Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.07.2009, 16:27   #1
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



Hi Leute,
seit ein paar tagen verhält sich mein PC eigenartig und auch Kaspersky hat mitterweile einen/mehrere Trojaner bzw. Backdoor Programme gefunden
Allerdings werde ich sie durch einfache löschen leider nicht los.
Ich hoffe mal ihr könnt mir helfen.
Gleich vorweg: eines dieser Programme heißt laut Kaspersky "SKYNETvbfuhivd.dll" im Verzeichnis "globalroot\systemroot\system32\SKYNETvbfuhivd.dll

Ich habe mal nen HijackThis Scan gemacht.
Hier mal die log:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:46, on 07.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 78.46.78.140 forum.bplaced.net
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208959603510
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208959493218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208959527273
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7014EA2-7460-4F23-B215-F1B48A36952F}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gupdate1c9e39a101dcf54 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 16822 bytes
         
Ich hoffe ihr könnt mir helfen

ciao shirocko

Alt 07.07.2009, 22:00   #2
john.doe
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



Hallo und

Dieben wir doch bei den Kollegen vom HJT-Forum:
Zitat:
Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Es ist wichtig, dass Du solange mitarbeitest, bis wir sagen, dass der Rechner "sauber" ist, auch wenn die Symptome eventuell nach den ersten Aktionen verschwunden sein sollten. Dazu gehört auch, keine weiteren Programme zu installieren oder Scans durchzuführen, ausser wenn es hier entsprechend angeordnet wird. Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der angegebenen Reihenfolge ab. Drucke die Anleitungen zur Bereinigung Deines Systems am besten aus. Lese zunächst alles durch und wenn Dir etwas unklar ist, bitte fragen, bevor Du weitermachst.

Wenn Du mit dem Abarbeiten der einzelnen Punkte fertig bist, kontrolliere aufmerksam, ob Du keinen Punkt vergessen und alle angeforderten Logfiles in Code-Tags gepostet hast. Ergänze Deine jeweils letzten Beiträge solange über den "Ändern-Button", bis Dir jemand geantwortet hat. Wichtig: Bitte während unserer Reinigungphase nur Programme installieren, die wir anordnen. Bitte alle Aktionen, die wir anordnen nicht in einem eingeschränkten Userkonto ausführen, sondern vom Hauptuserkonto aus.

Hinweis an Vistabenutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

    Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

2.) Systemdetails mit RSIT prüfen
  • Lade Random's System Information Tool (RSIT) von random/random herunter,
  • speichere es auf Deinem Desktop.
  • Starte mit Doppelklick die RSIT.exe.
  • Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
  • Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
  • Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
  • Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt hier in den Thread.

ciao, andreas
__________________

__________________

Alt 09.07.2009, 14:50   #3
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



sry aber der combofix download geht nicht
__________________

Alt 09.07.2009, 17:03   #4
john.doe
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



Versuche den hier => Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 09.07.2009, 22:16   #5
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



okay hat soweit geklappt
hier die logs, hoffe ihr könnt mir helfen:

ComboFix Log:

Code:
ATTFilter
ComboFix 09-07-08.07 - Admin 09.07.2009 20:42.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.2046.965 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofixilein.exe
AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Security Suite CBE *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2009-06-09 bis 2009-07-09  ))))))))))))))))))))))))))))))
.

2009-07-09 19:09 . 2009-07-09 19:20	--------	d-----w-	c:\users\***\AppData\Local\temp
2009-07-06 13:19 . 2009-07-06 13:19	--------	d-----w-	c:\program files\Trend Micro
2009-07-05 09:57 . 2009-02-12 09:41	973312	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
2009-07-04 10:35 . 2009-07-04 10:35	90112	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-07-04 10:35 . 2009-07-04 10:35	307200	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-07-04 10:35 . 2009-07-04 10:35	172032	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\users\***\AppData\Roaming\Vodafone
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\programdata\InstallShield
2009-07-04 10:25 . 2008-03-17 09:05	101632	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\programdata\Vodafone
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\program files\Vodafone
2009-07-03 15:21 . 2009-07-03 15:21	--------	d-----w-	c:\users\***\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}
2009-07-02 12:49 . 2009-07-02 12:49	1029456	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe
2009-07-02 12:49 . 2009-07-02 12:49	314712	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-02 12:49 . 2009-07-02 12:49	25440	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-02 12:49 . 2009-07-02 12:49	169312	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-02 12:49 . 2009-07-02 12:49	348496	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-02 12:49 . 2009-07-02 12:49	298336	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-02 12:48 . 2009-07-02 12:48	84832	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-02 12:48 . 2009-07-02 12:48	1630560	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-02 12:48 . 2009-07-02 12:48	40288	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-02 12:48 . 2009-07-02 12:48	246128	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48	85352	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-02 12:48 . 2009-07-02 12:48	664424	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48	563064	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-02 12:48 . 2009-07-02 12:48	566632	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-02 12:48 . 2009-07-02 12:48	2352968	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-02 12:48 . 2009-07-02 12:48	629072	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-02 12:48 . 2009-07-02 12:48	520024	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 19:40 . 2006-12-20 12:23	114688	------w-	c:\windows\system32\pcleDVdc.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleDVcd.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleADV.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\ACnvrtX.dll
2009-06-21 19:40 . 2006-12-20 12:23	876544	------w-	c:\windows\system32\CSCnvrtX.dll
2009-06-14 10:00 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-06-14 10:00 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-11 11:53 . 2009-06-11 11:53	--------	d-----w-	c:\program files\Western Digital Corporation

