-Connector
"{D6480137-4B15-4072-8AA2-91D2A4F90D90}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{66D61BFF-2F6E-4D26-A963-66D53D622F04}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{6EA8CB64-AF29-4702-B212-0277C91786A4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C9B58C78-A434-45F2-B9CF-2C18B5F09547}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{FEE9427D-D296-42FE-A6F6-B7809BF6CB78}C:\\users\\***\\program files\\dna\\btdna.exe"= UDP:C:\users\***\program files\dna\btdna.exe:btdna.exe
"UDP Query User{4D53C999-49C7-4CCC-95E8-FF954207C8E5}C:\\users\\***\\program files\\dna\\btdna.exe"= TCP:C:\users\***\program files\dna\btdna.exe:btdna.exe
"TCP Query User{70DC6675-0A97-4705-924C-20F25B2D1290}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DEB15A85-1C3B-46B4-9190-E40565D8FB71}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{9D8CBF88-0ADB-45D3-8F35-4D9800431BE6}"= Disabled:UDP:C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe:FSC Remote Control
"{C394B8AF-6B03-4A1A-929A-3ABDC45E18EA}"= Disabled:TCP:C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe:FSC Remote Control

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 14:14]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 17:19]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 11:49]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]
S2 WHSConnector;Windows Home Server-Connectordienst;"C:\Program Files\Windows Home Server\WHSConnector.exe" []
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\Windows\system32\Drivers\BrSerIf.sys [2006-09-03 00:53]
S3 Ltn_stk7070P;PCTV based TV tuner device;C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
S3 Ltn_stkrc;PCTV Infrared Receiver;C:\Windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd73ae2-9987-11db-a955-806e6f6e6963}]
\shell\AutoRun\command - F:\Manual.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - SBAPIFS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://www.gmer.net
Rootkit scan 2008-06-30 00:41:23
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-06-30 0:42:10
ComboFix-quarantined-files.txt 2008-06-29 22:42:07

7 Verzeichnis(se), 454,896,361,472 Bytes frei
15 Verzeichnis(se), 465,025,654,784 Bytes frei

284 --- E O F --- 2008-06-28 10:52:50


Alt 30.06.2008, 21:16   #6
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



07 ESET online scanner
hat sich nach mehr als einer stunde beim versuchn des druckens gewehrt (mangelndes active x package , obwohl ich vor dem scan bereits die installation mit administratorrechten bestätigt habe.und ich hab das ergebnisfenster durch blödheit refreshed... und weg war es. jedoch hatte er ehe nichts gefunden. wenns doch wichtig ist , werd ichs natürlich nochmals durchlaufen lassen




09 SilentRunners

"Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"PMCRemote" = "(empty string)" [file not found]
"PMCLoader" = "C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks" [null data]
"BitTorrent DNA" = ""C:\Users\***\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\hp\support\hpsysdrv.exe" ["Hewlett-Packard Company"]
"KBD" = "C:\HP\KBD\KbdStub.EXE" [null data]
"OsdMaestro" = ""C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"" ["OsdMaestro"]
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"CCUTRAYICON" = "FactoryMode" [file not found]
"HP Health Check Scheduler" = "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [null data]
"SunJavaUpdateReg" = ""C:\Windows\system32\jureg.exe" -delete" ["Sun Microsystems, Inc."]
"HP Software Update" = "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"ArcSoft Connection Service" = "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" ["ArcSoft Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"BrMfcWnd" = "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" ["Brother Industries, Ltd."]
"ControlCenter3" = "C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" ["Brother Industries, Ltd."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]
"SBCSTray" = "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" ["Sunbelt Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"PCDrProfiler" = "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r" ["PC-Doctor, Inc."]
"Launcher" = "C:\Windows\SMINST\launcher.exe"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
-> {HKLM...CLSID} = "IEVkbdBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]
{9A065C65-4EE7-4DDD-9918-F129089A894A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "BrowserHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]
"{D73E76A3-F902-45BD-8FC8-95AE8E014671}" = "Home Server Banner"
-> {HKLM...CLSID} = "Home Server Banner"
\InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS]
"{C1B5F1C3-6B6A-4890-A0CB-EAF0DF160E69}" = "Home Server Help Band"
-> {HKLM...CLSID} = "Home Server Help Band"
\InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS]
"{9A065C65-4EE7-4DDD-9918-F129089A894A}" = "Home Server Browser Object"
-> {HKLM...CLSID} = "BrowserHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für den Schutz des Web-Datenverkehrs"
-> {HKLM...CLSID} = "Statistik für den Schutz des Web-Datenverkehrs"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.scr\(Default) = "scrfile"
<<!>> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\(Default) = ""%1" %*" [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\web\wallpaper\awave.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\****\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ArcSoftMediaImpressionArrival\
"Provider" = "ArcSoft MediaImpression"
"InvokeProgID" = "MediaImpressionImport"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\MediaImpressionImport\shell\open\command\(Default) = "C:\Program Files\ArcSoft\Software Suite\MediaImpression\MediaImpression.exe -runtype {1} -cmd {A1FF7DD9-F5CE-400b-8464-D7C155D64C57} -param {%1}" ["ArcSoft, Inc."]

