| |
| |||||||
Log-Analyse und Auswertung: ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.08.2008, 21:10
| #1 |
 |  Probleme Hallo! Habe seit 2 Tagen große Probleme mit meinem Rechner - folgende Auswirkungen: falls Internetverbindung vorhanden (habe seitdem Netzkabel entfernt) werden hunderte Mails verschickt (schätze mal Spam), Hintergrund blau mit Warnhinweis, Popup mit "Antivirus XP 2008 license agreement", wenn ich versuche Task Manager zu öffnen erscheint der Hinweis dies ist nicht möglich da Administrator Einstellung geändert hat (Hinweis kommt auch während ComboFix arbeitet - nur hier bezüglich Registrierungs-Editor). Achja, und unter C:\ gibt es den Ordner "google.com", der sich nicht löschen lässt. Bitte um Hilfe. Hier die logfiles: 1)Hijack 2)malware (hat bei scan einiges gefunden, ist aber beim anschließenden Reinigungsversuch abgestürzt) 3)ComboFix (während Erstellung des logfiles kam der Hinweis daß er nicht auf die RegEdit zugreifen kann, da durch Administrator deaktiviert) 1) Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:05:18, on 29.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\runservice.exe C:\Programme\Cyberlink\Shared files\RichVideo.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\hkcmd.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\explorer.exe C:\Progr\Antivirus\HiJackThis_v2.exe C:\google.com\svchost.exe C:\google.com\svchost.exe C:\google.com\svchost.exe C:\google.com\svchost.exe C:\google.com\svchost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programme\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [inrhc3nnj0e1e5] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt5A.tmp.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CDriver] c:\google.com\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\google.com\svchost.exe O4 - HKCU\..\Run: [alpha] c:\google.com\svchost.exe O4 - HKCU\..\Run: [beta] c:\google.com\svchost.exe O4 - HKCU\..\Run: [gamma] c:\google.com\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\google.com\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\google.com\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\google.com\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\google.com\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\google.com\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9B96ADEE-A5ED-4074-82F3-C83140756B3F}: NameServer = 212.88.160.2,212.88.160.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe -- End of file - 7484 bytes |
|
29.08.2008, 21:11
| #2 |
| | Probleme 2)
__________________Malwarebytes' Anti-Malware 1.25 Datenbank Version: 1062 Windows 5.1.2600 Service Pack 2 18:16:00 29.08.2008 mbam-log-08-29-2008 (18-15-57).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 160591 Laufzeit: 3 hour(s), 9 minute(s), 51 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 33 Infizierte Dateiobjekte der Registrierung: 6 Infizierte Verzeichnisse: 3 Infizierte Dateien: 31 Infizierte Speicherprozesse: C:\google.com\svchost.exe (Trojan.Clicker) -> No action taken. C:\WINDOWS\neos.exe (Trojan.Agent) -> No action taken. Infizierte Speichermodule: C:\AntivirAsistant\1.dll (Trojan.BHO) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1d3576a-ca42-4d09-83c1-15d563c19d71} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b1d3576a-ca42-4d09-83c1-15d563c19d71} (Trojan.BHO.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9988775d-4368-4857-871a-d01d66ca3a71} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d21d9540-6415-4288-bdd0-4453088d9d38} (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{28a73c97-a538-08ee-fa8a-1cf3009db0d0} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28a73c97-a538-08ee-fa8a-1cf3009db0d0} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdriver (Trojan.Clicker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ddriver (Trojan.Clicker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alpha (Trojan.Clicker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\beta (Trojan.Clicker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gamma (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cdriver (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ddriver (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\alpha (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\beta (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gamma (Trojan.Clicker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\neos (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DriverCheck (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemDriverLoad (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemDriver (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FDriver (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ADriver (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DriverLoad (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DriverLoad (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DriverCheck (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SystemDriverLoad (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost1 (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost2 (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost3 (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost4 (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\FDriver (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ADriver (Trojan.Clicker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc3nnj0e1e5 (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SystemDriver (Trojan.Clicker) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.QHost) -> Data: c:\windows\system32\wowfx.dll -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.QHost) -> Data: wowfx.