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 19:15 . 2008-07-17 16:29	1528540192	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-09 19:13 . 2008-01-11 15:07	--------	d-----w-	c:\programdata\VMware
2009-07-09 19:11 . 2008-07-17 16:29	20476004	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-09 18:33 . 2008-02-03 23:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-07-09 16:23 . 2006-11-02 15:48	737124	----a-w-	c:\windows\system32\perfh007.dat
2009-07-09 16:23 . 2006-11-02 15:48	166582	----a-w-	c:\windows\system32\perfc007.dat
2009-07-09 16:19 . 2008-07-01 19:03	169936	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe
2009-07-09 16:16 . 2007-12-25 01:38	--------	d-----w-	c:\programdata\Kaspersky Lab
2009-07-09 16:13 . 2008-01-11 15:11	--------	d-----w-	c:\users\***\AppData\Roaming\VMware
2009-07-05 21:54 . 2007-12-25 12:20	--------	d-----w-	c:\users\***\AppData\Roaming\Skype
2009-07-05 18:12 . 2008-09-30 15:27	56	---ha-w-	c:\programdata\ezsidmv.dat
2009-07-05 18:12 . 2007-12-25 12:21	--------	d-----w-	c:\users\***\AppData\Roaming\skypePM
2009-07-04 16:09 . 2007-12-26 22:08	--------	d-----w-	c:\users\***\AppData\Roaming\FileZilla
2009-07-04 10:24 . 2007-12-25 01:23	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-07-02 15:29 . 2008-02-03 23:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-06-29 07:35 . 2007-12-26 22:00	--------	d-----w-	c:\program files\Google
2009-06-26 19:38 . 2009-06-06 18:44	--------	d-----w-	c:\program files\FileZilla Client
2009-06-25 06:13 . 2008-04-28 12:51	--------	d-----w-	c:\users\***\AppData\Roaming\Free Download Manager
2009-06-24 05:54 . 2007-12-25 13:38	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-06-18 15:50 . 2008-04-03 13:57	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2009-06-14 15:58 . 2007-12-27 00:00	--------	d-----w-	c:\programdata\Microsoft Help
2009-06-06 15:23 . 2007-12-26 18:53	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2009-06-06 12:38 . 2008-07-10 17:51	--------	d-----w-	c:\program files\iTunes
2009-06-06 12:37 . 2009-06-06 12:37	--------	d-----w-	c:\program files\iPod
2009-06-06 12:37 . 2007-12-26 18:49	--------	d-----w-	c:\program files\Common Files\Apple
2009-06-06 12:33 . 2008-01-11 12:19	--------	d-----w-	c:\program files\QuickTime Alternative
2009-06-06 12:20 . 2009-06-06 12:20	75048	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:11 . 2009-05-11 20:22	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 11:57 . 2009-06-01 11:57	15688	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-21 14:28 . 2008-07-17 16:36	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-21 14:28 . 2008-07-17 16:36	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-19 16:31 . 2007-12-25 01:18	130424	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-07 18:20	--------	d-----w-	c:\program files\Microsoft Works
2009-05-18 16:55 . 2009-05-18 16:54	--------	d-----w-	c:\users\***\AppData\Roaming\AllDup
2009-05-18 16:53 . 2009-05-18 16:53	--------	d-----w-	c:\program files\AllDup
2009-05-17 14:37 . 2009-05-17 14:37	64160	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-13 06:24 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-11 20:22 . 2009-05-11 20:22	--------	d-----w-	c:\users\***\AppData\Roaming\OpenOffice.org
2009-05-11 20:16 . 2009-05-11 20:15	--------	d-----w-	c:\program files\OpenOffice.org 3
2009-05-09 05:50 . 2009-06-10 07:18	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 07:18	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-05-08 15:11 . 2009-05-08 16:51	44018	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-05-08 16:51	16896	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-06 12:23 . 2009-05-07 16:28	372736	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-23 12:43 . 2009-06-10 07:18	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 07:18	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 07:18	2033152	----a-w-	c:\windows\system32\win32k.sys
2007-12-26 19:50 . 2007-12-26 19:50	0	--sh--w-	c:\windows\S1589D1C6.tmp
2006-05-03 09:06 . 2008-07-08 12:39	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-08 12:39	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-08 12:39	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-09_17.28.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 19:09 . 2009-07-09 19:13	16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-09 17:22 . 2009-07-09 17:26	16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-09 17:22 . 2009-07-09 17:26	16384              c:\windows\Temp\History\History.IE5\index.dat
+ 2009-07-09 19:09 . 2009-07-09 19:13	16384              c:\windows\Temp\History\History.IE5\index.dat
- 2009-07-09 17:22 . 2009-07-09 17:26	16384              c:\windows\Temp\Cookies\index.dat
+ 2009-07-09 19:09 . 2009-07-09 19:13	16384              c:\windows\Temp\Cookies\index.dat
+ 2007-12-25 02:18 . 2009-07-09 19:16	72842              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-09 19:17	82004              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-25 01:19 . 2009-07-09 19:17	13888              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-952325796-3084994041-2608643616-1000_UserData.bin
+ 2006-11-02 13:00 . 2009-07-09 18:26	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-09 16:14	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-09 16:14	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-09 18:26	49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-09 16:14	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-09 18:26	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-09 17:24 . 2009-07-09 17:24	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 19:12 . 2009-07-09 19:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 19:12 . 2009-07-09 19:12	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-09 17:24 . 2009-07-09 17:24	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk
backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
         


Alt 09.07.2009, 22:18   #6
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



Forsetzung ComboFixLog:
Code:
ATTFilter
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server
"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server
"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server
"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]
R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]
R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30.04.2008 01:15 1153368]
R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator  3\SynoDrService.exe [06.08.2007 20:36 557056]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [29.08.2008 08:29 185640]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10.12.2008 10:49 185640]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [14.06.2008 15:02 282709]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [14.06.2008 15:02 122971]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [09.05.2008 21:05 1650781]
R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]
R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [05.04.2008 13:23 294912]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]
S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54;c:\program files\Google\Update\GoogleUpdate.exe [02.06.2009 17:51 133104]
S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:48]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]