DVDPlayPlayDVDMovieOnArrival\
"Provider" = "HP DVD Play BD & HD DVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithDVDPlay"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithDVDPlay\Command\(Default) = ""C:\Program Files\HP\DVDPlay\DVDPlay.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

DVDPlayPlayVideoCDMovieOnArrival\
"Provider" = "HP DVD Play BD & HD DVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithDVDPlay"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithDVDPlay\Command\(Default) = ""C:\Program Files\HP\DVDPlay\DVDPlay.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

HPAutoplayPSE\
"Provider" = "HP Photosmart Essential 2.01"
"InvokeProgID" = "HpqPSApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"]

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "c:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["Cyberlink"]

P2GDVDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["Cyberlink"]

PanasonicPhoebe5PhotoArrival\
"Provider" = "Panasonic PHOTOfunSTUDIO -viewer-"
"InvokeProgID" = "Shell.AutoplayForPhoebe5"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Shell.AutoplayForPhoebe5\shell\open\command\(Default) = "C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\phoebe5.exe /Autoplay %L" ["Matsushita Electric Industrial Co., Ltd."]

Power2GoPlayCDAudioOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPower2Go"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["Cyberlink"]

PPCDBurningOnArrival\
"Provider" = "PowerProducer"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerProducer"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"]

PPDCameraArrival\
"Provider" = "PowerProducer"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerProducer"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"]

PPDVArrival\
"Provider" = "PowerProducer"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WIA_{520CE73A-EFD4-4C4E-89A1-81D43F2CCCBA}\
"Provider" = "ControlCenter3"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Brother\ControlCenter3\brctrcen.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

D:\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

D:\boot\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

D:\hp\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

D:\SOURCES\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]

D:\Windows\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"]


Startup items in "***" & "All Users" startup folders:
-------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"PHOTOfunSTUDIO -viewer-" -> shortcut to: "C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe" ["Matsushita Electric Industrial Co., Ltd."]
"Pinnacle Streaming Server" -> shortcut to: "C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe /Start" ["Pinnacle Systems"]
"SCALEO wake up" -> shortcut to: "C:\Windows\Installer\{3B6FCED6-9386-49A9-A29A-EF187EA2B45F}\_7C5631BC68D980D6396125.exe /nosplash" [null data]
"Windows Home Server" -> shortcut to: "C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 24


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{D73E76A3-F902-45BD-8FC8-95AE8E014671}" = (no title provided)
-> {HKLM...CLSID} = "Home Server Banner"
\InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für den Schutz des Web-Datenverkehrs"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{C1B5F1C3-6B6A-4890-A0CB-EAF0DF160E69}\(Default) = "Home Server Help Band"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\Windows Home Server\WHSDeskBands.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistik für den Schutz des Web-Datenverkehrs"

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ArcSoft Connect Daemon, ACDaemon, "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe" ["ArcSoft Inc."]
Automatische WLAN-Konfiguration, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
Automatisches LiveUpdate - Scheduler, Automatisches LiveUpdate - Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
CNG-Schlüsselisolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
DQLWinService, DQLWinService, ""C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"" [null data]
Extensible Authentication-Protokoll, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
HP Chasis Button Service, HPBtnSrv, "c:\hp\HPEZBTN\HPBtnSrv.exe" [null data]
HP Health Check Service, HP Health Check Service, ""c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data]
Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""c:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"]
SSTP-Dienst, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}
Sunbelt CounterSpy Antispyware, SBCSSvc, ""C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe"" ["Sunbelt Software"]
TabletService, TabletService, "C:\Windows\system32\Tablet.exe" ["Wacom Technology, Corp."]
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Media Center-Empfängerdienst, ehRecvr, "C:\Windows\ehome\ehRecvr.exe" [MS]
Windows Media Center-Planerdienst, ehSched, "C:\Windows\ehome\ehsched.exe" [MS]
Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}


---------- (launch time: 2008-06-30 18:20:01)