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.QHost) -> Data: system32\wowfx.dll -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: C:\AntivirAsistant (Rogue.Agent) -> No action taken. C:\google.com (Trojan.Agent) -> No action taken. C:\Programme\altcmd (Trojan.Agent) -> No action taken. Infizierte Dateien: C:\AntivirAsistant\1.dll (Trojan.BHO.H) -> No action taken. c:\google.com\svchost.exe (Trojan.Clicker) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\000002.exe (Spyware.Banker) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\005.exe (Trojan.Clicker) -> No action taken. C:\WINDOWS\system32\alt.exe.exe (Trojan.Agent) -> No action taken. C:\AntivirAsistant\1.bat (Rogue.Agent) -> No action taken. C:\Programme\altcmd\altcmd.inf (Trojan.Agent) -> No action taken. C:\Programme\altcmd\altcmd32.dll (Trojan.Agent) -> No action taken. C:\Programme\altcmd\uninstall.bat (Trojan.Agent) -> No action taken. C:\WINDOWS\neos.exe (Trojan.Agent) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\back.exe.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\wowfx.dll (Trojan.QHost) -> No action taken. C:\WINDOWS\crock+mock.config (Worm.Zhelatin) -> No action taken. C:\WINDOWS\system32\blphc7nnj0e1e5.scr (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\lphc7nnj0e1e5.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\phc7nnj0e1e5.bmp (Trojan.FakeAlert) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\.tt5A.tmp.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> No action taken. C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\dnlsvc.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. |
|
29.08.2008, 21:12
| #3 |
| | Probleme 3)
__________________ComboFix 08-08-28.02 - Administrator 2008-08-29 21:40:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.312 [GMT 2:00] ausgeführt von:: F:\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programme\altcmd C:\Programme\altcmd\altcmd.inf C:\Programme\altcmd\altcmd32.dll C:\Programme\altcmd\uninstall.bat C:\WINDOWS\crock+mock.config C:\WINDOWS\neos.exe C:\WINDOWS\system\smss.exe C:\WINDOWS\system32\alt.exe.exe C:\WINDOWS\system32\back.exe.exe C:\WINDOWS\system32\blphc7nnj0e1e5.scr C:\WINDOWS\system32\lphc7nnj0e1e5.exe C:\WINDOWS\system32\phc7nnj0e1e5.bmp C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\wowfx.dll F:\autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2008-07-28 bis 2008-08-29 )))))))))))))))))))))))))))))) . 2008-08-28 21:06 . 2008-08-29 18:16 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-08-28 21:06 . 2008-08-28 21:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-08-28 21:06 . 2008-08-28 21:06 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes 2008-08-28 21:06 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-28 21:06 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-28 20:45 . 2008-08-28 20:45 <DIR> d-------- C:\Programme\Lavasoft 2008-08-28 20:45 . 2008-08-28 20:45 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-08-28 20:07 . 2008-08-28 20:07 <DIR> d-------- C:\Programme\CCleaner 2008-08-28 18:52 . 2008-08-28 18:52 <DIR> d-------- C:\Programme\Alwil Software 2008-08-28 17:58 . 2008-08-28 17:58 78,848 --a------ C:\WINDOWS\edown4.exe 2008-08-27 20:22 . 2008-08-27 20:22 48,640 --a------ C:\WINDOWS\inform.dat 2008-08-27 20:22 . 2008-08-27 20:22 36,352 --a------ C:\WINDOWS\system32\pns32.dll 2008-08-27 20:21 . 2008-08-27 20:21 <DIR> d-------- C:\google.com 2008-08-27 20:21 . 2008-08-27 20:21 <DIR> d-------- C:\AntivirAsistant 2008-08-27 20:20 . 2008-08-27 20:20 <DIR> d-------- C:\WINDOWS\system32\xlib254.dll 2008-08-27 20:20 . 2008-08-27 20:20 <DIR> d-------- C:\WINDOWS\system32\append.dll 2008-08-23 21:53 . 2008-08-23 21:53 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU 2008-08-23 21:51 . 2008-08-23 21:51 <DIR> d-------- C:\Programme\AVS4YOU 2008-08-23 21:50 . 2008-08-23 21:50 <DIR> d-------- C:\Programme\AVSVideotoGO 2008-08-23 21:49 . 2008-08-23 21:51 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia 2008-08-23 21:48 . 2008-08-23 21:53 <DIR> d-------- C:\Programme\AVSDVDPlayer . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 19:11 --------- d-----w C:\Programme\Symantec 2008-08-28 19:11 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2008-08-28 18:44 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-08-28 18:27 --------- d-----w C:\Programme\Norton AntiVirus 2008-08-28 18:27 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2008-08-23 19:06 --------- d-----w C:\Programme\Emule 2008-08-16 15:54 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 2008-08-04 17:55 --------- d-----w C:\Programme\Zoom Player 2008-07-28 20:25 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Inkscape 2008-07-28 20:23 --------- d-----w C:\Programme\Inkscape 2008-07-09 19:13 --------- d-----w C:\Programme\Photoshop 2008-07-09 18:53 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-07-03 10:08 --------- d-----w C:\Programme\Real 2008-07-03 10:08 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared 2008-07-03 10:08 --------- d-----w C:\Programme\Gemeinsame Dateien\Real 2008-04-09 06:27 53,648 ----a-w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2007-09-05 12:15 1,164,456 ----a-w C:\Programme\install_flash_player.exe 2006-10-10 16:09 8,799,656 ----a-w C:\Programme\maketorrent-2.1.exe 2006-09-03 17:43 277,936,872 ----a-w C:\Programme\WindowsXP-KB835935-SP2-DEU.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2003-12-27 21:43 81920 C:\Programme\D-Tools\daemon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Mozilla Firefox\\firefox.exe"= "C:\\Spiele\\Silent Hunter II\\Shell\\SH2.exe"= "C:\\Programme\\Emule\\emule.exe"= "C:\\Programme\\Azureus\\Azureus.