| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.07.2010, 07:37
| #1 |
| |  TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) Hallo zusammen, im Zuge meiner Recherche bin ich auf dieses Forum gestoßen. Hat mir schon viel weitergeholfen. Ich habe insgesamt 2 Probleme: Laptop und Desktop. Ich fange mal mit dem Laptop an: Avira hat beim Suchlauf verschiedene Viren/Trojaner im TEMP-Verzeichnis bzw. im Temporary Internet Files gefunden. Und ich kann die nicht dauerhaft löschen. Sie kommen immer wieder. Außerdem bringt Avira nach jedem Start auch 2 bis 3 gefundene Malware. - CC Cleaner ausgeführt - Malwarebytes-Bericht anbei (Ergebnis ähnlich zu Avira, daher hier nur das Malware-Log) - RSIT-Log anbei Für Hilfe wäre ich wirklich dankbar. Gruß Rainer PS: Dies ist mein erster Beitrag, falls ich was vergessen habe - vergebt mir. Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19.07.2010 08:17:22 mbam-log-2010-07-19 (08-17-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 129685 Laufzeit: 9 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: C:\WINDOWS\system32\system.exe (Spyware.OnlineGames) -> Unloaded process successfully. Infizierte Speichermodule: C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\164581.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\3462444.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\686754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\859537.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv141279360189.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv211279361246.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> Quarantined and deleted successfully. C:\WINDOWS\system32\system.exe (Spyware.OnlineGames) -> Delete on reboot. C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\180.exe (Trojan.Cinmus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\csrss.exe (Trojan.Agent) -> Delete on reboot. Log.txt RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-07-19 08:28:17 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 57 GB (50%) free of 114 GB Total RAM: 958 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:28:29, on 19.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\o2 Verbindungsmanager\BRService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe C:\Programme\iPod\bin\iPodService.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://de.yahoo.com/fsc/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [OdTray.exe] "C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Programme\o2 Verbindungsmanager\BRService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Websense CPM Report Scheduler (jbtei40e1esaijye) - Unknown owner - C:\WINDOWS\system32\memmoojymmoob.exe (file missing) O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- End of file - 7115 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-29 544768] "OdTray.exe"=C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Muscbrigade"=c:\Musicbrigade\Musicbrigade.exe [2005-12-20 40960] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2003-12-29 130560] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-04-28 142120] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\Programme\Yahoo!\Messenger\ypager.exe [2004-08-06 2502656] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart Dropbox.lnk - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient] C:\WINDOWS\system32\odyEvent.dll [2007-03-13 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-07-19 08:23:15 ----D---- C:\Programme\trend micro 2010-07-19 08:23:14 ----D---- C:\rsit 2010-07-19 08:05:18 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-19 08:05:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:01 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-19 08:05:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-19 07:43:45 ----D---- C:\Programme\CCleaner 2010-07-18 23:43:51 ----D---- C:\WINDOWS\system32\NtmsData 2010-07-18 23:28:22 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira 2010-07-18 23:27:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-07-18 23:26:54 ----D---- C:\Programme\Avira 2010-07-18 23:26:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-07-18 18:26:02 ----D---- C:\WINDOWS\Prefetch 2010-07-18 18:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-07-18 18:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-18 18:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-07-18 18:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-18 18:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-18 18:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-07-18 18:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-07-18 18:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-07-18 18:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-07-18 18:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-07-18 18:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-07-18 18:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-07-18 18:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-07-18 18:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-18 18:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-07-18 18:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-07-18 18:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-07-18 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-07-18 18:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-07-18 18:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-07-18 18:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-07-18 18:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-07-18 18:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-07-18 18:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-07-18 18:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-07-18 18:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-07-18 18:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-07-18 18:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-07-18 18:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-07-18 18:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-07-18 18:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-07-18 18:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-07-18 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-07-18 18:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-07-18 18:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-07-18 18:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-07-18 18:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-07-18 18:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-07-18 18:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-07-18 18:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-07-18 18:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-07-18 18:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-07-18 18:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-07-18 18:18:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-07-18 18:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-07-18 18:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-07-18 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-07-18 18:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-07-18 18:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-07-18 18:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-07-18 18:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-07-18 18:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-07-18 18:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-07-18 18:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-07-18 18:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-07-18 18:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-07-18 18:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-07-18 18:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-07-18 18:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-18 18:12:41 ----D---- C:\WINDOWS\l2schemas 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\de 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\bits 2010-07-18 18:07:04 ----D---- C:\WINDOWS\network diagnostic 2010-07-18 18:01:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-07-18 18:01:43 ----D---- C:\WINDOWS\EHome 2010-07-18 17:49:58 ----D---- C:\WINDOWS\ie8updates 2010-07-18 12:24:11 ----D---- C:\0306c4323e4d491ffa9f1f30 2010-07-18 11:56:27 ----D---- C:\WINDOWS\WBEM 2010-07-18 11:55:03 ----HDC---- C:\WINDOWS\ie8 2010-07-18 11:54:02 ----A---- C:\WINDOWS\system32\MRT.exe 2010-07-17 22:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$ 2010-07-17 22:11:55 ----D---- C:\WINDOWS\system32\de-DE 2010-07-17 12:36:53 ----RSH---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yjty.exe 2010-07-15 18:48:36 ----D---- C:\c91d2f7368e4b1d2a872 2010-07-15 11:51:58 ----A---- C:\WINDOWS\system32\SystemHelper.exe 2010-07-11 16:31:34 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem.txt 2010-07-11 12:34:54 ----A---- C:\WINDOWS\system32\drivers\br3gmdm.sys 2010-07-11 12:34:44 ----D---- C:\Programme\o2 Verbindungsmanager ======List of files/folders modified in the last 1 months====== 2010-07-19 08:27:56 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox 2010-07-19 08:27:47 ----D---- C:\WINDOWS\Temp 2010-07-19 08:27:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-19 08:27:33 ----D---- C:\WINDOWS 2010-07-19 08:27:30 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt 2010-07-19 08:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-19 08:23:15 ----RAD---- C:\Programme 2010-07-19 08:19:28 ----AD---- C:\WINDOWS\system32 2010-07-19 08:19:27 ----D---- C:\WINDOWS\system32\drivers 2010-07-19 07:49:17 ----D---- C:\WINDOWS\Debug 2010-07-19 07:49:15 ----D---- C:\WINDOWS\Minidump 2010-07-19 00:52:37 ----SHD---- C:\System Volume Information 2010-07-18 23:56:38 ----D---- C:\WINDOWS\Registration 2010-07-18 23:44:23 ----HD---- C:\WINDOWS\inf 2010-07-18 23:43:51 ----D---- C:\WINDOWS\repair 2010-07-18 23:25:04 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2010-07-18 23:19:15 ----SHD---- C:\WINDOWS\Installer 2010-07-18 23:19:14 ----D---- C:\WINDOWS\WinSxS 2010-07-18 23:19:12 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-07-18 21:13:22 ----D---- C:\MAGIX 2010-07-18 21:13:21 ----D---- C:\WINDOWS\system32\MAGIX 2010-07-18 20:10:01 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-07-18 18:31:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-18 18:25:26 ----D---- C:\WINDOWS\system32\Setup 2010-07-18 18:25:26 ----D---- C:\WINDOWS\AppPatch 2010-07-18 18:25:25 ----D---- C:\WINDOWS\system32\wbem 2010-07-18 18:25:24 ----RSD---- C:\WINDOWS\Fonts 2010-07-18 18:24:45 ----D---- C:\WINDOWS\security 2010-07-18 18:23:53 ----D---- C:\WINDOWS\system32\CatRoot 2010-07-18 18:23:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-18 18:22:48 ----D---- C:\Programme\Outlook Express 2010-07-18 18:22:00 ----D---- C:\Programme\Movie Maker 