Alt 30.06.2008, 21:19   #7
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



10 ESCAN



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2008.03.07

Microsoft Windows [Version 6.0.6001]
Bootmodus: Normal

eScan Version: 9.9.2
Sprache: German
C:\Users\****\AppData\Local\Temp\MWAV.LOG



~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Spyware (Vorsicht: Oft Fehlalarm!)
~~~~~~~~~~~
MicroWorld AntiVirus und Antispyware Toolkit.
C:\Program Files\SUPERAntiSpyware, 29-Jun-2008 [Ordner]
Antiviren- und Antispywaredatenbanken werden heruntergeladen...
MicroWorld AntiVirus und Antispyware Toolkit.
Scannen Spyware: Deaktiviert
** {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Result: ERROR!!! File C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2008 - 01-55-14.SBU: Scanning Failure!!!
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
laufende Prozesse - commandline
~~~~~~~~~~~~~~~~~~~~~~
System Idle Process -
System -
smss.exe - \SystemRoot\System32\smss.exe
csrss.exe - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe - wininit.exe
winlogon.exe - winlogon.exe
services.exe - C:\Windows\system32\services.exe
lsass.exe - C:\Windows\system32\lsass.exe
lsm.exe - C:\Windows\system32\lsm.exe
svchost.exe - C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe - C:\Windows\system32\svchost.exe -k rpcss
svchost.exe - C:\Windows\System32\svchost.exe -k secsvcs
svchost.exe - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe - C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe - C:\Windows\system32\svchost.exe -k LocalService
wisptis.exe - /QuitInfo:0000028C;00000290; /AddRef;
TabTip.exe - /QuitInfo:000002A0;00000288;
svchost.exe - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe - C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
SBCSSvc.exe - "C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe"
wisptis.exe - /QuitInfo:00000468;00000498; /AddRef;
TabTip.exe - /QuitInfo:00000494;000004A4;
explorer.exe - C:\Windows\Explorer.EXE
firefox.exe - "C:\Program Files\Mozilla Firefox\firefox.exe"
cmd.exe - cmd /c ""C:\Users\****\Desktop\find.bat" "
cscript.exe - cscript C:\escan\prclst.vbs //nologo
WmiPrvSE.exe - C:\Windows\system32\wbem\wmiprvse.exe
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
ERROR!!! Invalid Entry CCUTRAYICON = FactoryMode (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken
ERROR!!! Invalid Entry \??\C:\ComboFix\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme. Action Taken: No Action Taken
ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\EagleNT.sys in SYSTEM\CurrentControlSet\Services\EagleNT. Action Taken: No Action Taken
ERROR!!! Invalid Entry system32\DRIVERS\ipinip.sys in SYSTEM\CurrentControlSet\Services\IpInIp. Action Taken: No Action Taken
ERROR!!! Invalid Entry system32\DRIVERS\nwlnkflt.sys in SYSTEM\CurrentControlSet\Services\NwlnkFlt. Action Taken: No Action Taken
ERROR!!! Invalid Entry system32\DRIVERS\nwlnkfwd.sys in SYSTEM\CurrentControlSet\Services\NwlnkFwd. Action Taken: No Action Taken
ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\sbapifs.sys in SYSTEM\CurrentControlSet\Services\SBAPIFS. Action Taken: No Action Taken
ERROR!!! Invalid Entry "C:\Program Files\Windows Home Server\WHSConnector.exe" in SYSTEM\CurrentControlSet\Services\WHSConnector. Action Taken: No Action Taken
ERROR!!! ScanFile fails for C:\Boot\BCD
ERROR!!! ScanFile fails for C:\Boot\BCD.LOG
ERROR!!! ScanFile fails for C:\hp\bin\MSOffice\HOMESTUDENTR.WW\HOMESRWW.CAB
ERROR!!! ScanFile fails for C:\hp\bin\MSOffice\OFFICE.DE-DE\OFFICELR.CAB
ERROR!!! ScanFile fails for C:\hp\HPQWare\DTSHORTCUTS\KO_KR\??.lnk
ERROR!!! ScanFile fails for C:\hp\HPQWare\DTSHORTCUTS\ZH_HK\?????eBay!.lnk
ERROR!!! ScanFile fails for C:\hp\HPQWare\Favs\KO_KR\HP\??.url
ERROR!!! ScanFile fails for C:\hp\HPQWare\Favs\ZH_HK\HP\?????eBay!.url
