| |
| |||||||
Log-Analyse und Auswertung: hijack + combofix logs checkenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.04.2010, 16:46
| #2 |
 |  hijack + combofix logs checken Logfile of HijackThis v1.99.1
__________________Scan saved at 17:17:59, on 20.04.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Hotspot Shield\bin\openvpnas.exe C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe C:\Programme\tools\Java\jre6\bin\jqs.exe C:\Programme\Retrospect\Retrospect Express HD 2.5\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - (no file) R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Programme\tools\YouTubeDownloader\VDTB.dll O2 - BHO: Video Download Toolbar Helper - {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - C:\Programme\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Programme\tools\FLV Downloader\MoyeaCth.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Video Download Toolbar IE Browser Helper Object - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\PROGRA~1\VIDEOD~1\V330~1.3\RESOUR~1\VIDEOD~1.DLL O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\tools\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\tools\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\tools\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Programme\tools\YouTubeDownloader\VDTB.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Video Download Toolbar - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - C:\Programme\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Programme\tools\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - Global Startup: Capture Text.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\tools\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\tools\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\tools\Free Download Manager\dllink.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download Video by Free YouTuBe Utility - C:\Programme\tools\Free YouTuBe Utility\IEydown.htm O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\tools\Download YouTube Video\upod_link.HTM O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\tools\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1B38F9B3-9F18-4B8F-B9F8-72B0FEB99F16}: NameServer = 192.168.0.1 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate1ca277453bb86ee) (gupdate1ca277453bb86ee) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\tools\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\tools\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Programme\Retrospect\Retrospect Express HD 2.5\retrorun.