verschienede Virenfunde (TR/fakealert-fraudpack-cryptedgen)

Amayah · 08.09.2009, 15:32

Hallo!

noch ein kurzer zwischenstand. Der komplettscan von antivir dauert die letzten 2 tage doppelt so lange als normal.

Hier die heutigen funde:

john.doe · 08.09.2009, 15:49

Kommen die Meldungen beim Surfen?

http://www.trojaner-board.de/51871-a...tispyware.html

ciao, andreas

Amayah · 08.09.2009, 21:45

Ja, das mit dem fenster welches weismachen wollte das der pc infiziert ist kam während dem surfen.

der zweite post bezieht sich auf einen vollen systemscan mit antivir, und währenddessen wurde am pc nichts gemacht.

Habe leider bei SUPERAntiSpyware zu schnell geklickt, die objekte sind schon bearbeitet, aber hier das log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2009 at 11:33 PM

Application Version : 4.28.1010

Core Rules Database Version : 4089
Trace Rules Database Version: 2029

Scan type : Complete Scan
Total Scan Time : 01:46:52

Memory items scanned : 761
Memory threats detected : 0
Registry items scanned : 7553
Registry threats detected : 0
File items scanned : 175792
File threats detected : 6

Adware.Tracking Cookie
C:\Users\xxx
\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.yieldmanager[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adtech[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[3].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@doubleclick[2].txt

Trojan.Unclassified-Packed/Suspicious
C:\WINDOWS\SYSTEM32\PICSHOWXCONTROL1.DLL

john.doe · 08.09.2009, 21:58

Ich schwanke zwischen Falschmeldung von Avira und tatsächlichem Befall. Die HTML-Meldungen sind überwiegend nicht ernst zu nehmen, die erste Dialogbox allerdings schon. Bei den Avirafunden brauche ich noch den kompletten Pfad. Poste am Besten das Log von Avira.

SuperAntiSpyware bitte deinstallieren.

1.) http://www.trojaner-board.de/75859-w...bschalten.html

2.) Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ciao, andreas

Amayah · 09.09.2009, 07:22

Hallo!

Vielen Dank! Hier schonmal das besagte Log, melde mich dann nach dem restlichen Sachen:

Code:

ATTFilter

Avira AntiVir Personal
Report file date: Dienstag, 8. September 2009  12:53

Scanning for 1693507 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows Vista
Windows version : (Service Pack 2)  [6.0.6002]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : xxx-PC

Version information:
BUILD.DAT       : 9.0.0.407     17961 Bytes  29.07.2009 10:34:00
AVSCAN.EXE      : 9.0.3.7      466689 Bytes  21.07.2009 11:36:14
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27.02.2009 08:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes  20.02.2009 09:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27.02.2009 08:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27.10.2008 10:30:36
ANTIVIR1.VDF    : 7.1.4.132   5707264 Bytes  24.06.2009 07:21:42
ANTIVIR2.VDF    : 7.1.5.201   3414528 Bytes  03.09.2009 19:21:31
ANTIVIR3.VDF    : 7.1.5.216    168448 Bytes  08.09.2009 09:52:57
Engineversion   : 8.2.1.12 
AEVDF.DLL       : 8.1.1.1      106868 Bytes  28.07.2009 11:31:50
AESCRIPT.DLL    : 8.1.2.30     471418 Bytes  07.09.2009 19:10:08
AESCN.DLL       : 8.1.2.5      127346 Bytes  05.09.2009 19:21:36
AERDL.DLL       : 8.1.2.4      430452 Bytes  23.07.2009 07:59:39
AEPACK.DLL      : 8.1.3.18     401783 Bytes  28.07.2009 11:31:50
AEOFFICE.DLL    : 8.1.0.38     196987 Bytes  23.07.2009 07:59:39
AEHEUR.DLL      : 8.1.0.155   1921400 Bytes  23.08.2009 17:42:46
AEHELP.DLL      : 8.1.7.0      237940 Bytes  05.09.2009 19:21:35
AEGEN.DLL       : 8.1.1.61     364916 Bytes  07.09.2009 19:10:08
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09.10.2008 12:32:40
AECORE.DLL      : 8.1.7.8      184692 Bytes  05.09.2009 19:21:32
AEBB.DLL        : 8.1.0.3       53618 Bytes  09.10.2008 12:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12.12.2008 06:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05.12.2008 08:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes  20.01.2009 12:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes  05.12.2008 08:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes  24.03.2009 13:05:41
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30.01.2009 08:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28.01.2009 13:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02.02.2009 06:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes  05.12.2008 08:32:10
RCIMAGE.DLL     : 9.0.0.25    2438913 Bytes  15.05.2009 13:39:58
RCTEXT.DLL      : 9.0.37.0      86785 Bytes  17.04.2009 08:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Dienstag, 8. September 2009  12:53

