PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

john.doe · 10.07.2009, 22:50

Offensichtlich hat Kaspersky ihn entfernen können, das ist ja ganz was Neues.

1.) Deinstalliere:

AdAware
Apple Software Update
Bonjour
Google Update Helper
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy

2.) Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

ATTFilter

KILLALL::

Driver::
catchme
Bonjour Service
gupdate1c9e39a101dcf54
Lavasoft Ad-Aware Service

FixCSet::

RegNull::
[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"=-

File::
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

SysRst::

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

shirocko · 10.07.2009, 23:22

noch ne frage. warum soll ich adaware und spybot entfernen. dies sind doch antispyware und funktionieren auch gut.

john.doe · 10.07.2009, 23:24

Zitat:

dies sind doch antispyware und funktionieren auch gut.

Du wirst neue bekommen, die besser funktionieren. Versprochen.

ciao, andreas

shirocko · 10.07.2009, 23:45

der google update helper hat keine uninstall routine
soll ich das script trotzdem ausführen?
die anderen programme sind deinstalliert

john.doe · 10.07.2009, 23:56

Ja. Nachdem du das Log gepostest hast, weiter mit

1.) http://www.trojaner-board.de/51187-a...i-malware.html

2.) http://www.trojaner-board.de/51871-a...tispyware.html

Bin gespannt, was die alles finden werden, das Spybot und Adaware nicht gefunden haben.

ciao, andreas

shirocko · 11.07.2009, 01:48

ComboFix Log teil 1:

Code:

ATTFilter

ComboFix 09-07-08.07 - Admin 11.07.2009  1:38.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.2046.912 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\confixi.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\cfscript.TXT
AV: Kaspersky Security Suite CBE *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Security Suite CBE *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Security Suite CBE *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\tasks\Ad-Aware Update (Weekly).job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\tasks\Ad-Aware Update (Weekly).job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Service_Bonjour Service
-------\Service_catchme
-------\Service_gupdate1c9e39a101dcf54


(((((((((((((((((((((((   Dateien erstellt von 2009-06-11 bis 2009-07-11  ))))))))))))))))))))))))))))))
.

2009-07-10 23:49 . 2009-07-11 00:03	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2009-07-09 19:49 . 2009-07-09 19:50	--------	d-----w-	C:\rsit
2009-07-06 13:19 . 2009-07-06 13:19	--------	d-----w-	c:\program files\Trend Micro
2009-07-05 09:57 . 2009-02-12 09:41	973312	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
2009-07-04 10:35 . 2009-07-04 10:35	90112	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-07-04 10:35 . 2009-07-04 10:35	307200	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-07-04 10:35 . 2009-07-04 10:35	172032	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\users\Admin\AppData\Roaming\Vodafone
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\programdata\InstallShield
2009-07-04 10:25 . 2008-03-17 09:05	101632	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\programdata\Vodafone
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\program files\Vodafone
2009-07-03 15:21 . 2009-07-03 15:21	--------	d-----w-	c:\users\Admin\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}
2009-06-21 19:40 . 2006-12-20 12:23	114688	------w-	c:\windows\system32\pcleDVdc.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleDVcd.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleADV.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\ACnvrtX.dll
2009-06-21 19:40 . 2006-12-20 12:23	876544	------w-	c:\windows\system32\CSCnvrtX.dll
2009-06-14 10:00 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-06-14 10:00 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-11 11:53 . 2009-06-11 11:53	--------	d-----w-	c:\program files\Western Digital Corporation