ERROR!!! ScanFile fails for C:\hp\HPQWare\StartMenuLink\KO_KR\??.lnk
ERROR!!! ScanFile fails for C:\hp\HPQWare\StartMenuLink\ZH_HK\?????eBay!.lnk
ERROR!!! ScanFile fails for C:\pagefile.sys
Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearches.7z: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~1.7Z
Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearchesDe.7z: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~2.7Z
ERROR!!! ScanFile fails for C:\PROGRA~2\KASPER~1\KASPER~1\german\KISDE~1.MSI
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c254e9ef72fad4733981eaed6398d865_25b7efea-28ec-4258-be4c-57619970c9b8
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e89e09f16e178508cd30d7a1f54b19c8_25b7efea-28ec-4258-be4c-57619970c9b8
ERROR!!! ScanFile fails for C:\Users\****\AppData\Local\DOWNLO~1\{8B9A1~1\DEKARO~1.MSI
ERROR!!! ScanFile fails for C:\Users\****\AppData\Local\Microsoft\Windows\UsrClass.dat
ERROR!!! ScanFile fails for C:\Users\****\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
Result: ERROR!!! File C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-30-2008 - 01-55-14.SBU: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\Users\****\AppData\Roaming\SUPERA~1.COM\SUPERA~1\QUARAN~1\QUARAN~1.SBU
ERROR!!! ScanFile fails for C:\Users\****\Downloads\175.19_geforce_winvista_32bit_international_whql.exe
ERROR!!! ScanFile fails for C:\Users\****\Downloads\Final_Fantasy_Tactics_A2_Grimoire_of_the_Rift_EUR_MULTi4_NDS-EXiMiUS.rar
ERROR!!! ScanFile fails for C:\Users\****\Downloads\kis8.0.0.357de.exe
ERROR!!! ScanFile fails for C:\Users\****\ntuser.dat
ERROR!!! ScanFile fails for C:\Users\****\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Users\****\ntuser.dat.LOG2
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\windows6.0-kb936330-X86-express.cab
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\edb.log
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
ERROR!!! ScanFile fails for C:\Windows\System32\config\components
ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\default
ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\COMPONENTS
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\DEFAULT
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SAM
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SECURITY
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SOFTWARE
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SYSTEM
ERROR!!! ScanFile fails for C:\Windows\System32\config\sam
ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\security
ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\software
ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG2
ERROR!!! ScanFile fails for C:\Windows\System32\config\system
ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
ERROR!!! ScanFile fails for D:\hp\apps\APP14819\pcdr\Setup.exe
ERROR!!! ScanFile fails for D:\hp\Drv\APP26734\src\Win32\Data1.cab
ERROR!!! ScanFile fails for D:\hp\Drv\APP26734\src\Win64\Data1.cab
ERROR!!! ScanFile fails for D:\PRELOAD\74DEv3PrA22.wim
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\Windows\System32\drivers\etc\hosts:
C:\Windows\System32\drivers\etc\hosts:127.0.0.1 localhost
C:\Windows\System32\drivers\etc\hosts:::1 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zahl der gescannten Objekte: 117760
Zahl der kritischen Objekte: 0
Zahl der desinfizierten Objekte: 0
Zahl der umbenannten Dateien: 0
Zahl der gelöschten Objekte: 0
Zahl der Fehler: 12
Zeit verstrichen: 02:13:49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Speicherüberprüfung: Aktiviert
Registrierungsdatenbank-Überprüfung: Aktiviert
Überprüfung des Startordners: Aktiviert
Überprüfung des Systemordners: Aktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Laufwerke: Deaktiviert
Überprüfung aller Laufwerke:Aktiviert
Überprüfung der Ordner: Deaktiviert