2010-07-18 18:13:02 ----D---- C:\Programme\Messenger 2010-07-18 18:12:59 ----D---- C:\WINDOWS\ime 2010-07-18 18:12:59 ----D---- C:\WINDOWS\Help 2010-07-18 18:12:41 ----D---- C:\WINDOWS\system32\usmt 2010-07-18 18:12:41 ----D---- C:\Programme\Internet Explorer 2010-07-18 18:12:40 ----D---- C:\WINDOWS\PeerNet 2010-07-18 18:09:50 ----D---- C:\WINDOWS\ServicePackFiles 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\Restore 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\npp 2010-07-18 18:09:42 ----D---- C:\WINDOWS\msagent 2010-07-18 18:09:40 ----D---- C:\WINDOWS\srchasst 2010-07-18 18:09:39 ----D---- C:\Programme\NetMeeting 2010-07-18 18:09:37 ----D---- C:\WINDOWS\system32\Com 2010-07-18 18:09:34 ----D---- C:\Programme\Windows Media Player 2010-07-18 18:09:33 ----D---- C:\Programme\Windows NT 2010-07-18 18:09:28 ----D---- C:\Programme\Gemeinsame Dateien\System 2010-07-18 18:09:09 ----AD---- C:\WINDOWS\system32\oobe 2010-07-18 18:09:06 ----D---- C:\WINDOWS\system 2010-07-18 18:05:23 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-07-18 17:50:39 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-18 11:56:30 ----D---- C:\WINDOWS\system32\config 2010-07-18 11:56:15 ----D---- C:\WINDOWS\Media 2010-07-17 22:19:35 ----RSD---- C:\WINDOWS\assembly 2010-07-17 22:12:53 ----D---- C:\WINDOWS\Microsoft.NET 2010-07-17 21:59:38 ----D---- C:\WINDOWS\system32\en-US 2010-07-17 21:59:22 ----D---- C:\Programme\Microsoft.NET 2010-07-11 12:34:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-06-29 22:18:59 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype 2010-06-28 18:55:18 ----D---- C:\Programme\Mozilla Firefox 2010-06-28 13:13:02 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;iaStor; C:\WINDOWS\system32\drivers\iaStor.sys [2005-10-12 874240] R0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2005-08-18 93568] R0 nvraid;nvraid; C:\WINDOWS\system32\drivers\nvraid.sys [2005-08-18 77056] R0 SiSRaid2;SiSRaid2; C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 30976] R0 uagp35;Microsoft AGPv3.5-Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672] R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904] R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2005-11-23 92672] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-31 3960896] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168] R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-11 923826] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-09 248704] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB; C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-12-23 104448] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 PcdrNt;PcdrNt; C:\WINDOWS\System32\drivers\PcdrNt.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 BandLuxe_Service;BandLuxe Service; C:\Programme\o2 Verbindungsmanager\BRService.exe [2009-06-14 87264] R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSSQLSERVER;MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337] R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-04-28 545576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 jbtei40e1esaijye;Websense CPM Report Scheduler; C:\WINDOWS\system32\memmoojymmoob.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- Info.txt. RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-07-19 08:28:17 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 57 GB (50%) free of 114 GB Total RAM: 958 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:28:29, on 19.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\o2 Verbindungsmanager\BRService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe C:\Programme\iPod\bin\iPodService.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\trend micro\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*hxxp://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://de.yahoo.com/fsc/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [OdTray.exe] "C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Programme\o2 Verbindungsmanager\BRService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Websense CPM Report Scheduler (jbtei40e1esaijye) - Unknown owner - C:\WINDOWS\system32\memmoojymmoob.exe (file missing) O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe -- End of file - 7115 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840] "VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-29 544768] "OdTray.exe"=C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Muscbrigade"=c:\Musicbrigade\Musicbrigade.exe [2005-12-20 40960] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2003-12-29 130560] "QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-04-28 142120] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"=C:\Programme\Yahoo!