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 00:01 . 2008-07-17 16:29	1532611616	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-10 23:58 . 2008-01-11 15:07	--------	d-----w-	c:\programdata\VMware
2009-07-10 23:57 . 2008-02-03 23:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-07-10 23:56 . 2008-07-17 16:29	20529668	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-10 23:27 . 2008-07-01 19:03	169936	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe
2009-07-10 22:43 . 2008-02-03 23:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-07-10 22:40 . 2007-12-26 20:09	--------	d-----w-	c:\program files\Bonjour
2009-07-10 22:36 . 2008-02-04 00:01	--------	d-----w-	c:\program files\Lavasoft
2009-07-10 22:36 . 2008-02-04 00:01	--------	d-----w-	c:\programdata\Lavasoft
2009-07-10 22:34 . 2007-12-25 01:38	--------	d-----w-	c:\programdata\Kaspersky Lab
2009-07-09 16:23 . 2006-11-02 15:48	737124	----a-w-	c:\windows\system32\perfh007.dat
2009-07-09 16:23 . 2006-11-02 15:48	166582	----a-w-	c:\windows\system32\perfc007.dat
2009-07-09 16:13 . 2008-01-11 15:11	--------	d-----w-	c:\users\Admin\AppData\Roaming\VMware
2009-07-05 21:54 . 2007-12-25 12:20	--------	d-----w-	c:\users\Admin\AppData\Roaming\Skype
2009-07-05 18:12 . 2008-09-30 15:27	56	---ha-w-	c:\programdata\ezsidmv.dat
2009-07-05 18:12 . 2007-12-25 12:21	--------	d-----w-	c:\users\Admin\AppData\Roaming\skypePM
2009-07-04 16:09 . 2007-12-26 22:08	--------	d-----w-	c:\users\Admin\AppData\Roaming\FileZilla
2009-07-04 10:24 . 2007-12-25 01:23	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-06-29 07:35 . 2007-12-26 22:00	--------	d-----w-	c:\program files\Google
2009-06-26 19:38 . 2009-06-06 18:44	--------	d-----w-	c:\program files\FileZilla Client
2009-06-25 06:13 . 2008-04-28 12:51	--------	d-----w-	c:\users\Admin\AppData\Roaming\Free Download Manager
2009-06-24 05:54 . 2007-12-25 13:38	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-06-18 15:50 . 2008-04-03 13:57	--------	d-----w-	c:\users\Admin\AppData\Roaming\Audacity
2009-06-14 15:58 . 2007-12-27 00:00	--------	d-----w-	c:\programdata\Microsoft Help
2009-06-06 15:23 . 2007-12-26 18:53	--------	d-----w-	c:\users\Admin\AppData\Roaming\Apple Computer
2009-06-06 12:38 . 2008-07-10 17:51	--------	d-----w-	c:\program files\iTunes
2009-06-06 12:37 . 2009-06-06 12:37	--------	d-----w-	c:\program files\iPod
2009-06-06 12:37 . 2007-12-26 18:49	--------	d-----w-	c:\program files\Common Files\Apple
2009-06-06 12:33 . 2008-01-11 12:19	--------	d-----w-	c:\program files\QuickTime Alternative
2009-06-06 12:20 . 2009-06-06 12:20	75048	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:11 . 2009-05-11 20:22	1	----a-w-	c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 14:28 . 2008-07-17 16:36	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-21 14:28 . 2008-07-17 16:36	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-19 16:31 . 2007-12-25 01:18	130424	----a-w-	c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-07 18:20	--------	d-----w-	c:\program files\Microsoft Works
2009-05-18 16:55 . 2009-05-18 16:54	--------	d-----w-	c:\users\Admin\AppData\Roaming\AllDup
2009-05-18 16:53 . 2009-05-18 16:53	--------	d-----w-	c:\program files\AllDup
2009-05-13 06:24 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 07:18	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 07:18	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-05-08 15:11 . 2009-05-08 16:51	44018	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-05-08 16:51	16896	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-06 12:23 . 2009-05-07 16:28	372736	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-23 12:43 . 2009-06-10 07:18	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 07:18	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 07:18	2033152	----a-w-	c:\windows\system32\win32k.sys
2007-12-26 19:50 . 2007-12-26 19:50	0	--sh--w-	c:\windows\S1589D1C6.tmp
2006-05-03 09:06 . 2008-07-08 12:39	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-08 12:39	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-08 12:39	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-10_20.26.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 23:59 . 2009-07-10 23:59	16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-10 20:24 . 2009-07-10 20:24	16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-10 20:24 . 2009-07-10 20:24	16384              c:\windows\Temp\History\History.IE5\index.dat
+ 2009-07-10 23:59 . 2009-07-10 23:59	16384              c:\windows\Temp\History\History.IE5\index.dat
- 2009-07-10 20:24 . 2009-07-10 20:24	16384              c:\windows\Temp\Cookies\index.dat
+ 2009-07-10 23:59 . 2009-07-10 23:59	16384              c:\windows\Temp\Cookies\index.dat
+ 2007-12-25 02:18 . 2009-07-10 22:26	73442              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-11 00:01	82036              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-25 01:19 . 2009-07-11 00:01	14168              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-952325796-3084994041-2608643616-1000_UserData.bin
- 2006-11-02 13:00 . 2009-07-10 20:01	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-07-10 22:45	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-07-10 22:45	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-10 20:01	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-10 20:01	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-10 22:45	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-10 23:57 . 2009-07-10 23:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-10 20:23 . 2009-07-10 20:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-10 23:57 . 2009-07-10 23:57	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-10 20:23 . 2009-07-10 20:23	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((((((((   System Restore   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\admin.dll
14.04.2008 07:52 20540 \RP7\A0005713.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\admin.exe
14.04.2008 07:52 16439 \RP7\A0005712.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\10\msft\windows\gdiplus\gdiplus.dll
14.04.2008 07:50 1724416 \RP7\A0005710.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\52\msft\windows\net\dxmrtp\dxmrtp.dll
14.04.2008 07:50 852992 \RP7\A0005705.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\52\msft\windows\net\rtcdll\rtcdll.dll
14.04.2008 07:50 994304 \RP7\A0005703.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\52\msft\windows\net\rtcres\rtcres.dll
14.04.2008 07:29 137216 \RP7\A0005701.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\atl.dll
14.04.2008 07:50 74802 \RP7\A0005698.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\mfc42.dll
14.04.2008 07:50 995383 \RP7\A0005697.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\mfc42u.dll