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) liste aller programme aus ccleaner: µTorrent 1-Click YouTube Downloader 3.5 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe Reader 7.0 - Deutsch Apple Application Support Apple Mobile Device Support Apple Software Update Ares Tube 3.2 ATI - Dienstprogramm zur Deinstallation der Software ATI Control Panel ATI Display Driver aTube Catcher Avira AntiVir Personal - Free Antivirus B.EBI Software Updater 1.0 Bonjour Broadcom 440x 10/100 Integrated Controller Capture Text Dell ResourceCD Deus Ex - Invisible War DVDVideoSoft Toolbar FlickrDown FlvRecorder Fraps (remove only) Free Download Manager 3.4 ALPHA Free YouTube Download 2.4 Free YouTuBe Utility 1.62 Geheimakte 2 - Puritas Cordis GetGo YouTube Downloader Google Chrome Google Earth Google Updater HijackThis 1.99.1 Hotspot Shield 1.34 HyperSnap-DX 5 iTunes Java(TM) 6 Update 15 JLC's Internet TV Kaspersky Online Scanner K-Lite Codec Pack 4.1.7 (Full) Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works 7.0 Mihov Picture Downloader 1.5 (remove only) mIRC Movier 1.0.9 Moyea FLV Downloader version 1.15.0.15 Mozilla Firefox (3.6.3) Nero 6 Ultra Edition Orbit Downloader Picture Ripper 4 QuickTime RealPlayer Recover My Files RsFree Security Task Manager 1.6 SimpleOCR 3.1 SopCast 3.2.4 SoundMAX StationRipper 2.93B TopOCR 3.1 Torrent Harvester Total Commander (Remove or Repair) Transcode Server TubeBox! TubeTillaFree TV-Browser 2.7.4 UltraGet Video Downloader 2.0.8 Uninstall 1.0.0.1 Url Extractor Ver 1.0 URL Snooper v2.26.01 UseNeXT VDownloader 2.5 Video Download Toolbar VideoSlurp YouTube Downloader v1.4 VZ AlbumCatcher Deinstallieren Web Pictures Downloader 2.0 Windows Internet Explorer 7 Windows XP Service Pack 3 WinPcap 4.1.1 WM Recorder 11.0 Xilisoft Download YouTube Video YouTube Batch Downloader Youtube Downloader 2.3.9 YouTube Downloader 2.5.3 Youtube Downloader HD v. 1.8.1 logfile listfile.zip: ----- Root ----------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\ 20.04.2010 17:34 43 filelist.txt 20.04.2010 17:33 549 filelist.zip 20.04.2010 17:32 4.374 install.txt 20.04.2010 17:11 24.648 ComboFix.txt 20.04.2010 17:06 3.921.747 ComboFix.exe 20.04.2010 16:55 2.145.386.496 pagefile.sys 20.04.2010 15:48 281 boot.ini 19.04.2010 22:29 109 mbam-error.txt 16.03.2010 21:37 145 Neu Textdokument.txt 10.03.2010 00:14 154 Quizecke.url 05.03.2010 19:12 211 Boot.bak 25.02.2010 02:13 5.847.714 DSCN4850.jpg 25.02.2010 02:13 6.531.080 DSCN4849.jpg 25.02.2010 02:13 5.644.308 DSCN4848.jpg 25.02.2010 02:13 5.612.295 DSCN4847.jpg 25.02.2010 02:13 6.031.756 DSCN4846.jpg 25.02.2010 02:13 5.892.672 DSCN4845.jpg 25.02.2010 02:13 6.255.002 DSCN4844.jpg 23.02.2010 21:44 10.680 logo23.jpg ----- Windows -------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\WINDOWS 20.04.2010 17:09 227 system.ini 20.04.2010 17:06 1.194.057 WindowsUpdate.log 20.04.2010 17:06 32.592 SchedLgU.Txt 20.04.2010 16:55 159 wiadebug.log 20.04.2010 16:55 50 wiaservc.log 20.04.2010 16:55 2.048 bootstat.dat 19.04.2010 22:23 177 winamp.ini 19.04.2010 22:00 172.032 Ujemaa.exe 13.04.2010 21:34 294.009 Video_Download_Toolbar_Uninstaller_5578.exe 07.04.2010 02:48 116 NeroDigital.ini 03.04.2010 02:54 329 SoftWriting.ini 03.04.2010 02:01 81 topocr.INI 12.03.2010 18:02 261.632 PEV.exe 07.03.2010 23:35 1.075 Sidplay2w.ini 