Batchstart: 21:01:42,07
Batchende: 21:01:45,33





11 Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:46, on 30.06.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h*****p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h*****p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h*****p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h*****p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h*****p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*****\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: SCALEO wake up.lnk = ?
O4 - Global Startup: Windows Home Server.lnk = ?
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - h*****p://www.eset.eu/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: Windows Home Server-Connectordienst (WHSConnector) - Unknown owner - C:\Program Files\Windows Home Server\WHSConnector.exe (file missing)

--
End of file - 7729 bytes


11 Iclean
0iclean log 30.06.2008 21:06:26

Windows Vista SP1, Kernel functions unavailable

Processes
---------
328 - \SystemRoot\System32\smss.exe - \SystemRoot\System32\smss.exe
388 - C:\Windows\system32\csrss.exe - Client-Server-Laufzeitprozess
424 - C:\Windows\system32\csrss.exe - Client-Server-Laufzeitprozess
432 - C:\Windows\system32\wininit.exe - Windows-Startanwendung
476 - C:\Windows\system32\winlogon.exe - Windows-Anmeldeanwendung
504 - C:\Windows\system32\services.exe - Anwendung für Dienste und Controller
516 - C:\Windows\system32\lsass.exe - Local Security Authority Process
524 - C:\Windows\system32\lsm.exe - Lokaler Sitzungs-Manager-Dienst
676 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
732 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
768 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
852 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
880 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
920 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
948 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
1112 - C:\Windows\SYSTEM32\WISPTIS.EXE - Microsoft Tablet PC Input Component
1120 - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - Tablet PC Input Panel Accessory
1172 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
1400 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
1424 - C:\Windows\system32\svchost.exe - Hostprozess für Windows-Dienste
1436 - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe - Scan Service (Signed)
1804 - C:\Windows\SYSTEM32\WISPTIS.EXE - Microsoft Tablet PC Input Component
1812 - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - Tablet PC Input Panel Accessory
1928 - C:\Windows\Explorer.EXE - Windows-Explorer
808 - C:\Program Files\Mozilla Firefox\firefox.exe - Firefox (Signed)
1524 - C:\Users\***\Downloads\Neuer Ordner\iclean.exe - Interactive Cleaner

Services
--------
C:\Windows\system32\svchost.exe=BFE
C:\Windows\system32\svchost.exe=CryptSvc
=DcomLaunch
C:\Windows\system32\svchost.exe=Dhcp
C:\Windows\system32\svchost.exe=EapHost
C:\Windows\system32\svchost.exe=Eventlog
C:\Windows\system32\svchost.exe=IKEEXT
C:\Windows\system32\lsass.exe=KeyIso
C:\Windows\system32\svchost.exe=LanmanWorkstation
C:\Windows\system32\svchost.exe=lmhosts
C:\Windows\system32\svchost.exe=MpsSvc
C:\Windows\system32\svchost.exe=Netman
C:\Windows\system32\svchost.exe=netprofm
C:\Windows\system32\svchost.exe=NlaSvc
C:\Windows\system32\svchost.exe=nsi
C:\Windows\system32\svchost.exe=PlugPlay
C:\Windows\system32\svchost.exe=PolicyAgent
C:\Windows\system32\svchost.exe=ProfSvc
=RpcSs
c:\program files\sunbelt software\counterspy\sbcssvc.exe=SBCSSvc
C:\Windows\system32\svchost.exe=TabletInputService
C:\Windows\system32\svchost.exe=WinDefend
C:\Windows\system32\svchost.exe=Winmgmt
C:\Windows\system32\svchost.exe=Wlansvc

Registry
--------
000=HKCU\Run: BitTorrent DNA="c:\users\***\program files\dna\btdna.exe"
000=HKCU\Run: ehTray.exe=c:\windows\ehome\ehtray.exe
000=HKCU\Run: PMCLoader=c:\program files\pinnacle\tvcenter pro\pmcloader.exe
000=HKCU\Run: PMCRemote=
000=HKCU\Run: SUPERAntiSpyware=c:\program files\superantispyware\superantispyware.exe
000=HKLM\Run: Adobe Reader Speed Launcher="c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
000=HKLM\Run: ArcSoft Connection Service=c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe
000=HKLM\Run: AVP="c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
000=HKLM\Run: BrMfcWnd=c:\program files\brother\brmfcmon\brmfcwnd.exe
000=HKLM\Run: CCUTRAYICON=factorymode
000=HKLM\Run: ControlCenter3=c:\program files\brother\controlcenter3\brctrcen.exe
000=HKLM\Run: HP Health Check Scheduler=c:\program files\hewlett-packard\hp health check\hphc_scheduler.exe
000=HKLM\Run: HP Software Update=c:\program files\hp\hp software update\hpwuschd2.exe
000=HKLM\Run: hpsysdrv=c:\hp\support\hpsysdrv.exe
000=HKLM\Run: KBD=c:\hp\kbd\kbdstub.exe
000=HKLM\Run: NvCplDaemon=c:\windows\system32\nvcpl.dll
000=HKLM\Run: NvMediaCenter=c:\windows\system32\nvmctray.dll
000=HKLM\Run: OsdMaestro="c:\program files\hewlett-packard\on-screen osd indicator\osd.exe"
000=HKLM\Run: RtHDVCpl=c:\windows\rthdvcpl.exe
000=HKLM\Run: SBCSTray=c:\program files\sunbelt software\counterspy\sbcstray.exe
000=HKLM\Run: SunJavaUpdateReg="c:\windows\system32\jureg.exe" -delete
001=Firewall bypass: C:\Program Files\BitTorrent\bittorrent.exe=c:\program files\bittorrent\bittorrent.exe
020=SSODL: WebCheck=(null)
030=BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=(null) ()
030=BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}=c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll (IEVkbdBHO Class)
030=BHO: {9A065C65-4EE7-4DDD-9918-F129089A894A}=c:\program files\windows home server\whsdeskbands.dll (BrowserHelper Class)
030=BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}=(null) ()
031=Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}=(null)
031=Toolbar: ITBar7Layout=(null)
031=Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}=(null)