2009-07-09 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 21:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\windows\TEMP\TMP0000004E5B28E17ADED62EA9 524288 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]
"gaakomjbdaejdn"=hex:63,61,64,67,6b,6d,00,77

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(10844)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\T-Online\DSL-Manager\Deskband.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\VSSVC.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\vmnetdhcp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-09 21:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-07-09 19:35
ComboFix2.txt  2009-07-09 17:51

Vor Suchlauf: 9.511.886.848 Bytes frei
Nach Suchlauf: 9.351.917.568 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,44
465	--- E O F ---	2009-06-30 06:02
         

Alt 09.07.2009, 22:24   #7
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



info.txt
Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2009-07-09 21:50:35

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}
-->MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
-->MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis*True*Image*Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe Captivate 3-->MsiExec.exe /X{4B8B4A35-7347-47F9-8293-E47A14E75F0E}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Contribute CS3-->MsiExec.exe /I{FF3E2850-BD2E-4B56-A89D-21E588D518E0}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=m:\adobe creative suite 2.0/lang=0407
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen-->C:\Program Files\Common Files\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{C9D456FD-C25B-49DE-AA71-6B76D6550B23}
Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Advanced Port Scanner v1.3-->C:\Program Files\Advanced Port Scanner\uninstal.exe
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45} 
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Album Art Downloader XUI 0.24-->C:\Program Files\AlbumArtDownloader\uninst.exe
Alcatech BPM Studio Professional v4.9.1-->C:\PROGRA~1\ALCATech\BPM-ST~1\UNWISE.EXE C:\PROGRA~1\ALCATech\BPM-ST~1\INSTALL.LOG
AllDup 2.0.10-->"C:\Program Files\AllDup\unins000.exe"
AllSync 2.7.60-->"C:\Program Files\AllSync\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apache HTTP Server 2.2.9-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell German Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A}
Bluesoleil 5.0.5.178-->MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bus Simulator 2008-->"C:\Program Files\Bus Simulator 2008\unins000.exe"
Camtasia Studio 5-->MsiExec.exe /I{9B7802FF-2E35-4361-8A82-D207C7E9F99B}
Canon iP4300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP4300\UNINST.EXE
Canon iP4300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0007
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDCheck-->"C:\Program Files\CDCheck\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
CodingFTP 2008-->"C:\Program Files\Coding FTP\unins000.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Crystal Reports Basic German Language Pack for Visual Studio 2008-->MsiExec.exe /X{3924C3E7-C440-4B23-9740-9A9EC0545F21}
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
DebugMode Wink-->"C:\Program Files\DebugMode\Wink\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSL-Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7 
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0-->"C:\Program Files\DVDFab 5\unins000.exe"
EasyBCD 1.7-->C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FastXplore-->MsiExec.exe /I{AB3AC948-4E8A-4D0F-82F8-5EDE2DB7BA78}
FastXplore-->MsiExec.exe /I{FFE2D245-B9C7-4A0C-9310-828D80D6F5D2}
FileZilla Client 3.2.5-->C:\Program Files\FileZilla Client\uninstall.exe
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Free FLV Converter V 5.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GlassFish V2 UR2-->"C:\Program Files\glassfish-v2ur2\uninstall.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9 
GTK+ Runtime 2.12.8 rev a (nur entfernen)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB952241)-->C:\Windows\system32\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {DC93B23E-0882-46A9-B45F-3B6F279EFB39} /qb+ REBOOTPROMPT=""
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9  anything
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IE7Pro-->C:\Program Files\IEPro\uninst.exe
Internet Explorer Developer Toolbar-->MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTSfv 5.60.24.1 BETA-->"C:\Program Files\iTSfv\unins000.exe"
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
KC Softwares SUMo-->"C:\Program Files\KC Softwares\SUMo\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Labtec Legacy USB Camera-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.1130\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech QuickCam-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
MagicDirector 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe"  -uninstall
MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe"  -uninstall
Maple 11-->"C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"
MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe"  -uninstall
Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA Edition\uninst.exe
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe"  -uninstall
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 SDK - DEU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft .NET Framework 2.0 SDK - DEU\install.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Device Emulator Version 3.0 - DEU-->MsiExec.exe /X{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}
Microsoft Document Explorer 2008 Language Pack - DEU-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - DEU\install.exe
Microsoft Document Explorer 2008 Language Pack - DEU-->MsiExec.exe /X{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}
Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
         

