Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner auf PC

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.05.2010, 15:27   #1
Manfred1977
 
Trojaner auf PC - Standard

Trojaner auf PC



Hallo zusammen,

habe mir wohl was eingefangen. Hab gemäß der Anleitung die Bereinigung durchgeführt und dann Malwarbytes ausgeführt.

Zitat:
Hier die Log-Datei:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4103

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

15.05.2010 15:08:51
mbam-log-2010-05-15 (15-08-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138168
Laufzeit: 7 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\User\Favorites\Free - Stream (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwzuc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Was muss ich jetzt tun?
Danke schonmal im voraus.

Alt 15.05.2010, 15:37   #2
Manfred1977
 
Trojaner auf PC - Standard

Trojaner auf PC



hier jetzt die log.txt von RSIT:

Zitat:
Logfile of random's system information tool 1.07 (written by random/random)
Run by Stefan at 2010-05-15 15:30:04
Microsoft® Windows Vista™ Home Premium
System drive C: has 18 GB (19%) free of 95 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:30:08, on 15.05.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\WinSuite\strtfx.exe
C:\Program Files\WinSuite\sndml.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Stefan\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [strtfx] "C:\Program Files\WinSuite\strtfx.exe"
O4 - HKLM\..\Run: [sndml] "C:\Program Files\WinSuite\sndml.exe"
O4 - HKLM\..\Run: [ActiveFax Terminal Server] C:\Program Files\ActiveFax\Terminal\TSClientB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [FaxStart] "C:\Program Files\WinSuite\Fax.exe" /pt systemstart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [FRITZ!protect] FwebProt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [FRITZ!protect] FwebProt.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActiveFax-Server-Dienst (ActiveFaxServiceNT) - ActFax Communication - C:\Program Files\ActiveFax\Server\ActSrvNT.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Freenet background service_2 (freenet_2) - Unknown owner - C:\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Freenet background service_4 (freenet_4) - Unknown owner - E:\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RelayFax Server Engine (RelayFax) - Alt-N Technologies, Ltd. - C:\PROGRA~1\RelayFax\App\RFEngine.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10496 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-04-16 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
softonic-de3 Toolbar - C:\Program Files\softonic-de3\tbsoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 263280]
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - softonic-de3 Toolbar - C:\Program Files\softonic-de3\tbsoft.dll [2010-03-17 2355224]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-07-12 1006264]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
"NDSTray.exe"=NDSTray.exe []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2001-10-09 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2001-10-04 331830]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-10-04 28738]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"PDFPrint"=C:\Program Files\pdf24\pdf24.exe [2010-02-22 207504]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"strtfx"=C:\Program Files\WinSuite\strtfx.exe [2003-10-10 24576]
"sndml"=C:\Program Files\WinSuite\sndml.exe [2005-11-03 32768]