14.04.2008 07:50 1011774 \RP7\A0005696.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\vcrtl\msvcp60.dll
14.04.2008 07:50 401462 \RP7\A0005695.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\60\msft\windows\common\controls\comctl32.dll
14.04.2008 07:50 1054208 \RP7\A0005693.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\70\msft\windows\mswincrt\msvcirt.dll
14.04.2008 07:50 57344 \RP7\A0005689.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\asms\70\msft\windows\mswincrt\msvcrt.dll
14.04.2008 07:50 343040 \RP7\A0005688.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_filter.dll
13.04.2008 21:40 20480 \RP7\A0005685.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_isapi.dll
13.04.2008 21:40 200704 \RP7\A0005684.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_regiis.exe
13.04.2008 21:40 24576 \RP7\A0005681.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_state.exe
13.04.2008 21:40 32768 \RP7\A0005680.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\aspnet_wp.exe
13.04.2008 21:40 32768 \RP7\A0005679.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\author.dll
14.04.2008 07:52 20540 \RP7\A0005678.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\author.exe
14.04.2008 07:52 16439 \RP7\A0005677.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\autochk.exe
14.04.2008 07:52 626176 \RP7\A0005676.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\autofmt.exe
14.04.2008 07:52 617984 \RP7\A0005675.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\cabinet.dll
14.04.2008 07:52 60416 \RP7\A0005674.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\caspol.exe
27.06.2007 18:23 94208 \RP7\A0005673.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\cfgwiz.exe
14.04.2008 07:52 188480 \RP7\A0005672.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\corperfmonext.dll
13.04.2008 21:40 69632 \RP7\A0005670.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\csc.exe
13.04.2008 21:40 49152 \RP7\A0005668.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\cscomp.dll
27.06.2007 18:23 589824 \RP7\A0005667.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\dbghelp.dll
14.04.2008 07:52 640000 \RP7\A0005666.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\drw\dwwin.exe
14.04.2008 07:52 180224 \RP7\A0005664.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ediskeer.dll
14.04.2008 07:52 175616 \RP7\A0005663.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\eventlogmessages.dll
27.06.2007 18:24 798720 \RP7\A0005661.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\exts.dll
14.04.2008 07:52 125952 \RP7\A0005660.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\faxpatch.exe
14.04.2008 07:52 20992 \RP7\A0005659.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4amsft.dll
14.04.2008 07:52 184435 \RP7\A0005658.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4anscp.dll
14.04.2008 07:52 82035 \RP7\A0005657.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4apws.dll
14.04.2008 07:52 147513 \RP7\A0005656.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4areg.dll
14.04.2008 07:52 49210 \RP7\A0005655.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4atxt.dll
14.04.2008 07:52 102509 \RP7\A0005654.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4autl.dll
14.04.2008 07:52 618605 \RP7\A0005653.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4avnb.dll
14.04.2008 07:52 41020 \RP7\A0005652.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4avss.dll
14.04.2008 07:52 32826 \RP7\A0005651.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4awebs.dll
14.04.2008 07:52 49212 \RP7\A0005650.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp4awel.dll
14.04.2008 07:52 876653 \RP7\A0005649.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp98sadm.exe
14.04.2008 07:52 15120 \RP7\A0005648.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fp98swin.exe
14.04.2008 07:52 109840 \RP7\A0005647.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpadmcgi.exe
14.04.2008 07:52 24632 \RP7\A0005646.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpadmdll.dll
14.04.2008 07:52 20541 \RP7\A0005645.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpcount.exe
14.04.2008 07:52 188494 \RP7\A0005644.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpencode.dll
14.04.2008 07:52 94208 \RP7\A0005643.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpexedll.dll
14.04.2008 07:52 20541 \RP7\A0005642.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpmmc.dll
14.04.2008 07:52 598071 \RP7\A0005641.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpmmcsat.dll
28.03.2007 18:30 217088 \RP7\A0005640.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpremadm.exe
14.04.2008 07:52 20538 \RP7\A0005639.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fpsrvadm.exe
14.04.2008 07:52 28728 \RP7\A0005638.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\fusion.dll
27.06.2007 18:24 233472 \RP7\A0005637.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ic\pidgen.dll
14.04.2008 00:05 24064 \RP7\A0005623.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ieexec.exe
17.12.2007 17:28 8192 \RP7\A0005617.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ieexecremote.dll
27.06.2007 18:24 7168 \RP7\A0005616.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\iehost.dll
27.06.2007 18:24 32768 \RP7\A0005615.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ilasm.exe
13.04.2008 21:40 184320 \RP7\A0005614.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\imagehlp.dll
14.04.2008 07:52 144384 \RP7\A0005613.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\installutil.exe
27.06.2007 18:24 24576 \RP7\A0005605.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ip\pidgen.dll
14.04.2008 07:51 24064 \RP7\A0005591.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ipevlpid.dll
14.04.2008 07:50 24064 \RP7\A0005585.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ipselpid.dll
14.04.2008 07:50 24064 \RP7\A0005584.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\isenpid.dll
14.04.2008 07:51 24064 \RP7\A0005583.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ispid.dll
14.04.2008 07:51 24064 \RP7\A0005582.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\jsc.exe
27.06.2007 18:24 40960 \RP7\A0005578.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\kbdnec.dll
14.04.2008 07:50 7168 \RP7\A0005577.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\knperpid.dll
14.04.2008 07:50 24064 \RP7\A0005576.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\knpropid.dll
14.04.2008 07:50 24576 \RP7\A0005575.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\kperpid.dll
14.04.2008 07:50 24064 \RP7\A0005574.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\kpropid.dll
14.04.2008 07:50 24576 \RP7\A0005573.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ksecdd.sys
14.04.2008 00:01 92288 \RP7\A0005572.sys