05.03.2010 19:12 496 win.ini 27.02.2010 01:29 159.881 FlickrDown Uninstaller.exe 25.02.2010 02:38 38 avisplitter.ini 20.02.2010 23:44 754 WORDPAD.INI 14.01.2010 23:58 66 StationRipper.INI 0 Verzeichnis(se), 2.430.631.936 Bytes frei ----- System --- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\WINDOWS\system 14.04.2008 04:23 146.944 winspool.drv ----- System 32 (Achtung: Zeitfenster beachten!) --- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\WINDOWS\system32 20.04.2010 15:28 1.324 d3d9caps.dat 12.04.2010 19:19 46 DonationCoder_urlsnooper_InstallInfo.dat 12.04.2010 19:18 64 -1 06.04.2010 19:52 31.971.272 MRT.exe 01.04.2010 19:28 432.356 perfh009.dat 01.04.2010 19:28 448.470 perfh007.dat 01.04.2010 19:28 67.312 perfc009.dat 01.04.2010 19:28 79.910 perfc007.dat 01.04.2010 19:28 1.042.118 PerfStringBackup.INI 19.03.2010 18:05 4.874.240 wmp.dll 11.03.2010 14:31 233.472 webcheck.dll 11.03.2010 14:31 832.512 wininet.dll 11.03.2010 14:31 1.168.384 urlmon.dll 11.03.2010 14:31 44.544 pngfilt.dll 11.03.2010 14:31 671.232 mstime.dll 11.03.2010 14:31 193.024 msrating.dll 11.03.2010 14:31 3.599.872 mshtml.dll 11.03.2010 14:31 477.696 mshtmled.dll 11.03.2010 14:31 105.984 url.dll 11.03.2010 14:31 102.912 occache.dll ----- Prefetch ------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\WINDOWS\Prefetch 20.04.2010 17:34 15.098 CMD.EXE-087B4001.pf 20.04.2010 17:34 62.666 WINRAR.EXE-07C48FDD.pf 20.04.2010 17:33 25.072 ORBITNET.EXE-041AEAD0.pf 20.04.2010 17:33 74.624 ORBITDM.EXE-32B5C4F2.pf 20.04.2010 17:33 37.730 HPRSNAP5.EXE-20E342B8.pf 20.04.2010 17:33 18.060 NOTEPAD.EXE-336351A9.pf 20.04.2010 17:32 38.758 RUNDLL32.EXE-2BF3472E.pf 20.04.2010 17:32 31.626 RUNDLL32.EXE-1F20A0D1.pf 20.04.2010 17:32 31.760 RUNDLL32.EXE-1357CA32.pf 20.04.2010 17:32 25.794 CCLEANER.EXE-22F3F5C0.pf 20.04.2010 17:28 33.780 GOOGLEUPDATE.EXE-187AE91D.pf 20.04.2010 17:26 35.126 AVWSC.EXE-24612965.pf 20.04.2010 17:18 56.668 HIJACKTHIS.EXE-1A068334.pf 20.04.2010 17:11 15.662 REGEDIT.EXE-1B606482.pf 20.04.2010 17:11 9.894 SWREG.CFXXE-17391962.pf 20.04.2010 17:11 8.708 GREP.CFXXE-350016A4.pf 20.04.2010 17:11 9.046 CHCP.COM-18156052.pf 20.04.2010 17:11 14.210 PEV.CFXXE-02C8A4D3.pf 20.04.2010 17:11 4.922 SED.CFXXE-3B4964C3.pf 20.04.2010 17:11 17.968 NIRCMD.CFXXE-05436116.pf 20.04.2010 17:11 75.778 WMIPRVSE.EXE-28F301A9.pf 20.04.2010 17:11 14.744 SED.EXE-0F4B402F.pf 20.04.2010 17:11 9.286 GREP.EXE-3309531C.pf 20.04.2010 17:06 29.834 CSCRIPT.CFXXE-2F2349A3.pf 20.04.2010 17:06 11.514 NIRCMDB.EXE-137B12EA.pf 20.04.2010 17:06 24.146 SWREG.EXE-3560BE42.pf 20.04.2010 17:06 26.056 PEV.EXE-0806C34B.pf 20.04.2010 17:06 8.508 GSAR.CFXXE-00AB7A6E.pf 20.04.2010 17:06 13.842 HIDEC.EXE-3818BC01.pf 20.04.2010 17:06 10.770 COMBOFIX-DOWNLOAD.CFXXE-31D203D3.pf 20.04.2010 17:06 11.990 SORT.EXE-194AE83C.pf 20.04.2010 17:06 11.452 PING.CFXXE-37757ECD.pf 20.04.2010 17:06 24.922 CMD.CFXXE-12A6B182.pf 20.04.2010 17:06 14.014 PING.EXE-31216D26.pf 20.04.2010 17:06 9.966 