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 21:42] R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 03:38] R1 SSHDRV52;SSHDRV52;C:\WINDOWS\System32\drivers\SSHDRV52.sys [2005-09-07 22:32] R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-02-12 19:06] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9988775D-4368-4857-871A-D01D66CA3A71}] rundll32 pns32.dll,InitO . . ------- Zus„tzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\mvj2gd3l.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://orf.at/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 21:47:45 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aavmker4] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aawservice] "ImagePath"="C:\Programme\Lavasoft\Ad-Aware\aawservice.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="System32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aeaudio] "ImagePath"="system32\drivers\aeaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMon2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswRdr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswUpdSv] "ImagePath"="\"C:\Programme\Alwil Software\Avast4\aswUpdSv.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="System32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="System32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="System32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Autodesk Licensing Service] "ImagePath"="\"C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Automatic LiveUpdate Scheduler] "ImagePath"="\"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus] "ImagePath"="\"C:\Programme\Alwil Software\Avast4\ashServ.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Mail Scanner] "ImagePath"="\"C:\Programme\Alwil Software\Avast4\ashMaiSv.exe\" /service" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Web Scanner] "ImagePath"="\"C:\Programme\Alwil Software\Avast4\ashWebSv.exe\" /service" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme] "ImagePath"="\??\C:\ComboFix\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="System32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cisvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Class] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d344bus] "ImagePath"="System32\DRIVERS\d344bus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d344prt] "ImagePath"="System32\Drivers\d344prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="System32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B] "ImagePath"="System32\DRIVERS\e100b325.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="C:\WINDOWS\System32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] "ImagePath"="System32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] "ImagePath"="System32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="System32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="System32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb] "ImagePath"="System32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpt3xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="System32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm] "ImagePath"="System32\DRIVERS\ialmnt5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="System32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ip6fw] "ImagePath"="system32\drivers\ip6fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="System32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="System32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="System32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="System32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="System32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="System32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="System32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid] "ImagePath"="System32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicCtrlService] "ImagePath"="C:\WINDOWS\runservice.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LiveUpdate] "ImagePath"="\"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPDSVC] "ImagePath"="%SystemRoot%\System32\tcpsvcs.exe" [...] |
|
30.08.2008, 16:28
| #4 |
| | Probleme [...] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MBAMSwissArmy] "ImagePath"="\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="C:\WINDOWS\System32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="System32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid] "ImagePath"="System32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="System32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="System32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="C:\WINDOWS\System32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="System32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="System32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="System32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="System32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="System32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\System32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="System32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="System32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkIpx] "ImagePath"="System32\DRIVERS\nwlnkipx.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkNb] "ImagePath"="System32\DRIVERS\nwlnknb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkSpx] "ImagePath"="System32\DRIVERS\nwlnkspx.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="System32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="System32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="System32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="System32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor] "ImagePath"="System32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prodrv06] "ImagePath"="\SystemRoot\System32\drivers\prodrv06.