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\licdll.dll
14.04.2008 07:52 425472 \RP7\A0005571.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\medctrro.cmd
26.06.2007 11:41 112 \RP7\A0005569.cmd

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\microsoft.jscript.dll
27.06.2007 18:24 712704 \RP7\A0005568.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\microsoft.visualbasic.dll
27.06.2007 18:24 286720 \RP7\A0005567.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorcfg.dll
27.06.2007 18:24 1564672 \RP7\A0005566.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscordbc.dll
13.04.2008 21:40 69632 \RP7\A0005564.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscordbi.dll
13.04.2008 21:40 221184 \RP7\A0005563.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscoree.dll
27.06.2007 18:25 131072 \RP7\A0005562.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorie.dll
13.04.2008 21:40 73728 \RP7\A0005561.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorjit.dll
27.06.2007 18:25 303104 \RP7\A0005560.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorld.dll
13.04.2008 21:40 86016 \RP7\A0005559.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorlib.dll
17.12.2007 17:28 1998848 \RP7\A0005558.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorpe.dll
13.04.2008 21:40 94208 \RP7\A0005556.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.chs.dll
13.04.2008 21:40 143360 \RP7\A0005555.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.cht.dll
13.04.2008 21:40 143360 \RP7\A0005554.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.dll
13.04.2008 21:40 143360 \RP7\A0005553.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.es.dll
13.04.2008 21:40 172032 \RP7\A0005552.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.fr.dll
13.04.2008 21:40 172032 \RP7\A0005551.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.ger.dll
13.04.2008 21:40 167936 \RP7\A0005550.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.it.dll
13.04.2008 21:40 167936 \RP7\A0005549.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.ja.dll
13.04.2008 21:40 143360 \RP7\A0005548.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorrc.kor.dll
13.04.2008 21:40 143360 \RP7\A0005547.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorsec.dll
13.04.2008 21:40 46592 \RP7\A0005546.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorsn.dll
13.04.2008 21:40 69632 \RP7\A0005545.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorsvr.dll
17.12.2007 17:28 2273280 \RP7\A0005544.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscortim.dll
13.04.2008 21:41 8704 \RP7\A0005543.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mscorwks.dll
17.12.2007 17:29 2281472 \RP7\A0005542.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msdaipp.dll
14.04.2008 07:52 532480 \RP7\A0005541.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msgsc.dll
14.04.2008 07:52 82944 \RP7\A0005540.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msgslang.dll
13.04.2008 23:00 180224 \RP7\A0005539.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\msmsgs.exe
14.04.2008 07:52 1695232 \RP7\A0005538.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\mso.dll
03.04.2007 00:18 9796288 \RP7\A0005537.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\netfxupdate.exe
17.12.2007 17:29 82976 \RP7\A0005536.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\netsetup.exe
14.04.2008 07:55 333312 \RP7\A0005535.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ngen.exe
13.04.2008 21:41 147456 \RP7\A0005534.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ntdetect.com
13.04.2008 22:13 47564 \RP7\A0005533.com