\Messenger\ypager.exe [2004-08-06 2502656] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart Dropbox.lnk - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient] C:\WINDOWS\system32\odyEvent.dll [2007-03-13 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-07-19 08:23:15 ----D---- C:\Programme\trend micro 2010-07-19 08:23:14 ----D---- C:\rsit 2010-07-19 08:05:18 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-19 08:05:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-19 08:05:01 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-19 08:05:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-19 07:43:45 ----D---- C:\Programme\CCleaner 2010-07-18 23:43:51 ----D---- C:\WINDOWS\system32\NtmsData 2010-07-18 23:28:22 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira 2010-07-18 23:27:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-07-18 23:27:00 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-07-18 23:26:54 ----D---- C:\Programme\Avira 2010-07-18 23:26:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-07-18 18:26:02 ----D---- C:\WINDOWS\Prefetch 2010-07-18 18:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-07-18 18:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-18 18:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-07-18 18:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-18 18:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-18 18:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-07-18 18:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-07-18 18:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-07-18 18:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-07-18 18:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-07-18 18:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-07-18 18:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-07-18 18:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-07-18 18:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-18 18:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-07-18 18:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-07-18 18:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-07-18 18:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-07-18 18:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-07-18 18:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-07-18 18:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-07-18 18:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-07-18 18:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-07-18 18:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-07-18 18:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-07-18 18:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-07-18 18:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-07-18 18:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-07-18 18:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-07-18 18:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-07-18 18:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-07-18 18:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-07-18 18:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-07-18 18:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-07-18 18:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-07-18 18:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-07-18 18:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-07-18 18:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-07-18 18:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-07-18 18:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-07-18 18:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-07-18 18:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-07-18 18:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-07-18 18:18:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-07-18 18:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-07-18 18:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-07-18 18:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-07-18 18:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-07-18 18:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$ 2010-07-18 18:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-07-18 18:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-07-18 18:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-07-18 18:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-07-18 18:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-07-18 18:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-07-18 18:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-07-18 18:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-07-18 18:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-07-18 18:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-18 18:12:41 ----D---- C:\WINDOWS\l2schemas 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\de 2010-07-18 18:12:40 ----D---- C:\WINDOWS\system32\bits 2010-07-18 18:07:04 ----D---- C:\WINDOWS\network diagnostic 2010-07-18 18:01:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-07-18 18:01:43 ----D---- C:\WINDOWS\EHome 2010-07-18 17:49:58 ----D---- C:\WINDOWS\ie8updates 2010-07-18 12:24:11 ----D---- C:\0306c4323e4d491ffa9f1f30 2010-07-18 11:56:27 ----D---- C:\WINDOWS\WBEM 2010-07-18 11:55:03 ----HDC---- C:\WINDOWS\ie8 2010-07-18 11:54:02 ----A---- C:\WINDOWS\system32\MRT.exe 2010-07-17 22:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$ 2010-07-17 22:11:55 ----D---- C:\WINDOWS\system32\de-DE 2010-07-17 12:36:53 ----RSH---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yjty.exe 2010-07-15 18:48:36 ----D---- C:\c91d2f7368e4b1d2a872 2010-07-15 11:51:58 ----A---- C:\WINDOWS\system32\SystemHelper.exe 2010-07-11 16:31:34 ----A---- C:\WINDOWS\ModemLog_BandLuxe 3.5G HSDPA Modem.txt 2010-07-11 12:34:54 ----A---- C:\WINDOWS\system32\drivers\br3gmdm.sys 2010-07-11 12:34:44 ----D---- C:\Programme\o2 Verbindungsmanager ======List of files/folders modified in the last 1 months====== 2010-07-19 08:27:56 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox 2010-07-19 08:27:47 ----D---- C:\WINDOWS\Temp 2010-07-19 