Alt 09.07.2009, 22:25   #8
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



info.txt fortsetzung 1
Code:
ATTFilter
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0407-0000-0000000FF1CE} /uninstall {0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (German) 2007-->MsiExec.exe /X{90120000-0021-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools DEU-->MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}
Microsoft SQL Server Compact 3.5 DEU-->MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}
Microsoft SQL Server Compact 3.5 for Devices DEU-->MsiExec.exe /I{1C3ADB5F-750E-4453-AC98-B75C5323845C}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}
Microsoft Tool Web Package : EXTRACT.EXE-->MsiExec.exe /X{D52A721B-E44C-4AD7-AD4F-29D83144384B}
Microsoft Train Simulator-->"C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual Basic 2008 Express Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition - DEU-->MsiExec.exe /X{56403FFF-145E-35C5-A090-96598BE57FB8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - DEU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSDN Library for Visual Studio 2008 - DEU-->MsiExec.exe /X{D475588F-91C9-365E-AB40-D588111DD7C4}
MSDN Library für Visual Studio 2008 - DEU-->C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - DEU\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySQL Server 5.0-->MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
NcFTP 3.2.1-->C:\PROGRA~1\NcFTP\UNWISE.EXE C:\PROGRA~1\NcFTP\INSTALL.LOG
Nero 8 Ultra Edition HD-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}
Nero Mega Plugin Pack-->MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.1-->"C:\Program Files\NetBeans 6.1\uninstall.exe"
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Paint.NET v3.35-->MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x7 
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7 
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhET-->C:\Program Files\PhET-1.0\uninstall.exe
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe"  -uninstall
phpDesigner 2008 version 6.0.1.2-->"C:\Program Files\phpDesigner 2008\unins000.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x7 UNINSTALL
Powerbullet Presenter-->"C:\Program Files\Powerbullet\unins000.exe"
PowerCinema Linux 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}\Setup.exe"  -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
Prism 0.8-->"C:\Program Files\Prism\unins000.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RAD Studio-->"C:\ProgramData\{2EB4C530-C94F-4893-ABDC-C1E05A89956E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
RAD Studio-->C:\ProgramData\{2EB4C530-C94F-4893-ABDC-C1E05A89956E}\Setup.exe
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RouterControl 1.90-->C:\Windows\RCoUn0.exe /UnInst:"C:\Windows\RouterControl_Uninstall.in"
Screencast.com Desktop Uploader-->MsiExec.exe /I{3A34D76D-CF17-451E-A862-766F1918A0D7}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Setl2 for Windows-->MsiExec.exe /I{F464454C-B3AD-4C94-9065-ABBCBDE506F8}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson Themes Creator 3.32-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000004}
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0007 UNINSTALL -removeonly
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPER © Version 2008.bld.32 (July 8, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synology Assistant-->MsiExec.exe /I{C59ADB1C-0403-4A11-8930-9F81ABC71908}
Synology Data Replicator  3-->MsiExec.exe /I{8E310838-457C-4269-B177-3EFB300CBDDC}
Synology Download Redirector-->MsiExec.exe /I{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}
Systemsteuerung "MobileMe"-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
TeamViewer 4 Host-->C:\Program Files\TeamViewer\Version4\uninstall.exe
T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
Tools für Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}
Total Commander (Remove or Repair)-->C:\Program Files\Total Commander\tcuninst.exe
TrainSimPro "Streckenpack" 1.0-->"C:\Program Files\Microsoft Games\Train Simulator\SETUP.1\setup.exe" /u
TrekStor NDAS-Software 3.20.1523-->MsiExec.exe /I{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}
Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic
TV Enhance-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4C891D6-6844-41B8-86E8-633CACCC644F}\setup.exe"  -uninstall
Ulead GIF Animator Lite Edition 1.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\Ulead GIF Animator Lite Edition\GALE.isu"
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
UpdateStar-->MsiExec.exe /X{6DEF9FB2-6BDD-4CE8-A93F-FA56DABEF8AC}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VIA Plattform-Geräte-Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 
video2brain Training-->C:\Program Files\video2brain Training\uninst.exe
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
VistaGlazz-->MsiExec.exe /X{CCBCD550-D91D-443D-9CF0-0CD02D2FDB95}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU\install.exe
VMware Server-->MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
         

Alt 09.07.2009, 22:26   #9
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



info.txt ende
Code:
ATTFilter
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{DA7F48EF-5F56-45FE-9169-3B8159A7A323}
Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows-Soundschemas-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinHTTrack Website Copier 3.43-4-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XMedia Recode 2.0.5.3-->C:\Program Files\XMedia Recode\uninst.exe
XnView 1.93.6-->"C:\Program Files\XnView\unins000.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\Windows\system32\xvid-uninstall.exe"
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Zattoo 3.3.2 Beta-->C:\Program Files\Zattoo\uninst.exe

======Security center information======

AV: Kaspersky Security Suite CBE (disabled)
FW: Kaspersky Security Suite CBE
AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows-Defender
AS: Kaspersky Security Suite CBE (disabled)

======System event log======

Computer Name: Vista
Event Code: 7036
Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".
Record Number: 281994
Source Name: Service Control Manager
Time Written: 20090709195012.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 7036
Message: Dienst "KtmRm für Distributed Transaction Coordinator" befindet sich jetzt im Status "Ausgeführt".
Record Number: 281995
Source Name: Service Control Manager
Time Written: 20090709195019.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 7036
Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet".
Record Number: 281996
Source Name: Service Control Manager
Time Written: 20090709195019.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 281997
Source Name: Microsoft-Windows-TBS
Time Written: 20090709195019.224626-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: Vista
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 281998
Source Name: Service Control Manager
Time Written: 20090709195025.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Vista
Event Code: 0
Message: 
Record Number: 63079
Source Name: hpqcxs08
Time Written: 20090709194804.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 0
Message: 
Record Number: 63080
Source Name: BsHelpCS
Time Written: 20090709194804.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 0
Message: 
Record Number: 63081
Source Name: TDslMgrService
Time Written: 20090709194806.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 1
Message: Windows Mobile-based device connectivity service started.
Record Number: 63082
Source Name: RapiMgr
Time Written: 20090709194806.000000-000
Event Type: Informationen
User: 

Computer Name: Vista
Event Code: 1
Message: Windows Mobile-2003-based device connectivity service started.
Record Number: 63083
Source Name: WcesComm
Time Written: 20090709194811.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: Vista
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 84501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195022.615251-000
Event Type: Überwachung gescheitert
User: 

Computer Name: Vista
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 84502
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195022.709001-000
Event Type: Überwachung gescheitert
User: 