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ntdll.dll
14.04.2008 07:51 731648 \RP7\A0005532.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\ntfs.sys
14.04.2008 00:45 574976 \RP7\A0005531.sys

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\oschoice.exe
14.04.2008 00:02 166912 \RP7\A0005529.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\perfcounter.dll
13.04.2008 21:41 20480 \RP7\A0005528.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regasm.exe
27.06.2007 18:27 28672 \RP7\A0005527.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regcode.dll
27.06.2007 18:27 32768 \RP7\A0005526.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regedit.exe
14.04.2008 07:53 153600 \RP7\A0005525.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\regsvcs.exe
27.06.2007 18:27 11264 \RP7\A0005524.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\root\cmpnents\mediactr\i386\mcpreins.exe
14.04.2008 07:52 21504 \RP7\A0005523.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\root\ic\setup.exe
14.04.2008 07:20 2584576 \RP7\A0005522.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\root\ip\setup.exe
14.04.2008 07:52 2584576 \RP7\A0005521.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\setregni.exe
17.12.2007 17:29 66592 \RP7\A0005520.exe

shirocko · 11.07.2009, 01:49

teil 2:

Code:

ATTFilter

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\shtml.dll
14.04.2008 07:52 20536 \RP7\A0005519.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\shtml.exe
14.04.2008 07:53 16437 \RP7\A0005518.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spcmdcon.sys
14.04.2008 07:27 241408 \RP7\A0005516.sys