"ActiveFax Terminal Server"=C:\Program Files\ActiveFax\Terminal\TSClientB.exe [2010-05-09 419008]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FaxStart"=C:\Program Files\WinSuite\Fax.exe [2004-05-18 647168]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CAPIControl.lnk - C:\Windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe
Erinnerungen in Microsoft Works-Kalender.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
FRITZ!DSL Startcenter.lnk - C:\Windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-15 15:30:04 ----D---- C:\rsit
2010-05-15 14:51:30 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes
2010-05-15 14:51:12 ----D---- C:\ProgramData\Malwarebytes
2010-05-15 14:51:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-15 14:42:31 ----D---- C:\Program Files\CCleaner
2010-05-09 23:52:22 ----D---- C:\RELAYFAX
2010-05-09 23:51:21 ----A---- C:\Windows\FAXCPP1.INI
2010-05-09 23:51:21 ----A---- C:\Windows\FAXCPP.INI
2010-05-09 23:51:12 ----A---- C:\Windows\RFOIni.ini
2010-05-09 23:51:04 ----A---- C:\Windows\RFRIni.ini
2010-05-09 23:51:02 ----A---- C:\Windows\system32\TIFF32.dll
2010-05-09 23:46:52 ----D---- C:\Users\User\AppData\Roaming\RelayFax
2010-05-09 23:46:01 ----A---- C:\Windows\system32\imgman32.dll
2010-05-09 23:45:59 ----A---- C:\Windows\system32\Bwcc32.dll
2010-05-09 23:45:57 ----A---- C:\Windows\RFPIni.ini
2010-05-09 23:45:56 ----A---- C:\Windows\system32\BuMResNT.dll
2010-05-09 23:45:56 ----A---- C:\Windows\system32\BuMAppNT.exe
2010-05-09 23:45:55 ----A---- C:\Windows\system32\JPEG32.dll
2010-05-09 23:45:55 ----A---- C:\Windows\system32\BuMRmvNT.dll
2010-05-09 23:45:55 ----A---- C:\Windows\system32\BuMMonNT.dll
2010-05-09 23:45:55 ----A---- C:\Windows\system32\BiImgUser.dll
2010-05-09 23:45:39 ----D---- C:\Program Files\RelayFax
2010-05-09 23:18:53 ----A---- C:\Windows\system32\ActiveFax.Cmd
2010-05-09 23:18:52 ----A---- C:\Windows\system32\ActMonRe.dll
2010-05-09 23:18:52 ----A---- C:\Windows\system32\ActMonNT.dll
2010-05-09 23:18:51 ----D---- C:\Program Files\ActiveFax
2010-05-09 23:18:51 ----A---- C:\Windows\UIActFax.exe
2010-05-09 23:18:51 ----A---- C:\Windows\UIActFax.dll
2010-05-09 20:13:05 ----D---- C:\Users\User\AppData\Roaming\PersonalFax
2010-05-09 20:12:15 ----A---- C:\Windows\PFUn.EXE
2010-05-09 20:12:07 ----D---- C:\Program Files\PersonalFax
2010-05-09 20:11:20 ----A---- C:\Windows\IsUn0407.exe
2010-05-09 19:57:52 ----D---- C:\Users\User\AppData\Roaming\FRITZ!
2010-05-09 19:56:33 ----D---- C:\Program Files\FRITZ!DSL
2010-05-09 19:56:33 ----D---- C:\Program Files\Common Files\AVM
2010-05-09 19:55:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-09 18:00:49 ----D---- C:\Users\User\AppData\Roaming\winsuite
2010-05-09 17:57:58 ----A---- C:\_auditt.txt
2010-05-09 17:57:09 ----N---- C:\Windows\system32\WSFAXMON.DLL
2010-05-09 17:57:09 ----A---- C:\Windows\system32\CORFAX.dll
2010-05-09 17:01:14 ----D---- C:\Program Files\WinSuite
2010-05-09 16:54:49 ----A---- C:\Windows\WINPHONE.INI
2010-05-09 16:54:45 ----D---- C:\Program Files\DeTeWe
2010-05-01 15:50:36 ----D---- C:\Program Files\Application Updater
2010-05-01 15:50:35 ----D---- C:\Program Files\pdfforge Toolbar
2010-05-01 15:50:17 ----A---- C:\Windows\system32\pdfcmnnt.dll
2010-05-01 15:50:15 ----D---- C:\Program Files\PDFCreator
2010-05-01 15:50:15 ----A---- C:\Windows\system32\VB6DE.DLL
2010-05-01 15:50:15 ----A---- C:\Windows\system32\MSMPIDE.DLL
2010-05-01 15:50:15 ----A---- C:\Windows\system32\MSCMCDE.DLL
2010-05-01 14:08:58 ----D---- C:\Program Files\Scribus 1.3.3.13
2010-05-01 14:08:55 ----D---- C:\Program Files\Conduit
2010-05-01 14:08:54 ----D---- C:\Program Files\softonic-de3
2010-04-30 15:56:12 ----D---- C:\Users\User\AppData\Roaming\Opera
2010-04-29 11:23:15 ----D---- C:\ProgramData\Adobe Systems
2010-04-29 11:14:01 ----D---- C:\Program Files\Common Files\Adobe Systems Shared