Starting search for hidden objects.
'130342' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DockLogin.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.dir
    [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
C:\Users\xxx\AppData\Local\Temp\OnlineScanner\updates\aquawin32\cran.cvd
    [DETECTION] Contains recognition pattern of the Trivial-28 (A) virus
C:\Users\xxx\AppData\Local\Temp\OnlineScanner\updates\aquawin32\cran.ivd
    [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.dir
    [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
    [WARNING]   An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]   The file could not be deleted!
    [NOTE]      Attempting to perform action using the ARK library.
    [NOTE]      The file was moved to '4ad66ac8.qua'!
C:\Users\xxx\AppData\Local\Temp\OnlineScanner\updates\aquawin32\cran.cvd
    [DETECTION] Contains recognition pattern of the Trivial-28 (A) virus
    [NOTE]      The file was moved to '4b076b0f.qua'!
C:\Users\xxx\AppData\Local\Temp\OnlineScanner\updates\aquawin32\cran.ivd
    [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
    [NOTE]      The file was moved to '4e539ba8.qua'!


End of the scan: Dienstag, 8. September 2009  17:30
Used time:  3:56:59 Hour(s)

The scan has been done completely.

  29671 Scanned directories
 430881 Files were scanned
      3 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      3 Files were moved to quarantine
      0 Files were renamed
      2 Files cannot be scanned
 430876 Files not concerned
   2944 Archives were scanned
      3 Warnings
      5 Notes
 130342 Objects were scanned with rootkit scan
      0 Hidden objects were found

Amayah · 09.09.2009, 09:54

Und hier das combofix log:

Code:

ATTFilter

ComboFix 09-09-08.06 - xxx 09.09.2009 11:38.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2110 [GMT 3:00]
ausgeführt von:: c:\users\xxx\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1881260713-4089407654-2850825354-500
c:\$recycle.bin\S-1-5-21-3730355828-1708322568-2373879242-500
c:\users\xxx\BCHER~1\SCHEIK~2\Fatawi\MA8248~1.exe
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2009-08-09 bis 2009-09-09  ))))))))))))))))))))))))))))))
.