NIRCMDC.CFXXE-101D6E86.pf 20.04.2010 17:06 13.046 ATTRIB.EXE-39EAFB02.pf 20.04.2010 17:06 24.408 PV.CFXXE-38A0900B.pf 20.04.2010 17:06 25.192 CSCRIPT.CFXXE-2F5062B6.pf 20.04.2010 17:06 8.476 ATTRIB.CFXXE-18D70E5B.pf 20.04.2010 17:06 12.102 NIRCMDC.CFXXE-1A395113.pf 20.04.2010 17:06 9.526 GSAR.CFXXE-064C1B3A.pf 20.04.2010 17:06 72.386 COMBOFIX.EXE-2CFB004E.pf 20.04.2010 17:06 18.804 RUNONCE.EXE-2803F297.pf 20.04.2010 17:06 13.290 GRPCONV.EXE-111CD845.pf 20.04.2010 17:06 17.562 RUNDLL32.EXE-1EE676D0.pf 20.04.2010 17:06 29.364 IEXPLORE.EXE-0A31FE70.pf 20.04.2010 17:06 27.576 IEXPLORE.EXE-12915967.pf 20.04.2010 17:05 23.364 PV.CFXXE-232B0D6C.pf 20.04.2010 17:05 5.682 ATTRIB.CFXXE-0D17129C.pf 20.04.2010 17:05 10.128 SWSC.CFXXE-2693FE93.pf 20.04.2010 17:05 49.634 PEV.CFXXE-3B65BD28.pf 20.04.2010 17:05 10.118 SED.CFXXE-384BB311.pf 20.04.2010 17:05 9.954 SWREG.CFXXE-16776A8B.pf 20.04.2010 17:05 9.454 GREP.CFXXE-005CE245.pf 20.04.2010 17:05 12.222 NIRCMD.CFXXE-351E2F5E.pf 20.04.2010 17:05 11.798 SWREG.EXE-0937BD77.pf 20.04.2010 17:05 10.952 SWXCACLS.CFXXE-1ECB3953.pf 20.04.2010 17:05 11.552 PEV.EXE-2937A365.pf 20.04.2010 17:05 18.074 N.PIF-1B75D06C.pf 20.04.2010 17:05 9.050 HIDEC.EXE-3B166DB3.pf 20.04.2010 17:02 14.602 VERCLSID.EXE-3667BD89.pf 20.04.2010 16:58 18.444 IMAPI.EXE-0BF740A4.pf 20.04.2010 16:58 70.904 EXPLORER.EXE-082F38A9.pf 20.04.2010 16:57 9.596 REGT.CFXXE-2A974419.pf 20.04.2010 16:57 14.616 FINDSTR.EXE-0CA6274B.pf 20.04.2010 16:57 13.784 CF20292.CFXXE-1C31C786.pf 20.04.2010 16:56 10.634 WSCNTFY.EXE-1B24F5EB.pf 20.04.2010 16:56 4.094 MBR.CFXXE-13B550AF.pf 20.04.2010 15:46 2.650 CAPTURETEXT.EXE-1DD33796.pf 20.04.2010 15:46 22.166 YOUTUBEDOWNLOADER.EXE-0F576306.pf 20.04.2010 15:46 11.018 QTTASK.EXE-2D7EEF34.pf 20.04.2010 15:46 50.598 AVGNT.EXE-39CD89BF.pf 20.04.2010 15:46 10.412 ATIPTAXX.EXE-12B5048A.pf 20.04.2010 15:46 9.434 ATIPRBXX.EXE-2EF3CAC1.pf 20.04.2010 15:43 46.850 UPDATE.EXE-3398FCD6.pf 20.04.2010 15:43 11.080 CF1054.CFXXE-03C58CFB.pf 20.04.2010 15:42 54.774 AVCENTER.EXE-1D2DB8A2.pf 19.04.2010 22:19 58.478 WUAUCLT.EXE-399A8E72.pf 19.04.2010 22:03 37.566 WORDPAD.EXE-1EFCC5C1.pf 19.04.2010 22:01 64.600 MSHTA.EXE-331DF029.pf 19.04.2010 22:00 16.414 UJEMAA.EXE-22732499.pf 19.04.2010 22:00 17.490 UQD.EXE-2048F1C4.pf 19.04.2010 22:00 17.464 GUARDGUI.EXE-147E0160.pf 19.04.2010 22:00 16.804 UQC.EXE-2EB5EBEE.pf 19.04.2010 22:00 25.392 RUNDLL32.EXE-1798D03C.pf 19.04.2010 22:00 24.766 XSANWEMROC.TMP-2DCB3341.pf 19.04.2010 21:59 16.238 UQB.EXE-0B15A252.pf 19.04.2010 21:59 9.946 NAWCRMOXSE.TMP-2C9B9FF9.pf 19.04.2010 21:55 90.054 CHROME.EXE-0DB01B9D.pf 19.04.2010 21:52 93.128 JAVA.EXE-07F51D5C.pf 19.04.2010 21:32 35.046 JAVAW.EXE-152326C7.pf 19.04.2010 21:32 9.090 TVBROWSER.EXE-0E884C39.pf 19.04.2010 21:31 124.718 FLVPLAYER.EXE-0BAD4213.pf 19.04.2010 21:11 76.966 FREEYOUTUBEDOWNLOAD.EXE-07A56A93.pf 19.04.2010 20:36 33.168 LOGONUI.EXE-0AF22957.pf 19.04.2010 20:16 40.078 DFRGNTFS.EXE-269967DF.pf 19.04.2010 20:16 