======List of files/folders modified in the last 1 months======

2010-05-15 15:30:06 ----D---- C:\Program Files\trend micro
2010-05-15 15:30:01 ----D---- C:\Windows\temp
2010-05-15 15:13:46 ----D---- C:\Windows\inf
2010-05-15 15:11:49 ----RD---- C:\Users
2010-05-15 15:10:41 ----D---- C:\Windows\system32\drivers
2010-05-15 15:09:30 ----D---- C:\Windows\OEMDrv
2010-05-15 14:51:12 ----RD---- C:\Program Files
2010-05-15 14:51:12 ----D---- C:\ProgramData
2010-05-15 14:15:24 ----D---- C:\Users\User\AppData\Roaming\FileZilla
2010-05-14 12:52:50 ----D---- C:\ProgramData\Adobe
2010-05-14 12:51:54 ----SHD---- C:\Windows\Installer
2010-05-14 12:51:10 ----D---- C:\Program Files\Common Files\Adobe
2010-05-14 12:50:31 ----D---- C:\Program Files\Adobe
2010-05-14 12:50:22 ----D---- C:\Windows\System32
2010-05-14 12:50:19 ----SHD---- C:\System Volume Information
2010-05-14 08:59:52 ----D---- C:\Users\User\AppData\Roaming\vlc
2010-05-13 21:10:07 ----D---- C:\Users\User\AppData\Roaming\ICQ
2010-05-09 23:52:22 ----A---- C:\Windows\win.ini
2010-05-09 23:51:21 ----D---- C:\Windows
2010-05-09 20:49:17 ----D---- C:\Windows\system
2010-05-09 20:13:55 ----D---- C:\Windows\ModemLogs
2010-05-09 19:56:33 ----D---- C:\Program Files\Common Files
2010-05-09 17:57:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-09 03:41:43 ----D---- C:\Windows\Minidump
2010-05-08 13:06:27 ----D---- C:\Windows\Prefetch
2010-05-06 10:36:38 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-01 15:53:41 ----D---- C:\Users\User\AppData\Roaming\Adobe
2010-05-01 15:50:42 ----D---- C:\Windows\winsxs
2010-05-01 10:12:37 ----D---- C:\Windows\system32\catroot2
2010-04-30 16:19:14 ----D---- C:\Program Files\Mozilla Firefox
2010-04-30 16:19:05 ----D---- C:\Program Files\IrfanView
2010-04-30 16:00:20 ----D---- C:\Users\User\AppData\Roaming\gtk-2.0
2010-04-28 11:03:02 ----SD---- C:\Users\User\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CAPI20;Eumex 504PC USB; C:\Windows\system32\drivers\CAPI20.sys [2004-05-17 969124]
R2 DETEWECP;DeTeWe CapiPort; C:\Windows\System32\drivers\detewecp.sys [2001-09-18 38480]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-11-02 3170304]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-11-27 14208]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-10-15 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-07-27 188336]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
S2 gnuftqknioen;gnuftqknioen; \??\C:\Windows\system32\drivers\hrbmvwhahv.sys []
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]
S3 CW100;CW100 Device; C:\Windows\system32\DRIVERS\CW100.sys [2002-05-24 24092]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-11-08 101760]
S3 iComp;Python2 USB WDM Encoder; C:\Windows\system32\DRIVERS\p2usbwdm.sys [2005-08-24 1622144]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 ulisa;DeTeWe ISDN-Adapter (USB); C:\Windows\System32\Drivers\ulisa.sys [2004-05-14 122716]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-11-02 626688]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 IGDCTRL;AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S2 freenet_2;Freenet background service_2; C:\Freenet\bin\wrapper-windows-x86-32.exe -s C:\Freenet\wrapper.conf []
S2 freenet_4;Freenet background service_4; E:\Freenet\bin\wrapper-windows-x86-32.exe -s E:\Freenet\wrapper.conf []
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 ActiveFaxServiceNT;ActiveFax-Server-Dienst; C:\Program Files\ActiveFax\Server\ActSrvNT.exe [2010-05-09 1508544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-04-29 72704]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-05 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RelayFax;RelayFax Server Engine; C:\PROGRA~1\RelayFax\App\RFEngine.exe [2010-03-26 1265732]