2009-09-09 08:43 . 2009-09-09 08:43	--------	d-----w-	c:\users\xxx\AppData\Local\temp
2009-09-09 08:43 . 2009-09-09 08:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2009-09-08 22:06 . 2009-08-14 16:27	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-09-08 22:06 . 2009-08-14 13:48	105984	----a-w-	c:\windows\system32\netiohlp.dll
2009-09-08 22:06 . 2009-08-14 13:49	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-09-08 22:06 . 2009-08-14 13:49	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-09-08 22:06 . 2009-08-14 13:49	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-09-08 22:06 . 2009-08-14 13:49	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-09-08 22:06 . 2009-08-14 13:49	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-09-08 22:06 . 2009-08-14 13:49	10240	----a-w-	c:\windows\system32\finger.exe
2009-09-08 22:06 . 2009-08-14 13:49	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-09-08 22:06 . 2009-08-14 13:48	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 22:06 . 2009-08-14 15:53	17920	----a-w-	c:\windows\system32\netevent.dll
2009-09-08 22:05 . 2009-07-11 19:01	302592	----a-w-	c:\windows\system32\wlansec.dll
2009-09-08 22:05 . 2009-07-11 19:01	293376	----a-w-	c:\windows\system32\wlanmsm.dll
2009-09-08 22:05 . 2009-07-11 17:03	127488	----a-w-	c:\windows\system32\L2SecHC.dll
2009-09-08 22:05 . 2009-07-11 19:01	513536	----a-w-	c:\windows\system32\wlansvc.dll
2009-09-08 22:05 . 2009-07-11 19:01	65024	----a-w-	c:\windows\system32\wlanapi.dll
2009-09-08 22:05 . 2009-06-10 11:41	2868224	----a-w-	c:\windows\system32\mf.dll
2009-09-08 18:00 . 2009-09-08 18:00	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2009-09-08 17:58 . 2009-09-09 06:13	--------	d-----w-	c:\users\xxx\AppData\Roaming\SUPERAntiSpyware.com
2009-09-08 17:58 . 2009-09-09 06:13	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-09-03 14:14 . 2009-09-03 14:14	--------	d-----w-	c:\programdata\F-Secure
2009-09-03 14:05 . 2009-09-03 14:46	--------	d-----w-	c:\windows\BDOSCAN8
2009-09-03 12:13 . 2009-09-03 12:13	--------	d-----w-	C:\rsit
2009-09-03 10:03 . 2009-09-03 10:03	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2009-09-03 10:02 . 2009-08-03 10:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 10:02 . 2009-09-03 10:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-03 10:02 . 2009-09-03 10:02	--------	d-----w-	c:\programdata\Malwarebytes
2009-09-03 10:02 . 2009-08-03 10:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-03 09:50 . 2009-09-03 09:50	--------	d-----w-	c:\program files\CCleaner
2009-09-02 21:48 . 2009-07-03 14:49	15688	----a-w-	c:\windows\system32\lsdelete.exe
2009-09-02 21:34 . 2009-09-02 21:34	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-09-02 21:34 . 2009-07-03 14:49	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2009-09-02 21:34 . 2009-09-02 21:34	--------	dc-h--w-	c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-02 21:33 . 2009-09-02 21:34	--------	d-----w-	c:\programdata\Lavasoft
2009-09-02 21:33 . 2009-09-02 21:33	--------	d-----w-	c:\program files\Lavasoft
2009-08-26 09:09 . 2009-06-22 10:09	2048	----a-w-	c:\windows\system32\tzres.dll
2009-08-23 17:10 . 2009-07-28 13:33	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-08-23 17:10 . 2009-03-30 07:33	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-08-23 17:10 . 2009-08-23 17:10	--------	d-----w-	c:\programdata\Avira
2009-08-23 17:10 . 2009-08-23 17:10	--------	d-----w-	c:\program files\Avira
2009-08-21 08:59 . 2009-08-21 08:59	--------	d-----r-	c:\users\xxx\AppData\Roaming\Brother
2009-08-16 14:43 . 2009-08-16 14:43	--------	d-----w-	c:\users\xxx\AppData\Local\Apple Computer
2009-08-16 09:35 . 2009-08-16 09:34	102664	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-08-12 08:18 . 2009-06-04 12:07	2066432	----a-w-	c:\windows\system32\mstscax.dll
2009-08-12 08:18 . 2009-06-10 11:38	91136	----a-w-	c:\windows\system32\avifil32.dll
2009-08-12 08:18 . 2009-07-17 13:54	71680	----a-w-	c:\windows\system32\atl.dll
2009-08-10 14:10 . 2009-08-23 16:56	--------	d-----w-	c:\program files\Veoh Networks