20.028 DEFRAG.EXE-273F131E.pf 19.04.2010 20:16 360.986 Layout.ini 19.04.2010 20:10 6.074 LOGON.SCR-151EFAEA.pf 19.04.2010 18:07 82.266 EXPORTCONTROLLER.EXE-2AE60AF2.pf 19.04.2010 18:07 99.376 QUICKTIMEPLAYER.EXE-1683395B.pf 19.04.2010 17:42 9.448 JQSNOTIFY.EXE-0B85AE3F.pf 19.04.2010 17:42 107.628 FIREFOX.EXE-1D57670A.pf 19.04.2010 17:05 205.982 VLC.EXE-29851A71.pf 19.04.2010 16:48 56.064 I_VIEW32.EXE-0B6C3BA4.pf 19.04.2010 16:34 53.346 GOOGLEUPDATER.EXE-36CE3796.pf 19.04.2010 16:34 17.018 GOOGLEUPDATERSERVICE.EXE-19F5FCF4.pf 19.04.2010 15:47 51.124 WINAMP.EXE-18A5C0FF.pf 19.04.2010 14:52 15.834 DRWTSN32.EXE-2B4B52AC.pf 19.04.2010 12:45 222.958 HELPSVC.EXE-2878DDA2.pf 19.04.2010 09:19 44.494 DWWIN.EXE-30875ADC.pf 19.04.2010 06:28 13.386 GOOGLECRASHHANDLER.EXE-03C21A5B.pf 19.04.2010 05:03 104.950 FFMPEG.EXE-03BB1812.pf 18.04.2010 22:43 43.812 AVNOTIFY.EXE-31D7686A.pf 18.04.2010 20:02 53.508 DUMPREP.EXE-1B46F901.pf 18.04.2010 20:02 20.576 TASKMGR.EXE-20256C55.pf 18.04.2010 18:22 17.514 MPLAYER.EXE-02175A54.pf 18.04.2010 18:22 36.452 ULTRAGET.EXE-2BF7E7D4.pf 18.04.2010 18:21 33.032 CSC.EXE-01730C27.pf 18.04.2010 18:21 10.526 CVTRES.EXE-2329DCD5.pf 18.04.2010 18:20 36.806 PRESENTATIONFONTCACHE.EXE-1706C4D2.pf 18.04.2010 18:20 66.326 VDOWNLOADER.EXE-322C5718.pf 18.04.2010 17:33 72.700 RSFREE2.EXE-0594FFAF.pf 18.04.2010 00:28 25.634 GRAB.EXE-1DCA018D.pf 18.04.2010 00:14 72.456 UTORRENT.EXE-0C55C4F5.pf 17.04.2010 21:15 26.860 WIAACMGR.EXE-212ED878.pf 16.04.2010 13:21 12.308 RUNDLL32.EXE-451FC2C0.pf 15.04.2010 23:19 66.300 WHEREI~1.EXE-29A0CDB7.pf 23.01.2010 16:47 1.166.096 NTOSBOOT-B00DFAAD.pf 27.11.2009 23:21 31.930 AVWSC.EXE-3AC95876.pf 130 Datei(en) 5.774.568 Bytes 0 Verzeichnis(se), 2.430.517.248 Bytes frei ----- Tasks ---------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\WINDOWS\tasks 20.04.2010 17:28 1.088 GoogleUpdateTaskMachineUA.job 20.04.2010 17:11 6 SA.DAT 20.04.2010 16:56 1.014 Google Software Updater.job 20.04.2010 16:55 1.084 GoogleUpdateTaskMachineCore.job 17.08.2004 13:58 65 desktop.ini 5 Datei(en) 3.257 Bytes 0 Verzeichnis(se), 2.430.525.440 Bytes frei ----- Windows/Temp ----------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\WINDOWS\Temp 20.04.2010 16:55 16.384 Perflib_Perfdata_348.dat 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 2.430.525.440 Bytes frei ----- Temp ----------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5447-4858 Verzeichnis von C:\DOKUME~1\jan\LOKALE~1\Temp |
| Themen zu hijack + combofix logs checken |
| 0 bytes, afd.sys, antivir, avg, avgnt, avira, bonjour, browser, combofix, components, desktop, download, einstellungen, explorer, firefox, firefox.exe, fontcache, free download, google earth, gupdate, hijack, home, hotspot, hotspot shield, internet, internet explorer, lan, malwarebytes, mozilla, opera, popup, programme, richtlinie, scan, sptd.sys, suchlauf, system, windows, windows recovery, windows xp, wireless lan, youtube downloader |
Baum-Darstellung