-----------------EOF-----------------
__________________


Alt 15.05.2010, 15:41   #3
Manfred1977
 
Trojaner auf PC - Standard

Trojaner auf PC



hier die info.txt von Rsit:

Zitat:
info.txt logfile of random's system information tool 1.06 2010-05-15 15:30:09

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
ActiveFax-->C:\Windows\UIActFax.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Any Video Converter Professional 3.0.3-->"C:\Program Files\AnvSoft\Any Video Converter Professional\unins000.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVM FRITZ!DSL-->MsiExec.exe /X{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}
AVS TV Box 1.5.1-->"C:\Program Files\AVS4YOU\AVSTVBox\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Catalyst Control Center - Branding-->MsiExec.exe /I{BC1ADEAD-99F1-4707-B31B-CDB222D5BB68}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7
CD/DVD Label Printer LPCW-100-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}\Setup.exe" -uninst anything
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Das Fussball Studio 7.5.1-->"C:\Program Files\Das Fussball Studio\uninst\unins000.exe"
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
DVDx 2-->"C:\Program Files\DVDx\unins000.exe"
EA SPORTS online 2006-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
Eraser 5.8.7-->"C:\Program Files\Eraser\unins000.exe"
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free FLV Converter V 6.7.4-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free M4a to MP3 Converter 6.1-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Free Video to Mp3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
FreeStar Free Video Converter 9.0.1-->C:\Program Files\freestar\fvc\uninst.exe
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GPL Ghostscript 8.70-->c:\program files\gs\uninstgs.exe "c:\program files\gs\gs8.70\uninstal.txt"
Grabster AV 400-->MsiExec.exe /I{1E61538A-D482-4252-BBB7-D892FD52FC50}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IBP 11.5-->"C:\Program Files\IBP 11\unins000.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InfoRapid Suchen & Ersetzen-->C:\PROGRA~1\seRapid\UNWISE.EXE C:\PROGRA~1\seRapid\INSTALL.LOG
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kate's Video Converter 2.8.0-->"C:\Program Files\Kate's Video Converter\unins000.exe"
MAGIX Digital Foto Maker SE 4.1.0.835 (D)-->C:\Program Files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
MAGIX Foto Suite 1.12.0.89 (D)-->C:\Program Files\MAGIX\Foto_Suite\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
MAGIX video deLuxe 2003 2004 PLUS-->C:\MAGIX\video_deLuxe_2003_2004_PLUS\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002-Setup-Start-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe F:\
Microsoft Works 6.0-->MsiExec.exe /I{ED5EDCD0-5745-4B13-8061-58C9833FD06D}
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{f1861f30-3419-44db-b2a1-c274825698b3}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF24 Creator-->"C:\Program Files\pdf24\unins001.exe"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
Perfect Ace 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3735A109-7039-446B-BB91-19925EE32BE1} /l1031
PersonalFax 1.50-->C:\Windows\PFUn.EXE /UnInst:"C:\Windows\PersonalFax_Uninstall.in"
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RelayFax Printer Driver + SMTP Client-->C:\PROGRA~1\RelayFax\App\UNWISE.EXE C:\PROGRA~1\RelayFax\App\INSTALL.LOG
RelayFax PRO-->C:\PROGRA~1\RelayFax\App\UNWISE.EXE C:\PROGRA~1\RelayFax\App\SRVINSTALL.LOG
Scribus 1.3.3.13-->C:\Program Files\Scribus 1.3.3.13\uninst.exe
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
softonic-de3 Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SuperMailer 4.90-->C:\Windows\SMUn.EXE /UnInst:"C:\Windows\SuperMailer_Uninstall.in"
Surf & E-Mail-Stick-->C:\Program Files\Surf & E-Mail-Stick\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TA 33 USB-->MsiExec.exe /I{0B2FF6D9-359D-4481-8A0D-43A674B665C9}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
Ulead DVD PowerTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}\setup.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Videoload Manager 2.0.2171-->C:\Program Files\Videoload Manager\fluxDVDCustomClientUninst.exe
Virtua Tennis(TM) 2009-->"C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -runfromtemp -l0x0007 -removeonly
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Warcraft II BNE-->C:\Windows\W2BNEUnin.exe C:\Windows\W2BNEUnin.dat
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinSuite-->"C:\Program Files\WinSuite\uninstall.exe"
XMedia Recode 2.1.2.9-->C:\Program Files\XMedia Recode\uninst.exe
XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"