08:27:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-19 08:27:33 ----D---- C:\WINDOWS 2010-07-19 08:27:30 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt 2010-07-19 08:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-19 08:23:15 ----RAD---- C:\Programme 2010-07-19 08:19:28 ----AD---- C:\WINDOWS\system32 2010-07-19 08:19:27 ----D---- C:\WINDOWS\system32\drivers 2010-07-19 07:49:17 ----D---- C:\WINDOWS\Debug 2010-07-19 07:49:15 ----D---- C:\WINDOWS\Minidump 2010-07-19 00:52:37 ----SHD---- C:\System Volume Information 2010-07-18 23:56:38 ----D---- C:\WINDOWS\Registration 2010-07-18 23:44:23 ----HD---- C:\WINDOWS\inf 2010-07-18 23:43:51 ----D---- C:\WINDOWS\repair 2010-07-18 23:25:04 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2010-07-18 23:19:15 ----SHD---- C:\WINDOWS\Installer 2010-07-18 23:19:14 ----D---- C:\WINDOWS\WinSxS 2010-07-18 23:19:12 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-07-18 21:13:22 ----D---- C:\MAGIX 2010-07-18 21:13:21 ----D---- C:\WINDOWS\system32\MAGIX 2010-07-18 20:10:01 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-07-18 18:31:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-18 18:25:26 ----D---- C:\WINDOWS\system32\Setup 2010-07-18 18:25:26 ----D---- C:\WINDOWS\AppPatch 2010-07-18 18:25:25 ----D---- C:\WINDOWS\system32\wbem 2010-07-18 18:25:24 ----RSD---- C:\WINDOWS\Fonts 2010-07-18 18:24:45 ----D---- C:\WINDOWS\security 2010-07-18 18:23:53 ----D---- C:\WINDOWS\system32\CatRoot 2010-07-18 18:23:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-18 18:22:48 ----D---- C:\Programme\Outlook Express 2010-07-18 18:22:00 ----D---- C:\Programme\Movie Maker 2010-07-18 18:13:02 ----D---- C:\Programme\Messenger 2010-07-18 18:12:59 ----D---- C:\WINDOWS\ime 2010-07-18 18:12:59 ----D---- C:\WINDOWS\Help 2010-07-18 18:12:41 ----D---- C:\WINDOWS\system32\usmt 2010-07-18 18:12:41 ----D---- C:\Programme\Internet Explorer 2010-07-18 18:12:40 ----D---- C:\WINDOWS\PeerNet 2010-07-18 18:09:50 ----D---- C:\WINDOWS\ServicePackFiles 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\Restore 2010-07-18 18:09:43 ----D---- C:\WINDOWS\system32\npp 2010-07-18 18:09:42 ----D---- C:\WINDOWS\msagent 2010-07-18 18:09:40 ----D---- C:\WINDOWS\srchasst 2010-07-18 18:09:39 ----D---- C:\Programme\NetMeeting 2010-07-18 18:09:37 ----D---- C:\WINDOWS\system32\Com 2010-07-18 18:09:34 ----D---- C:\Programme\Windows Media Player 2010-07-18 18:09:33 ----D---- C:\Programme\Windows NT 2010-07-18 18:09:28 ----D---- C:\Programme\Gemeinsame Dateien\System 2010-07-18 18:09:09 ----AD---- C:\WINDOWS\system32\oobe 2010-07-18 18:09:06 ----D---- C:\WINDOWS\system 2010-07-18 18:05:23 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-07-18 17:50:39 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-18 11:56:30 ----D---- C:\WINDOWS\system32\config 2010-07-18 11:56:15 ----D---- C:\WINDOWS\Media 2010-07-17 22:19:35 ----RSD---- C:\WINDOWS\assembly 2010-07-17 22:12:53 ----D---- C:\WINDOWS\Microsoft.NET 2010-07-17 21:59:38 ----D---- C:\WINDOWS\system32\en-US 2010-07-17 21:59:22 ----D---- C:\Programme\Microsoft.NET 2010-07-11 12:34:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-06-29 22:18:59 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype 2010-06-28 18:55:18 ----D---- C:\Programme\Mozilla Firefox 2010-06-28 13:13:02 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;iaStor; C:\WINDOWS\system32\drivers\iaStor.sys [2005-10-12 874240] R0 nvatabus;nvatabus; C:\WINDOWS\system32\drivers\nvatabus.sys [2005-08-18 93568] R0 nvraid;nvraid; C:\WINDOWS\system32\drivers\nvraid.sys [2005-08-18 77056] R0 SiSRaid2;SiSRaid2; C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 30976] R0 uagp35;Microsoft AGPv3.5-Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672] R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904] R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2005-11-23 92672] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-31 3960896] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-05 463168] R3 EKBfltr;ENE Keyboard Controller; C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-11 923826] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-09 248704] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB; C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-12-23 104448] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 PcdrNt;PcdrNt; C:\WINDOWS\System32\drivers\PcdrNt.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 BandLuxe_Service;BandLuxe Service; C:\Programme\o2 Verbindungsmanager\BRService.exe [2009-06-14 87264] R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSSQLSERVER;MSSQLSERVER; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337] R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-04-28 545576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 jbtei40e1esaijye;Websense CPM Report Scheduler; C:\WINDOWS\system32\memmoojymmoob.exe [] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- |
| Themen zu TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart) |
| adobe, antivir guard, antivirus scan, bho, bonjour, browser, canon, cc cleaner, dropbox, einstellungen, excel, explorer, fontcache, hijackthis, hkus\s-1-5-18, home, iastor.sys, internet, microsoft, mozilla, mssql, msvcrt, opera.exe, ordner, programme, realtek, registry, server, software, spyware.onlinegames, symantec, system, temp, tr/crypt.zpack.gen, tr/spy., tr/spy.244736.13, trojan.cinmus, windows xp, winlogon |
Baum-Darstellung