Computer Name: Vista
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		VISTA$
	Kontodomäne:		MSHEIMNETZ
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x458
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 84503
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195259.755876-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Vista
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		VISTA$
	Kontodomäne:		MSHEIMNETZ
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x458
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 84504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195259.755876-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Vista
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 84505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709195259.755876-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"BDSCOMMONDIR"=C:\Users\Public\Documents\RAD Studio\5.0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip;C:\Program Files\Java\jre6\lib;
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Program Files\CodeGear\RAD Studio\5.0\bin;C:\Users\Public\Documents\RAD Studio\5.0\Bpl;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2;C:\PROGRA~1\NcFTP;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Java\jdk1.6.0_07\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Tcl\bin;C:\Users\Admin\AppData\Local\Start++\LNKs;C:\Users\Admin\AppData\Local\Start++\CMDs;C:\mysql\bin;C:\Users\Public\Documents\RAD Studio\5.0;C:\Program Files\QuickTime Alternative\QTSystem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"VS90COMNTOOLS"=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"WATCOM"=C:\watcom-1.3
"windir"=%SystemRoot%

-----------------EOF-----------------
         

Alt 09.07.2009, 22:27   #10
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



log.txt
Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-07-09 21:49:10
Microsoft® Windows Vista™ Ultimate  Service Pack 1
System drive C: has 9 GB (6%) free of 154 GB
Total RAM: 2046 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:24, on 09.07.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208959603510
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208959493218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208959527273
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gupdate1c9e39a101dcf54 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15008 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-02-04 752744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
         

Alt 09.07.2009, 22:28   #11
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



log.txt teil 2
Code:
ATTFilter
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-08-31 2622232]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-08-31 907040]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-08-31 140568]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-02 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2007-09-10 258134]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Windows\system32\DUMeter.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2007-12-25 937984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]
C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe [2007-02-13 94212]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-11-06 8530464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-11-06 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime Alternative\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]
mmrtkrnl.exe /i []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-11-14 4706304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]
C:\Program Files\Brandon Paddock\Start++\Start++.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-09 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-08-31 2622232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
C:\Program Files\Home Cinema\TV Enhance\TVEService.exe [2006-10-19 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-11-16 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\apache\bin\APACHE~1.EXE [2008-06-13 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-02-27 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
C:\PROGRA~1\NDAS\System\ndasmgmt.exe [2007-07-03 223744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
C:\PROGRA~1\T-Online\DSL-MA~1\DslMgr.exe [2007-11-26 1085440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
C:\apache\bin\APACHE~1.EXE [2008-06-13 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-12-25 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-09 21:49:10 ----D---- C:\rsit
2009-07-09 21:37:23 ----A---- C:\ComboFix.txt
2009-07-09 21:15:31 ----SHD---- C:\$RECYCLE.BIN
2009-07-09 18:44:01 ----A---- C:\Windows\zip.exe
2009-07-09 18:44:01 ----A---- C:\Windows\SWXCACLS.exe
2009-07-09 18:44:01 ----A---- C:\Windows\SWSC.exe
2009-07-09 18:44:01 ----A---- C:\Windows\SWREG.exe
2009-07-09 18:44:01 ----A---- C:\Windows\sed.exe
2009-07-09 18:44:01 ----A---- C:\Windows\PEV.exe
2009-07-09 18:44:01 ----A---- C:\Windows\NIRCMD.exe
2009-07-09 18:44:01 ----A---- C:\Windows\grep.exe
2009-07-09 18:43:02 ----D---- C:\Qoobox
2009-07-06 15:19:47 ----D---- C:\Program Files\Trend Micro
2009-07-04 12:27:20 ----D---- C:\Users\Admin\AppData\Roaming\Vodafone
2009-07-04 12:27:15 ----D---- C:\ProgramData\InstallShield
2009-07-04 12:24:32 ----ASH---- C:\Users\Admin\AppData\Roaming\desktop.ini
2009-07-04 12:24:12 ----D---- C:\ProgramData\Vodafone
2009-07-04 12:24:02 ----D---- C:\Program Files\Vodafone
2009-07-02 15:48:05 ----A---- C:\Windows\wininit.ini
2009-06-21 21:40:40 ----N---- C:\Windows\system32\pcleDVdc.dll
2009-06-21 21:40:39 ----N---- C:\Windows\system32\pcleDVcd.dll
2009-06-21 21:40:39 ----N---- C:\Windows\system32\pcleADV.dll
2009-06-21 21:40:37 ----N---- C:\Windows\system32\CSCnvrtX.dll
2009-06-21 21:40:37 ----N---- C:\Windows\system32\ACnvrtX.dll
2009-06-14 17:56:40 ----D---- C:\Windows\system32\WindowsPowerShell
2009-06-14 12:00:04 ----A---- C:\Windows\system32\EncDec.dll
2009-06-14 12:00:03 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-11 13:53:42 ----D---- C:\Program Files\Western Digital Corporation
2009-06-10 09:18:17 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 09:18:16 ----A---- C:\Windows\system32\ieframe.dll
2009-06-10 09:18:15 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 09:18:15 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 09:18:15 ----A---- C:\Windows\system32\iertutil.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\ieui.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\iesetup.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-10 09:18:14 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-10 09:18:10 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 09:18:03 ----A---- C:\Windows\system32\rpcrt4.dll