======Security center information======

AV: AntiVir Desktop
AS: AntiVir Desktop
AS: Windows-Defender

======System event log======

Computer Name: User
Event Code: 102
Message: Der Dienst hat das Veröffentlichen aufgrund eines Stromversorgungsereignisses vorübergehend beendet.
Record Number: 232174
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20100515131450.728191-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: User
Event Code: 7036
Message: Dienst "Geschützter Speicher" befindet sich jetzt im Status "Ausgeführt".
Record Number: 232175
Source Name: Service Control Manager
Time Written: 20100515131512.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 10029
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 232176
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100515132626.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 232177
Source Name: Service Control Manager
Time Written: 20100515132626.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 232178
Source Name: Service Control Manager
Time Written: 20100515132827.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: User
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 41478
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100515131157.022791-000
Event Type: Informationen
User: User\User

Computer Name: User
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 41479
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100515131157.521991-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: User
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 41480
Source Name: SecurityCenter
Time Written: 20100515131411.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 102
Message: WinMail (1112) WindowsMail0: The database engine (6.00.6000.0000) started a new instance (0).
Record Number: 41481
Source Name: ESENT
Time Written: 20100515131511.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 103
Message: WinMail (1112) WindowsMail0: The database engine stopped the instance (0).
Record Number: 41482
Source Name: ESENT
Time Written: 20100515132943.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: User
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 50645
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515131157.241191-000
Event Type: Überwachung gescheitert
User:

Computer Name: User
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys
Record Number: 50646
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515131920.583191-000
Event Type: Überwachung gescheitert
User:

Computer Name: User
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: User$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x2c8
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 50647
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515132624.605391-000
Event Type: Überwachung erfolgreich
User:

Computer Name: User
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: User$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x2c8
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 50648
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515132624.605391-000
Event Type: Überwachung erfolgreich
User:

Computer Name: User
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 50649
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515132624.605391-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
__________________

Alt 15.05.2010, 17:02   #4
Manfred1977
 
Trojaner auf PC - Standard

Trojaner auf PC



kann jemand was mit den Logs anfangen?
Ist der Trojaner jetzt entfernt?

Antwort

Themen zu Trojaner auf PC
anleitung, anti-malware, appdata, backdoor.bot, bösartige, dateien, durchgeführt, explorer, free, hallo zusammen, loader, log-datei, microsoft, minute, roaming, schonmal, software, start, start menu, startup, stream, troja, trojan.downloader, trojaner, users, version, verzeichnisse, zusammen



Zum Thema Trojaner auf PC - Hallo zusammen, habe mir wohl was eingefangen. Hab gemäß der Anleitung die Bereinigung durchgeführt und dann Malwarbytes ausgeführt. Zitat: Hier die Log-Datei: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4103 Windows - Trojaner auf PC...
Archiv
Du betrachtest: Trojaner auf PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.