Startup Folders
---------------
Common: desktop.ini
Common: photofunstudio -viewer-.lnk -> C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE
Common: pinnacle streaming server.lnk -> C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE
Common: scaleo wake up.lnk -> C:\Program Files\Fujitsu Siemens Computers\SCALEO wake up\FSC_WHS_RC.exe
Common: windows home server.lnk -> C:\Program Files\Windows Home Server\WHSTrayApp.exe
Personal: desktop.ini

Alt 30.06.2008, 21:31   #8
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



06 MalewareBytes(hat einen trojaner im launcher eines bekannten online games entdeckt..?keine ahnung obs was zu sagen hat .)

Malwarebytes' Anti-Malware 1.19
Datenbank Version: 905
Windows 6.0.6001 Service Pack 1

03:37:26 30.06.2008
mbam-log-6-30-2008 (03-37-26).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 141447
Scan Dauer: 18 minute(s), 31 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Program Files\gPotato.eu\Rappelz\Launcher.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



---------------------------------------------
bisher hat sich nichts spyhunterdateitechnisch im programmordner getan , bisher nicht wieder aufgetaucht. ich hoffe mal dass der rechner nun wieder stabil ist? Ich habe natürlich immernoch systemwiederherstellung aus und "kein java" auf dem rechner , aber wenn das ganze behoben ist kann man dann ganz nnormal wieder java installieren oder sind bestimmte versionen tabu....?

Alt 01.07.2008, 16:56   #9
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



tut mir leid , ich wollte eigentlich den lezten beitrag editieren , statt einen neuen zu posten , aber da ist auf einmal kein button weit und breit dafür mehr zu finden.

also , kleines update , hier ein CounterSpy log:
Scan History Details
Start Date: 01.07.2008 17:08:16
End Date: 01.07.2008 17:42:13
Total Time: 33 Min 57 Sec
Detected security risks

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1801194352-3344109957-2580172721-1001\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-1801194352-3344109957-2580172721-1001\SOFTWARE\KAZAA\LocalContent


Trojan-Downloader.Win32.Agent.aww Trojan Downloader more information...
Status: Deleted

Files detected
C:\Windows\swxcacls.exe


ich hab übrigens nie kazaa besessen und hab bisher auch noch nichts ausser den von euch empfohlenen progs runtergeladen. und counterspy hat das programm vorher nicht angezeigt... hab mich wohl zu früh gefreut.

Alt 01.07.2008, 17:53   #10
undoreal
/// AVZ-Toolkit Guru
 
Spyhunter opfer... - Standard

Spyhunter opfer...



Zitat:
dann ganz nnormal wieder java installieren oder sind bestimmte versionen tabu....?
Ja, die alten.. ^^
Immer schön alles aktuell halten!

Ich vermisse noch ein SUPERAntiSpyware log..
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 01.07.2008, 18:15   #11
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



ah tut mir leid , der muss beim zerhacken des riesenbeitrags in kleine teile draufgegangen sein.


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 06/30/2008 at 01:53 AM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 00:47:49

Memory items scanned : 666
Memory threats detected : 0
Registry items scanned : 6092
Registry threats detected : 0
File items scanned : 111739
File threats detected : 9

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.71i[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.mynortonaccount[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@fastclick[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@2o7[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zbox.zanox[1].txt

Geändert von drachior (01.07.2008 um 18:43 Uhr)

Alt 01.07.2008, 18:57   #12
undoreal
/// AVZ-Toolkit Guru
 
Spyhunter opfer... - Standard

Spyhunter opfer...




Cureit Dr.Web
  • Downloade Dr.Web CureIt!
  • Speichere es auf deinem Desktop.
  • Entpacke es in einen eigenen Ordner.
  • Lies nun zuerst die deutsche Anleitung und drucke sie dir aus.
  • Lass alle Malware in den Quarantaene Ordner verschieben.
  • Ignoriere eventuelle Warnungen seitens deines AV Programms, du kannst auch offline gehen und -> dann dein AV Programm während des Scannens mit Dr. Web CureIt! abstellen.
  • Vergiss bitte nicht, dein AV Programm nach dem Scan wieder anzustellen.
  • Speichere das Logfile - siehe Anleitung - und poste es.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 01.07.2008, 22:59   #13
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