======List of files/folders modified in the last 1 months======

2009-07-09 21:49:15 ----D---- C:\Windows\Temp
2009-07-09 21:47:26 ----D---- C:\Windows\system32\catroot2
2009-07-09 21:46:54 ----D---- C:\ProgramData\VMware
2009-07-09 21:46:52 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2009-07-09 21:46:45 ----A---- C:\Windows\system32\bscs.ini
2009-07-09 21:37:39 ----D---- C:\Windows\system32\de-DE
2009-07-09 21:37:39 ----D---- C:\Windows\System32
2009-07-09 21:37:38 ----D---- C:\Windows\system32\drivers
2009-07-09 21:17:48 ----D---- C:\Windows
2009-07-09 21:17:48 ----A---- C:\Windows\system.ini
2009-07-09 21:02:22 ----D---- C:\Windows\AppPatch
2009-07-09 21:02:19 ----D---- C:\Program Files\Common Files
2009-07-09 20:33:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-09 20:32:51 ----D---- C:\Windows\Debug
2009-07-09 20:32:47 ----D---- C:\Windows\Minidump
2009-07-09 19:22:26 ----D---- C:\Windows\ERDNT
2009-07-09 19:21:19 ----SHD---- C:\Windows\Installer
2009-07-09 18:59:19 ----D---- C:\Windows\Prefetch
2009-07-09 18:45:01 ----SHD---- C:\System Volume Information
2009-07-09 18:23:14 ----D---- C:\Windows\inf
2009-07-09 18:23:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-09 18:16:41 ----D---- C:\ProgramData\Kaspersky Lab
2009-07-09 18:13:08 ----D---- C:\Users\Admin\AppData\Roaming\VMware
2009-07-06 15:19:47 ----D---- C:\Program Files
2009-07-05 23:54:11 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2009-07-05 20:12:20 ----D---- C:\Users\Admin\AppData\Roaming\skypePM
2009-07-04 18:09:38 ----D---- C:\Users\Admin\AppData\Roaming\FileZilla
2009-07-04 12:29:52 ----D---- C:\Windows\ModemLogs
2009-07-04 12:27:15 ----HD---- C:\Config.Msi
2009-07-04 12:27:15 ----D---- C:\ProgramData
2009-07-04 12:26:28 ----D---- C:\Windows\system32\catroot
2009-07-04 12:24:07 ----SD---- C:\Windows\Downloaded Program Files
2009-07-04 12:24:02 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-02 17:29:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-02 08:12:51 ----D---- C:\Program Files\Mozilla Firefox
2009-07-01 08:02:27 ----D---- C:\Windows\Tasks
2009-07-01 08:02:04 ----D---- C:\Windows\system32\Tasks
2009-06-29 09:35:42 ----D---- C:\Program Files\Google
2009-06-28 14:13:27 ----D---- C:\Backup
2009-06-26 21:38:00 ----D---- C:\Program Files\FileZilla Client
2009-06-25 08:13:48 ----D---- C:\Users\Admin\AppData\Roaming\Free Download Manager
2009-06-24 08:25:00 ----D---- C:\Windows\winsxs
2009-06-24 08:24:59 ----D---- C:\Program Files\Internet Explorer
2009-06-24 07:54:45 ----D---- C:\Program Files\Mozilla Thunderbird
2009-06-18 17:50:39 ----D---- C:\Users\Admin\AppData\Roaming\Audacity
2009-06-15 10:07:04 ----D---- C:\Windows\rescache
2009-06-15 10:05:38 ----D---- C:\Windows\Microsoft.NET
2009-06-15 10:04:42 ----RSD---- C:\Windows\assembly
2009-06-14 23:05:27 ----D---- C:\Windows\ehome
2009-06-14 17:58:55 ----D---- C:\ProgramData\Microsoft Help
2009-06-10 15:35:46 ----D---- C:\Windows\system32\migration
         

Alt 09.07.2009, 22:30   #12
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



log.txt ende:
Code:
ATTFilter
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-10-31 110096]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-07-17 147984]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
R1 ndasfat;NDAS FAT; \??\C:\Windows\system32\DRIVERS\ndasfat.sys [2007-06-29 372584]
R1 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-03-29 25344]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\Drivers\hcmon.sys [2008-05-09 22016]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-03-21 44416]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-05-09 23296]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-05-09 15744]
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2008-05-09 9216]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-05-09 97152]
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [2007-05-01 18480]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-20 99648]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-14 2016920]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 ndasbus;NDAS Bus Driver; C:\Windows\system32\DRIVERS\ndasbus.sys [2007-06-29 75880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-02-05 247808]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8230496]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-10-11 47360]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-05-09 9600]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 catchme;catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver; C:\Windows\System32\Drivers\dsltestSp5.sys [2007-09-12 26816]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver; C:\Windows\system32\DRIVERS\DLKRT32.sys [2007-01-24 70144]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
S3 ndasscsi;NDAS SCSI Miniport Driver; C:\Windows\system32\DRIVERS\ndasscsi.sys [2007-06-29 187368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-18 131000]
S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-08-31 427288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 AVP;Kaspersky Security Suite CBE; C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 MySQL;MySQL; c:\mysql\bin\mysqld-nt MySQL []
R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2007-06-29 236520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-10-19 262247]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SynoDrService;SynoDrService; C:\Program Files\Synology Data Replicator  3\SynoDrService.exe [2007-08-06 557056]
R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-10 185640]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-08-31 498872]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2006-10-19 282709]
R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2006-10-19 122971]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-05-09 151643]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-05-09 106496]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104]
R2 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-05-09 1650781]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-05-09 135168]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 TDslMgrService;DSL-Manager; C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe [2007-11-26 294912]
S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54; C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]
S2 PCLEPCI;PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-02 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {de_DE} ; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 Apache2.2;Apache2.2; C:\apache\bin\httpd.exe [2008-06-13 24635]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-24 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-02 1029456]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]
S4 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2007-12-25 586240]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-08 3004416]

-----------------EOF-----------------
         
sry dass es so viel ist, aber die 3 logdateien sind nunmal so lang und ich kann hier nur 25000 zeichen posten

ciao shirocko

Alt 10.07.2009, 21:32   #13
john.doe
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



1.) Start => Ausführen => combofix /u => OK

2.) Lade dir ein neues Combofix auf den Desktop => Mausklick rechts auf Combofix => Ausführen als Administrator => Log posten (oder bei einem Filehoster hochladen und Link posten).