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 06:27 . 2009-01-14 02:45	12	----a-w-	c:\windows\bthservsdp.dat
2009-09-09 06:13 . 2009-01-17 23:07	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-09-09 05:41 . 2009-08-07 14:11	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-09 00:59 . 2009-07-17 15:54	--------	d-----w-	c:\users\xxx\AppData\Roaming\vlc
2009-09-08 07:43 . 2009-01-16 19:40	--------	d-----w-	c:\users\xxx\AppData\Roaming\Skype
2009-09-08 07:32 . 2009-01-16 19:41	--------	d-----w-	c:\users\xxx\AppData\Roaming\skypePM
2009-09-02 20:07 . 2008-01-21 07:15	621952	----a-w-	c:\windows\system32\perfh007.dat
2009-09-02 20:07 . 2008-01-21 07:15	123852	----a-w-	c:\windows\system32\perfc007.dat
2009-08-16 11:15 . 2009-02-22 22:19	--------	d-----w-	c:\program files\Comodo
2009-08-12 08:22 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-08-08 17:31 . 2009-08-08 17:18	--------	d-----w-	c:\program files\QuickTime
2009-08-08 17:31 . 2009-08-08 17:31	--------	d-----w-	c:\programdata\Apple Computer
2009-08-08 17:30 . 2009-08-08 17:30	--------	d-----w-	c:\program files\Apple Software Update
2009-08-08 17:30 . 2009-08-08 17:30	--------	d-----w-	c:\programdata\Apple
2009-08-05 09:17 . 2009-01-14 02:40	--------	d-----w-	c:\program files\Java
2009-08-03 18:38 . 2009-01-17 22:43	--------	d-----w-	c:\users\Abukasem\AppData\Roaming\ESTsoft
2009-08-02 23:14 . 2009-01-26 14:28	--------	d-----w-	c:\users\Abukasem\AppData\Roaming\dvdcss
2009-07-25 02:23 . 2009-08-01 12:34	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-24 18:08 . 2009-07-24 18:05	--------	d-----w-	c:\users\Abukasem\AppData\Roaming\VoipBuster
2009-07-23 21:23 . 2009-01-14 02:59	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2009-07-23 21:19 . 2009-01-14 02:41	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-29 13:07	915456	----a-w-	c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:07	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:07	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:07	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-15 12:40 . 2009-08-12 08:19	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 08:19	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 08:19	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 08:19	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-07-11 19:06 . 2009-07-03 14:51	--------	d-----w-	c:\program files\Mobile Partner
2009-07-05 07:05 . 2009-02-22 22:20	74328	----a-w-	c:\windows\system32\drivers\inspect.sys
2009-06-18 13:37 . 2009-01-16 18:37	112312	----a-w-	c:\users\Abukasem\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-18 13:31 . 2009-06-18 13:29	65	----a-w-	c:\windows\system32\bd7030.dat
2009-06-15 23:15 . 2009-08-12 08:19	439864	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-06-15 14:54 . 2009-08-12 08:19	175104	----a-w-	c:\windows\system32\wdigest.dll
2009-06-15 14:53 . 2009-07-16 15:22	156672	----a-w-	c:\windows\system32\t2embed.dll
2009-06-15 14:53 . 2009-08-12 08:19	72704	----a-w-	c:\windows\system32\secur32.dll
2009-06-15 14:53 . 2009-08-12 08:19	270848	----a-w-	c:\windows\system32\schannel.dll
2009-06-15 14:53 . 2009-08-12 08:19	218624	----a-w-	c:\windows\system32\msv1_0.dll
2009-06-15 14:52 . 2009-08-12 08:19	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2009-06-15 14:52 . 2009-07-16 15:22	23552	----a-w-	c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-08-12 08:19	499712	----a-w-	c:\windows\system32\kerberos.dll
2009-06-15 14:52 . 2009-07-16 15:22	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-16 15:22	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-06-15 12:48 . 2009-08-12 08:19	9728	----a-w-	c:\windows\system32\lsass.exe
2009-06-15 12:42 . 2009-07-16 15:22	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-01-14 02:55 . 2009-01-14 02:55	74	--sh--r-	c:\windows\CT4CET.bin
2006-05-03 10:06 . 2009-01-17 22:53	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-17 22:53	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-17 22:53	216064	--sh--r-	c:\windows\System32\nbDX.dll