stream003\strmserver.exe.184BCE29_589D_4695_8887_63F4C08E3857;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Downloaded Installations\{B0869F18-0877-4F0E-BEBA-4E653ACAAB1F}\P;Wahrscheinlich DLOADER.Trojan;;
stream003;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Downloaded Installations\{B0869F18-0877-4F0E-BEBA-4E653ACAAB1F}\P;Archiv enthält infizierte Objekte;;
Pinnacle DistanTV Server.msi;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Downloaded Installations\{B0869F18-0877-4F0E-BEBA-4E653ACAAB1F};Archiv enthält infizierte Objekte;Verschoben.;
AD54D78Cd01;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
AD54DB3Fd01\Silent Runners.vbs;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache\AD54DB3Fd01;Wahrscheinlich BATCH.Virus;;
AD54DB3Fd01;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Archiv enthält infizierte Objekte;Verschoben.;
AD54D78Cd01;C:\Documents and Settings\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
AD54D78Cd01;C:\Documents and Settings\***\AppData\Local\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
ComboFix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\***\Desktop\ComboFix.exe;Wahrscheinlich SCRIPT.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\***\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\***\Desktop;Archiv enthält infizierte Objekte;Verschoben.;
Silent Runners.zip\Silent Runners.vbs;C:\Documents and Settings\***\Desktop\Silent Runners.zip;Wahrscheinlich BATCH.Virus;;
Silent Runners.zip;C:\Documents and Settings\***\Desktop;Archiv enthält infizierte Objekte;Verschoben.;
Silent Runners.vbs;C:\Documents and Settings\***\Desktop\Silent Runners;Wahrscheinlich BATCH.Virus;;
AD54DB3Fd01\Silent Runners.vbs;C:\Documents and Settings\***\DoctorWeb\Quarantine\AD54DB3Fd01;Wahrscheinlich BATCH.Virus;;
AD54DB3Fd01;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
ComboFix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\***\DoctorWeb\Quarantine\ComboFix.exe;Wahrscheinlich SCRIPT.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\***\DoctorWeb\Quarantine\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
stream003\strmserver.exe.184BCE29_589D_4695_8887_63F4C08E3857;C:\Documents and Settings\***\DoctorWeb\Quarantine\Pinnacle DistanTV Server.msi\stream003;Wahrscheinlich DLOADER.Trojan;;
stream003;C:\Documents and Settings\***\DoctorWeb\Quarantine\Pinnacle DistanTV Server.msi;Archiv enthält infizierte Objekte;;
Pinnacle DistanTV Server.msi;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
Silent Runners.zip\Silent Runners.vbs;C:\Documents and Settings\***\DoctorWeb\Quarantine\Silent Runners.zip;Wahrscheinlich BATCH.Virus;;
Silent Runners.zip;C:\Documents and Settings\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
AD54D78Cd01;C:\Documents and Settings\***\Lokale Einstellungen\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
AD54D78Cd01;C:\Dokumente und Einstellungen\***\AppData\Local\Anwendungsdaten\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
AD54D78Cd01;C:\Dokumente und Einstellungen\***\AppData\Local\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
Silent Runners.vbs;C:\Dokumente und Einstellungen\***\Desktop\Silent Runners;Wahrscheinlich BATCH.Virus;;
AD54DB3Fd00\Silent Runners.vbs;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\AD54DB3Fd00;Wahrscheinlich BATCH.Virus;;
AD54DB3Fd00;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
ComboFi0.exe\327882R2FWJFW\FIND3M.bat;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\ComboFi0.exe;Wahrscheinlich SCRIPT.Virus;;
ComboFi0.exe\327882R2FWJFW\psexec.cfexe;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\ComboFi0.exe;Program.PsExec.171;;
ComboFi0.exe;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
stream003\strmserver.exe.184BCE29_589D_4695_8887_63F4C08E3857;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\Pinnacle DistanTV Serve0.msi\stream003;Wahrscheinlich DLOADER.Trojan;;
stream003;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\Pinnacle DistanTV Serve0.msi;Archiv enthält infizierte Objekte;;
Pinnacle DistanTV Serve0.msi;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
Silent Runner0.zip\Silent Runners.vbs;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\Silent Runner0.zip;Wahrscheinlich BATCH.Virus;;
Silent Runner0.zip;C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine;Archiv enthält infizierte Objekte;Verschoben.;
AD54D78Cd01;C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
StrmServer.exe;C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer;Wahrscheinlich DLOADER.Trojan;;
StrmServer.exe;C:\Programme\Pinnacle\Shared Files\Programs\StrmServer;Wahrscheinlich DLOADER.Trojan;;
AD54D78Cd01;C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;
Silent Runners.vbs;C:\Users\***\Desktop\Silent Runners;Wahrscheinlich BATCH.Virus;;
AD54D78Cd01;C:\Users\***\Lokale Einstellungen\Mozilla\Firefox\Profiles\svv40oyx.default\Cache;Wahrscheinlich BATCH.Virus;;

------------------------------------------------------
Es sieht aus als hätte der weinachtsmann reichlich geschenke mitgebracht.... Unter anderem hab ich eben ein pinfect.zip in meinem dokumentordner entdeckt ... hab aber fürs erste noch nichts angerührt.