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 10.07.2009, 23:01   #14
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



hi hier die neue log teil1:
Code:
ATTFilter
ComboFix 09-07-08.07 - Admin 10.07.2009 22:03.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.2046.974 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\confixi.exe
AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2009-06-10 bis 2009-07-10  ))))))))))))))))))))))))))))))
.

2009-07-10 20:21 . 2009-07-10 20:29	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2009-07-09 19:49 . 2009-07-09 19:50	--------	d-----w-	C:\rsit
2009-07-06 13:19 . 2009-07-06 13:19	--------	d-----w-	c:\program files\Trend Micro
2009-07-05 09:57 . 2009-02-12 09:41	973312	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
2009-07-04 10:35 . 2009-07-04 10:35	90112	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-07-04 10:35 . 2009-07-04 10:35	307200	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-07-04 10:35 . 2009-07-04 10:35	172032	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\users\Admin\AppData\Roaming\Vodafone
2009-07-04 10:27 . 2009-07-04 10:27	--------	d-----w-	c:\programdata\InstallShield
2009-07-04 10:25 . 2008-03-17 09:05	101632	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\programdata\Vodafone
2009-07-04 10:24 . 2009-07-04 10:24	--------	d-----w-	c:\program files\Vodafone
2009-07-03 15:21 . 2009-07-03 15:21	--------	d-----w-	c:\users\Admin\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}
2009-07-02 12:49 . 2009-07-02 12:49	1029456	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe
2009-07-02 12:49 . 2009-07-02 12:49	314712	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-02 12:49 . 2009-07-02 12:49	25440	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-02 12:49 . 2009-07-02 12:49	169312	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-02 12:49 . 2009-07-02 12:49	348496	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-02 12:49 . 2009-07-02 12:49	298336	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-02 12:48 . 2009-07-02 12:48	84832	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-02 12:48 . 2009-07-02 12:48	1630560	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-02 12:48 . 2009-07-02 12:48	40288	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-02 12:48 . 2009-07-02 12:48	246128	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48	85352	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-02 12:48 . 2009-07-02 12:48	664424	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-02 12:48 . 2009-07-02 12:48	563064	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-02 12:48 . 2009-07-02 12:48	566632	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-02 12:48 . 2009-07-02 12:48	2352968	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-02 12:48 . 2009-07-02 12:48	629072	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-02 12:48 . 2009-07-02 12:48	520024	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 19:40 . 2006-12-20 12:23	114688	------w-	c:\windows\system32\pcleDVdc.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleDVcd.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\pcleADV.dll
2009-06-21 19:40 . 2006-12-20 12:23	90112	------w-	c:\windows\system32\ACnvrtX.dll
2009-06-21 19:40 . 2006-12-20 12:23	876544	------w-	c:\windows\system32\CSCnvrtX.dll
2009-06-14 10:00 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-06-14 10:00 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-11 11:53 . 2009-06-11 11:53	--------	d-----w-	c:\program files\Western Digital Corporation

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 20:26 . 2008-07-17 16:29	1530023968	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-10 20:24 . 2008-01-11 15:07	--------	d-----w-	c:\programdata\VMware
2009-07-10 20:22 . 2008-07-17 16:29	20495396	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-10 19:54 . 2007-12-25 01:38	--------	d-----w-	c:\programdata\Kaspersky Lab
2009-07-10 19:49 . 2008-07-01 19:03	169936	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe
2009-07-09 18:33 . 2008-02-03 23:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-07-09 16:23 . 2006-11-02 15:48	737124	----a-w-	c:\windows\system32\perfh007.dat
2009-07-09 16:23 . 2006-11-02 15:48	166582	----a-w-	c:\windows\system32\perfc007.dat
2009-07-09 16:13 . 2008-01-11 15:11	--------	d-----w-	c:\users\Admin\AppData\Roaming\VMware
2009-07-05 21:54 . 2007-12-25 12:20	--------	d-----w-	c:\users\Admin\AppData\Roaming\Skype
2009-07-05 18:12 . 2008-09-30 15:27	56	---ha-w-	c:\programdata\ezsidmv.dat
2009-07-05 18:12 . 2007-12-25 12:21	--------	d-----w-	c:\users\Admin\AppData\Roaming\skypePM
2009-07-04 16:09 . 2007-12-26 22:08	--------	d-----w-	c:\users\Admin\AppData\Roaming\FileZilla
2009-07-04 10:24 . 2007-12-25 01:23	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-07-02 15:29 . 2008-02-03 23:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-06-29 07:35 . 2007-12-26 22:00	--------	d-----w-	c:\program files\Google
2009-06-26 19:38 . 2009-06-06 18:44	--------	d-----w-	c:\program files\FileZilla Client
2009-06-25 06:13 . 2008-04-28 12:51	--------	d-----w-	c:\users\Admin\AppData\Roaming\Free Download Manager
2009-06-24 05:54 . 2007-12-25 13:38	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-06-18 15:50 . 2008-04-03 13:57	--------	d-----w-	c:\users\Admin\AppData\Roaming\Audacity
2009-06-14 15:58 . 2007-12-27 00:00	--------	d-----w-	c:\programdata\Microsoft Help
2009-06-06 15:23 . 2007-12-26 18:53	--------	d-----w-	c:\users\Admin\AppData\Roaming\Apple Computer
2009-06-06 12:38 . 2008-07-10 17:51	--------	d-----w-	c:\program files\iTunes
2009-06-06 12:37 . 2009-06-06 12:37	--------	d-----w-	c:\program files\iPod
2009-06-06 12:37 . 2007-12-26 18:49	--------	d-----w-	c:\program files\Common Files\Apple
2009-06-06 12:33 . 2008-01-11 12:19	--------	d-----w-	c:\program files\QuickTime Alternative
2009-06-06 12:20 . 2009-06-06 12:20	75048	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:11 . 2009-05-11 20:22	1	----a-w-	c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 11:57 . 2009-06-01 11:57	15688	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-21 14:28 . 2008-07-17 16:36	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-21 14:28 . 2008-07-17 16:36	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-19 16:31 . 2007-12-25 01:18	130424	----a-w-	c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-19 16:11 . 2008-01-07 18:20	--------	d-----w-	c:\program files\Microsoft Works
2009-05-18 16:55 . 2009-05-18 16:54	--------	d-----w-	c:\users\Admin\AppData\Roaming\AllDup
2009-05-18 16:53 . 2009-05-18 16:53	--------	d-----w-	c:\program files\AllDup
2009-05-17 14:37 . 2009-05-17 14:37	64160	----a-w-	c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-13 06:24 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-10 07:18	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 07:18	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-05-08 15:11 . 2009-05-08 16:51	44018	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-05-08 15:11 . 2009-05-08 16:51	16896	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-05-06 12:23 . 2009-05-07 16:28	372736	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-04-29 18:42 . 2009-05-08 16:51	110592	----a-w-	c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-04-23 12:43 . 2009-06-10 07:18	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 07:18	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 07:18	2033152	----a-w-	c:\windows\system32\win32k.sys
2007-12-26 19:50 . 2007-12-26 19:50	0	--sh--w-	c:\windows\S1589D1C6.tmp
2006-05-03 09:06 . 2008-07-08 12:39	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-07-08 12:39	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-07-08 12:39	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk
backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
         