2009-01-14 11:01 . 2009-01-14 11:00	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-25 442460]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-14 03:04	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):20,89,42,5f,d2,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D20029BE-8998-4429-A174-46D5B8AA5A69}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{E8770DAC-E0E5-4004-AFE8-5B94702F755B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{5DDCCA47-7AC3-42D0-9D09-9B0DD646B62F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5F7B4D2D-C943-4160-8620-EDC8EF9A4463}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{08B498DD-9670-4C26-8F12-3E2AF1DB7BDA}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{E869D781-8310-44EF-8D01-986A64A82306}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{5C71B608-8A81-4D13-B733-40814BDD3240}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB13AD9F-2A95-4641-8ECF-0A4CA13BA17F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{6EFDDFCF-9AA7-4D0A-BE2A-D0B4740848C1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9FBA88CB-4541-44CC-84D2-CECC6CE783DE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3FAAF61A-55F0-4178-94D8-933C6946A28F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{570608CE-14E8-4ADA-AE80-DD75040E4005}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{555B3325-076F-4BE9-8976-5D0A621AC223}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BBAD6987-BB51-4076-AD92-99FB5E60A2D2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E78BF024-32E8-4B22-A8D1-1FCBEA883072}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A247D05-5541-4DA2-A174-0E38B127A83B}"= UDP:5353:Adobe CSI CS4
"{E15CBBB5-57AB-4ACD-B8C3-964A94BC62E4}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{30892764-DC7D-4364-B55A-8DC92370D804}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{5D3F0420-3813-4286-8CF6-591D14814C47}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player 
"{9B5687E5-BAA9-4704-BC09-943B96DA6DFA}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player 
"{1C2576FE-1D10-4173-A5D1-D58A853B2FD7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{28DC908F-4BDF-4772-8F96-3EF946E2D3E7}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{56A5C666-2526-407F-87D8-043CE4816490}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{59CBD920-A363-436A-ADB6-0B3EF928A842}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{03B73451-DC8A-43FD-B5F6-31777CA0B251}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{DCF4D637-B6BA-45EF-9B6F-41042BBF06FC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0F115242-F748-4DFA-AC93-6E6C6DEB5630}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{77BA998C-4573-4D7B-975D-E8CCBF1F6320}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{D00B509A-7C41-4DDD-8F71-E0F656B1162A}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"TCP Query User{44639DEE-9A60-40EA-89D0-580A1207192E}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{FC6EAC30-59C7-448D-9634-53090A31E1E6}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{AC61AA86-B944-4D4C-B77E-1DE3BCCADD5A}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{5D236EA7-DECE-484F-9B73-E7F5127D9FB2}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"{2FF63D72-57D0-4CE2-8CDF-0F4AC9DFCA00}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player 
"{0C375293-68C9-4510-BEB4-498C04A18D42}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player 
"TCP Query User{976EE1A9-1C8C-4257-AE51-30A5F91E91C8}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{7F0C4156-3EA4-441F-B29E-84F3DF696E63}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{F9990114-4282-4C3A-94ED-831B122C9705}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{FE9A6624-0FB1-493F-89B2-7274DD4EAAEE}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [03.09.2009 00:34 64160]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe [14.01.2009 14:16 73728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.08.2009 20:10 108289]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24.09.2008 00:09 155648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [19.08.2009 18:37 92008]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [14.01.2009 14:16 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [14.01.2009 14:16 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\System32\drivers\NETw5v32.sys [14.01.2009 14:16 3663360]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [06.03.2009 07:30 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [08.03.2009 17:06 280096]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 17:49 1029456]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14.01.2009 05:43 29736]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [21.01.2008 05:23 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [21.01.2008 05:23 251904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-09-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51]