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spcompat.dll
14.04.2008 07:52 438272 \RP7\A0005515.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spdwnwxp.exe
14.04.2008 07:53 7680 \RP7\A0005513.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spmsg.dll
10.08.2007 20:44 18808 \RP7\A0005512.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spnpinst.exe
14.04.2008 07:53 11264 \RP7\A0005511.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\sprecovr.exe
10.08.2007 20:44 33656 \RP7\A0005510.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spuninst.exe
10.08.2007 20:44 234872 \RP7\A0005509.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spupdsvc.exe
10.08.2007 20:44 26488 \RP7\A0005508.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\spupdwxp.exe
14.04.2008 07:53 20992 \RP7\A0005507.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\stub_fpsrvadm.exe
14.04.2008 07:53 16449 \RP7\A0005506.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\stub_fpsrvwin.exe
14.04.2008 07:53 65601 \RP7\A0005505.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\sy52106.dll
17.12.2007 17:29 1179648 \RP7\A0005504.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.configuration.install.dll
27.06.2007 18:27 77824 \RP7\A0005502.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.data.dll
27.06.2007 18:28 1179648 \RP7\A0005501.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.design.dll
27.06.2007 18:28 1695744 \RP7\A0005500.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.directoryservices.dll
27.06.2007 18:28 86016 \RP7\A0005499.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.drawing.design.dll
27.06.2007 18:28 65536 \RP7\A0005498.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.drawing.dll
27.06.2007 18:28 462848 \RP7\A0005497.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.enterpriseservices.dll
27.06.2007 18:28 212992 \RP7\A0005496.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.enterpriseservices.thunk.dll
13.04.2008 21:41 48640 \RP7\A0005495.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.management.dll
27.06.2007 18:28 352256 \RP7\A0005494.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.messaging.dll
27.06.2007 18:28 241664 \RP7\A0005493.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.runtime.remoting.dll
27.06.2007 18:28 311296 \RP7\A0005492.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.runtime.serialization.formatters.soap.dll
27.06.2007 18:29 131072 \RP7\A0005491.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.security.dll
27.06.2007 18:29 77824 \RP7\A0005490.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.serviceprocess.dll
27.06.2007 18:29 126976 \RP7\A0005489.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.web.dll
17.12.2007 17:30 1200128 \RP7\A0005488.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.web.regularexpressions.dll
27.06.2007 18:29 61440 \RP7\A0005487.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.web.services.dll
27.06.2007 18:29 507904 \RP7\A0005486.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.windows.forms.dll
27.06.2007 18:29 2002944 \RP7\A0005485.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system.xml.dll
27.06.2007 18:29 1302528 \RP7\A0005483.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system32\ntdll.dll
14.04.2008 07:51 731648 \RP7\A0005482.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\system32\smss.exe
14.04.2008 07:53 508928 \RP7\A0005481.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\tcptest.exe
14.04.2008 07:53 32827 \RP7\A0005480.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\tcptsat.dll
28.03.2007 18:30 16384 \RP7\A0005479.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\telnet.exe
14.04.2008 07:53 78336 \RP7\A0005478.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\togac.exe
17.12.2007 17:30 66592 \RP7\A0005477.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\tscupdc.dll
14.04.2008 07:51 25600 \RP7\A0005476.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\fixccs.exe
14.04.2008 07:52 8192 \RP7\A0005418.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\nv4prep.exe
14.04.2008 07:52 6656 \RP7\A0005417.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\setupapi.dll
14.04.2008 07:52 989696 \RP7\A0005416.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\spcompat.dll
14.04.2008 07:52 438272 \RP7\A0005414.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\spcustom.dll
10.08.2007 20:44 26488 \RP7\A0005413.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\spnpinst.exe
14.04.2008 07:53 11264 \RP7\A0005412.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\update.exe
10.08.2007 20:44 765304 \RP7\A0005411.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\update\updspapi.dll
10.08.2007 20:45 388984 \RP7\A0006185.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc.exe
27.06.2007 18:30 716800 \RP7\A0005475.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.chs.dll
13.04.2008 21:41 126976 \RP7\A0005474.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.cht.dll
13.04.2008 21:41 126976 \RP7\A0005473.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.dll
13.04.2008 21:41 126976 \RP7\A0005472.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.es.dll
13.04.2008 21:41 147456 \RP7\A0005471.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.fr.dll
13.04.2008 21:41 151552 \RP7\A0005470.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.ger.dll