Alt 10.07.2009, 23:02   #15
shirocko
 
PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Standard

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung



log teil 2:
Code:
ATTFilter
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server
"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server
"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server
"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server
"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE
"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009
"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]
R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]
R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30.04.2008 01:15 1153368]
R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator  3\SynoDrService.exe [06.08.2007 20:36 557056]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [29.08.2008 08:29 185640]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10.12.2008 10:49 185640]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [14.06.2008 15:02 282709]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [14.06.2008 15:02 122971]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [09.05.2008 21:05 1650781]
R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]
R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [05.04.2008 13:23 294912]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]
S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54;c:\program files\Google\Update\GoogleUpdate.exe [02.06.2009 17:51 133104]
S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]
S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:48]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 22:26
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]
"gaakomjbdaejdn"=hex:63,61,64,67,6b,6d,00,77

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(11776)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\T-Online\DSL-Manager\Deskband.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\mysql\bin\mysqld-nt.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\VSSVC.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-10 22:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-07-10 20:46
ComboFix2.txt  2009-07-09 19:37

Vor Suchlauf: 8.441.098.240 Bytes frei
Nach Suchlauf: 8.288.772.096 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,44
456	--- E O F ---	2009-06-30 06:02
         

Antwort

Themen zu PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung
ad-aware, adobe, backdoor, bho, bitte um hilfe, browser, defender, eigenartig, explorer, firefox, free download, google, gupdate, hijack, hijackthis, infiziert, internet, internet explorer, kaspersky, konvertieren, menu.exe, mozilla, mozilla thunderbird, pdf-datei, preferences, rundll, safer networking, scan, security, security suite, senden, software, synology, trojaner, vista, vodafone, windows



Ähnliche Themen: PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung


  1. Lästige Pop-Ups und Werbeeinblendungen, PC wahrscheinlich mit Trojaner infiziert
    Log-Analyse und Auswertung - 29.01.2015 (11)
  2. Wahrscheinlich Infiziert
    Log-Analyse und Auswertung - 05.10.2012 (5)
  3. Antivir hat den VIrus TR/Kazy9072.2 gefunden, bitte um Hilfe und Prüfung der Logs
    Log-Analyse und Auswertung - 26.01.2011 (22)
  4. System wahrscheinlich immernoch infiziert?
    Log-Analyse und Auswertung - 27.09.2010 (3)
  5. PC wahrscheinlich infiziert, bitte um Rat !
    Log-Analyse und Auswertung - 04.11.2009 (30)
  6. Infiziert ??? ... BItte um Hilfe/Rat
    Log-Analyse und Auswertung - 23.10.2009 (3)
  7. Habe wahrscheinlich einen Virus....bitte um dringende Hilfe
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (2)
  8. Bin ich infiziert? Hilfe bitte!
    Log-Analyse und Auswertung - 26.08.2009 (5)
  9. ich habe mich Wahrscheinlich Infiziert!
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (42)
  10. PC sehr wahrscheinlich infiziert / Bitte um Hilfe
    Log-Analyse und Auswertung - 10.02.2009 (1)
  11. Laptop wahrscheinlich mit TR/Dropper infiziert
    Log-Analyse und Auswertung - 02.02.2009 (21)
  12. infiziert mit Trojaner/MalewareRootkits bitte hilfe bei entfernung
    Plagegeister aller Art und deren Bekämpfung - 20.10.2008 (12)
  13. Bitte um Hilfe. PC ist wahrscheinlich infiziert
    Plagegeister aller Art und deren Bekämpfung - 21.12.2007 (11)
  14. Wahrscheinlich trojaner/wurm verseucht bitte um Hilfe
    Log-Analyse und Auswertung - 19.05.2007 (5)
  15. Infiziert, bitte um Hilfe
    Log-Analyse und Auswertung - 12.04.2007 (3)
  16. --bitte um hilfe---Logfile--Prüfung
    Log-Analyse und Auswertung - 18.05.2006 (2)
  17. System noch infiziert? Bitte um Hilfe!
    Log-Analyse und Auswertung - 16.10.2005 (8)

Zum Thema PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung - Hi Leute, seit ein paar tagen verhält sich mein PC eigenartig und auch Kaspersky hat mitterweile einen/mehrere Trojaner bzw. Backdoor Programme gefunden Allerdings werde ich sie durch einfache löschen leider - PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung...
Archiv
Du betrachtest: PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.