2009-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{20135D14-C0EE-4571-A928-95EF91328655}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.fi/
uInternet Settings,ProxyServer = 128.214.112.91:3124
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\g6r9rvce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi
FF - component: c:\mozilla firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel",             1); // 0=low, 1=medium, 2=high, 3=custom
c:\mozilla firefox\greprefs\all.js - pref("network.enablePad",                   false); // Allow client to do proxy autodiscovery
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms",                 true);
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Creative OA001 - c:\windows\CtDrvIns.exe -uninstall -script OA001.uns -plugin OA001Pin.dll -pluginres OA001Pin.crl
AddRemove-{46E1B1F2-A279-4356-9B17-029F9CC72EAE} - c:\program files\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe  -runfromtemp -l0x0007 Brunin03.dll

Mann da sind ja noch eine menge alter einträge im pc? Wie kriegt man den ganzen übriggebliebenen schrott eigentlich wieder raus? (nur mal so nebenbei)

Amayah · 09.09.2009, 09:56

hier der zweite teil

Code:

ATTFilter

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 11:43
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-09-09 11:45
ComboFix-quarantined-files.txt  2009-09-09 08:45

Vor Suchlauf: 11 Verzeichnis(se), 211.762.651.136 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 211.767.574.528 Bytes frei

295	--- E O F ---	2009-09-08 22:17

john.doe · 09.09.2009, 15:51

Zitat:

Mann da sind ja noch eine menge alter einträge im pc? Wie kriegt man den ganzen übriggebliebenen schrott eigentlich wieder raus? (nur mal so nebenbei)

Gut, dass es von dir kommt. Ich kann da aufräumen, wenn ich das OK von dir bekomme. Zwei der drei Meldungen von Avira betreffen den Onlinescanner von F-Secure.

Ich brauche noch deine Softwareliste.

Start => Ausführen => c:\rsit\info.txt => OK

1.) Deaktiviere den Wächter von Avira.

2.) Packe den Ordner c:\qoobox mit Zip oder Rar, lade das Archiv bei einem Filehoster hoch (z.B. www.materialordner.de) und schicke mir den Link als Private Nachricht.

3.) Aktiviere den Wächter von Avira.

ciao, andreas

Amayah · 11.09.2009, 08:12

Hallo!

entschuldige für die verspätung!

Hmm, vielen dank für das angebot! Ich würde allerdings gerne auch selbst wissen wie das geht?

Vielleicht gibts da gute anleitungen und hintergrundwissen dazu?

Was willst du denn genau machen?

Aber sind am pc jetzt nur alte sachen oder doch eventuell ein schädling?

Dankesehr!

Amayah · 11.09.2009, 13:49

Hallo!

Du hast pm!

Was ich mich noch wundere, sind an die 40 tcp verbindungen ins internet, obwohl kein browser geöffnet ist. Allerdings weiss ich nicht wieviele da normal sind, aber es sind svchost.exe, system und unknown die sich da verbinden. Ich könnte dir ein log von currports schicken wenn das was nützt?

john.doe · 11.09.2009, 15:29

Zitat:

Ich könnte dir ein log von currports schicken wenn das was nützt?

Aussagekräftiger ist das Log von TCPView for Windows

Zitat:

Du hast pm!

Du auch.

Zitat:

Was willst du denn genau machen?

Der Grund für das Zusenden der Quarantäne war simpel. Ich hatte den (mittlerweile begründeten!) Verdacht, dass ComboFix etwas zuviel gelöscht hat. Was und wie du das wiederherstellen kannst, steht in der PN.

1.) Deinstalliere:

Ad-Aware
Google Toolbar for Internet Explorer
Java(TM) 6 Update 7
Skype™ 3.8

2.) Installiere:

Skype 4.1 für Windows ? Nachdem Sie die neueste Skype-Version heruntergeladen haben, können Sie kostenlos via Internet von Computer zu Computer telefonieren

3.) Sind neuerdings noch Dialogboxen hochgekommen?

ciao, andreas

john.doe · 11.09.2009, 20:12

Nachricht per PN: Es wird neuinstalliert.

Du bist entlassen, andreas

verschienede Virenfunde (TR/fakealert-fraudpack-cryptedgen)

Plagegeister aller Art und deren Bekämpfung: verschienede Virenfunde (TR/fakealert-fraudpack-cryptedgen)