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prohlp02] "ImagePath"="System32\drivers\prohlp02.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prosync1] "ImagePath"="System32\drivers\prosync1.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="System32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="System32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20] "ImagePath"="System32\DRIVERS\PxHelp20.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="System32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="System32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="System32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="System32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="System32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="C:\WINDOWS\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="System32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo] "ImagePath"="\"C:\Programme\Cyberlink\Shared files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM] "ImagePath"="System32\Drivers\RootMdm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\System32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\System32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort] "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="System32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum] "ImagePath"="System32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] "ImagePath"="System32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01] "ImagePath"="System32\drivers\sfdrv01.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp01] "ImagePath"="System32\drivers\sfhlp01.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02] "ImagePath"="System32\drivers\sfhlp02.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfsync02] "ImagePath"="System32\drivers\sfsync02.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm] "ImagePath"="system32\drivers\smwdm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="System32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="C:\WINDOWS\System32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="System32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSHDRV52] "ImagePath"="\??\C:\WINDOWS\System32\drivers\SSHDRV52.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="System32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{ABF8379F-7BC0-42ED-9E27-0B14C449558D}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymWSC] "ImagePath"="C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="System32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="System32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="C:\WINDOWS\System32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\toshidpt] "ImagePath"="system32\drivers\Toshidpt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tosporte] "ImagePath"="system32\DRIVERS\tosporte.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tosrfbd] "ImagePath"="System32\Drivers\tosrfbd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tosrfbnp] "ImagePath"="System32\Drivers\tosrfbnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tosrfcom] "ImagePath"="System32\Drivers\tosrfcom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tosrfhid] "ImagePath"="system32\DRIVERS\Tosrfhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tosrfnds] "ImagePath"="system32\DRIVERS\tosrfnds.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosRfSnd] "ImagePath"="system32\drivers\TosRfSnd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tosrfusb] "ImagePath"="System32\Drivers\tosrfusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="System32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="System32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="System32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR] "ImagePath"="System32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="System32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="System32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="C:\WINDOWS\System32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="C:\Programme\Windows Media Player\WMPNetwk.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="C:\WINDOWS\System32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6080A529-897E-4629-A488-ABA0C29B635E}] "ImagePath"="system32\drivers\ialmsbw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6F2DBFD0-A5BA-4C69-A90B-804C84B52743}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9B96ADEE-A5ED-4074-82F3-C83140756B3F}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}] "ImagePath"="system32\drivers\ialmkchw.sys" . ------------------------ Weitere, laufende Prozesse ------------------------ . C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programme\Cyberlink\Shared files\RichVideo.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe C:\google.com\svchost.exe C:\google.com\svchost.exe C:\google.com\svchost.exe C:\google.com\svchost.exe C:\google.com\svchost.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-08-29 22:03:11 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-08-29 20:03:05 Pre-Run: 5,002,678,272 Bytes frei Post-Run: 4,953,477,120 Bytes frei 686 |
|
| Themen zu Probleme |
| ad-aware, administrator, adobe, antivirus, avast, avast!, bho, browseui preloader, combofix, einstellung, einstellungen, ellung, excel, hijackthis, hkus\s-1-5-18, internet explorer, malware, nicht möglich, popup, problem, rundll, scan, security, software, spam, symantec, system, temp, warnhinweis, windows, windows xp |
Linear-Darstellung