Alt 02.07.2008, 07:25   #14
undoreal
/// AVZ-Toolkit Guru
 
Spyhunter opfer... - Standard

Spyhunter opfer...



Hast du die ganzen funde löschen lassen?

Die pinfect.zip ebenfalls löschen!
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -

Alt 02.07.2008, 11:47   #15
drachior
 
Spyhunter opfer... - Standard

Spyhunter opfer...



du meintest ich soll die malware in quarantäne verschieben , ich hab am ende des scans auf alles markieren geklickt und dann versucht alles zu vershieben , aber bei gut 50% hat er die dateien nicht mehr gefunden , beim rest hat er GAR keine aktion ausgeführt.danach war auch nichts mehr an aktionen anwählbar. ich werde es nochmal laufen lassen und verdächtige dateien ebenfalls eventuell löschen lassen( ich hoff mal ich hau nicht irgend ne system datei vom rechner , werd vorsichtig sein).hab noch zusätzlich starke beschränkungen bei firefox und IE eingestellt , nachdem der explorer versucht hat spontan auf die pinfect.zip zuzugreifen , und firefox sich selbstständig dazu entschieden hat einen trojaner von einer seite namens cobrabasket zu laden. ich melde mich dann später mit HijackThis log und Dr. Web report . vielen dank nochmals für deine hilfe , ich finds toll dass es leute gibt , die idioten wie mir freiwillig helfen *g

Antwort

Themen zu Spyhunter opfer...
adobe, alert, antispyware, application, bho, controlcenter, defender, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, internet security, kaspersky, mozilla, mozilla firefox, neustart, programm, rundll, schutz, security, software, studio, symantec, system, tracker, vielen dank, vista, windows, windows defender, windows sidebar



Ähnliche Themen: Spyhunter opfer...


  1. Spyhunter-Opfer. e-mail ok. "Übergriffe" in Firefox
    Log-Analyse und Auswertung - 04.12.2014 (13)
  2. PROBLEME mit Spyhunter und mystart! Wie bekomme ich Spyhunter wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  3. Mit Spyhunter 47 Bedrohungen gefunden, Spyhunter wurde aber wieder deinstalliert.
    Log-Analyse und Auswertung - 25.10.2013 (9)
  4. Ein weiteres Opfer der 100€ Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (5)
  5. ein weiteres opfer
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (2)
  6. AKM-Virus hat noch ein Opfer...
    Log-Analyse und Auswertung - 11.06.2012 (19)
  7. und noch ein AKM 100 EUR Opfer...
    Log-Analyse und Auswertung - 25.05.2012 (12)
  8. Opfer des 100€ Trojaner
    Log-Analyse und Auswertung - 18.04.2012 (27)
  9. BotNet Opfer?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (3)
  10. Opfer eines Hacker
    Alles rund um Windows - 27.01.2009 (1)
  11. hijack opfer
    Log-Analyse und Auswertung - 14.09.2007 (1)
  12. Bitgrabber-Opfer
    Log-Analyse und Auswertung - 01.02.2007 (8)
  13. Hack-Opfer!
    Log-Analyse und Auswertung - 04.09.2006 (14)
  14. noch ein spy axe opfer...
    Log-Analyse und Auswertung - 16.12.2005 (13)
  15. Opfer vom WebSiteViewer
    Plagegeister aller Art und deren Bekämpfung - 10.03.2005 (3)
  16. Opfer von Internetattacken
    Log-Analyse und Auswertung - 09.03.2005 (3)
  17. ich bin ein opfer geworden
    Antiviren-, Firewall- und andere Schutzprogramme - 17.09.2004 (12)

Zum Thema Spyhunter opfer... - nun , auf der suche nach einem besseren programm hab ich mir dieses ding( Spyhunter) eingefangen , sitz schon den ganzen tag daran zu versuchen eine lösung zu finden... bisher - Spyhunter opfer......
Archiv
Du betrachtest: Spyhunter opfer... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.