13.04.2008 21:41 151552 \RP7\A0005469.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.it.dll
13.04.2008 21:41 147456 \RP7\A0005468.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.ja.dll
13.04.2008 21:41 126976 \RP7\A0005467.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vbc7ui.kor.dll
13.04.2008 21:41 126976 \RP7\A0005466.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\vsavb7rt.dll
13.04.2008 21:41 999424 \RP7\A0005465.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\acrobat\migrate.dll
29.12.2006 18:02 65536 \RP7\A0005464.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\cmmgr\migrate.dll
14.04.2008 07:22 32256 \RP7\A0005463.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\devupgrd\migrate.dll
14.04.2008 07:22 57344 \RP7\A0005462.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\dmicall\migrate.dll
13.04.2008 22:15 32768 \RP7\A0005461.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\eastman\migrate.dll
29.12.2006 18:03 69632 \RP7\A0005460.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\fax\migrate.dll
14.04.2008 00:20 27648 \RP7\A0005459.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\hptools\migrate.dll
29.12.2006 18:03 83456 \RP7\A0005458.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\ibmav\migrate.dll
29.12.2006 18:03 40960 \RP7\A0005457.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\icm\migrate.dll
14.04.2008 07:22 10752 \RP7\A0005456.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\iemig\migrate.dll
14.04.2008 00:02 29184 \RP7\A0005455.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\mapi\dll\migrate.dll
29.12.2006 18:13 108544 \RP7\A0005454.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\modems\migrate.dll
14.04.2008 07:22 44032 \RP7\A0005453.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\msgqueue\migrate.dll
14.04.2008 07:22 13824 \RP7\A0005452.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\msp\migrate.dll
14.04.2008 07:22 64000 \RP7\A0005451.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\neckbd\migrate.dll
29.12.2006 18:36 36352 \RP7\A0005450.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\necpa\migrate.dll
29.12.2006 18:36 176128 \RP7\A0005449.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\necwps\migrate.dll
29.12.2006 18:36 147456 \RP7\A0005448.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\octopus\migrate.dll
29.12.2006 18:36 86016 \RP7\A0005447.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\oewab\migrate.dll
14.04.2008 00:01 41472 \RP7\A0005446.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\print\migrate.dll
14.04.2008 07:22 33792 \RP7\A0005445.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\pws\migrate.dll
14.04.2008 07:22 38912 \RP7\A0005444.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\rumba\migrate.dll
29.12.2006 18:36 184320 \RP7\A0005443.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\setup\migrate.dll
14.04.2008 07:22 69632 \RP7\A0005442.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\transact\migrate.dll
14.04.2008 07:22 76800 \RP7\A0005441.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\wia\migrate.dll
14.04.2008 07:22 15872 \RP7\A0005440.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xmig\wmp\migrate.dll
13.04.2008 22:53 40960 \RP7\A0005439.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\cabinet.dll
29.12.2006 22:48 55056 \RP7\A0005438.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\imagehlp.dll
29.12.2006 22:48 99376 \RP7\A0005437.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\msvcrt.dll
29.12.2006 22:48 267536 \RP7\A0005436.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\setupapi.dll
14.04.2008 07:23 892928 \RP7\A0005435.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\win9xupg\w95upg.dll
14.04.2008 07:23 884736 \RP7\A0005434.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt.exe
13.04.2008 22:15 87655 \RP7\A0005433.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt32.exe
14.04.2008 07:22 48640 \RP7\A0005432.exe

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt32a.dll
14.04.2008 07:51 1183744 \RP7\A0005431.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winnt32u.dll
14.04.2008 07:51 1315328 \RP7\A0005430.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntbba.dll
14.04.2008 07:51 760320 \RP7\A0005429.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntbbu.dll
14.04.2008 07:51 762368 \RP7\A0005428.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntupg\netupgrd.dll
14.04.2008 07:51 121856 \RP7\A0005426.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntupg\nv4prep.dll
14.04.2008 07:51 6144 \RP7\A0005425.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\winntupg\setupapi.dll
14.04.2008 07:51 326416 \RP7\A0005424.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\wsdueng.dll
14.04.2008 07:51 77824 \RP7\A0005423.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\xpsp1res.dll
13.04.2008 23:09 187392 \RP7\A0005422.dll

c:\075f105e2d4bd2984d786a2e4bfbba98\i386\xpsp2res.dll
13.04.2008 23:09 2897920 \RP7\A0005421.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk
backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server
"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server
"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server
"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

Log-Analyse und Auswertung: PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung