Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Brauche Hilfe, irgendwas stimmt nicht (https://www.trojaner-board.de/72304-brauche-hilfe-irgendwas-stimmt.html)

GerdKueller 23.04.2009 09:11
ZHP Diad
Code:
Rapport de ZHPDiag v1.19 par Nicolas Coolman
Enregistré le 23.04.2009 10:07:11
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.11

---\\ Processus lancés
rundll32.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\jre6\bin\jusched.exe
sm56hlpr.exe
SkyTel.EXE
RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\igfxtray.exe
ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TomTom HOME 2\HOMERunner.exe
C:\Programme\Ahead\Nero BackItUp\NBJ.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur(O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: 1 - {855F3B16-6D32-4fe6-8A56-BBB695989046} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Fabian Küller\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Windows Messenger - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\Messenger\msmsgs.exe,302
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe,302

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207766105812
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {99C4B3C5-166D-4B6B-8305-C59FB5AF5BF6} (ConvisionVideoStream Control) - http://mail.almesberger.at/ConvisionVideo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

---\\ Piratage de domaine (Lop.com) (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{222542B0-FEE6-4CD3-AF58-98A798F88716}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{60ABE0CC-BA10-420F-8202-0D25E7E4A3A9}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD791768-6D7A-4526-A39B-5A3AF543AD5A}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{222542B0-FEE6-4CD3-AF58-98A798F88716}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{60ABE0CC-BA10-420F-8202-0D25E7E4A3A9}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{AD791768-6D7A-4526-A39B-5A3AF543AD5A}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\..\{222542B0-FEE6-4CD3-AF58-98A798F88716}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\..\{60ABE0CC-BA10-420F-8202-0D25E7E4A3A9}: 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\..\{AD791768-6D7A-4526-A39B-5A3AF543AD5A}: 85.255.112.124,85.255.112.233

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: C:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

O20 - AppInit_DLLs:C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1}
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Programme\Java\jre6\bin\jqs.exe -service -config C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: Die derzeitige Homepage - file:About:Home

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Browseranpassungen - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Vektorgrafik-Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML-Datenbindung für Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Erweitertes Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Webordner - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Adressbuch 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Windows Desktop-Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Taskplaner - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - (not file)
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {E78BFA60-5393-4C38-82AB-E8019E464EB4} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Microsoft Kernel-Echounterdrückung (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Intel AGP-Bus-Filter (agp440) - C:\WINDOWS\system32\DRIVERS\agp440.sys
O41 - Driver: Compaq AGP-Bus-Filter (agpCPQ) - C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
O41 - Driver: ALI AGP-Bus-Filter (alim1541) - C:\WINDOWS\system32\DRIVERS\alim1541.sys
O41 - Driver: AMD AGP-Bus-Filtertreiber (amdagp) - C:\WINDOWS\system32\DRIVERS\amdagp.sys
O41 - Driver: AMD K7-Prozessortreiber (AmdK7) - C:\WINDOWS\system32\DRIVERS\amdk7.sys
O41 - Driver: Asynchroner RAS -Medientreiber (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protokoll für ATM ARP-Client (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Audiostubtreiber (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: avgio (avgio) - C:\Programme\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\WINDOWS\system32\DRIVERS\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Bluetooth-Auflistungsdienst (BthEnum) - C:\WINDOWS\system32\DRIVERS\BthEnum.sys
O41 - Driver: Bluetooth-Gerät (PAN) (BthPan) - C:\WINDOWS\system32\DRIVERS\bthpan.sys
O41 - Driver: Bluetooth-Porttreiber (BTHPORT) - C:\WINDOWS\System32\Drivers\BTHport.sys
O41 - Driver: USB-Treiber für Bluetooth-Funkgerät (BTHUSB) - C:\WINDOWS\System32\Drivers\BTHUSB.sys
O41 - Driver: cbidf (cbidf) - C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
O41 - Driver: Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Microsoft Composite Battery-Treiber (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: dac2w2k (dac2w2k) - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Treiber für die Verwaltung logischer Datenträger (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel-DLS-Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: EagleNT (EagleNT) - C:\WINDOWS\system32\drivers\EagleNT.sys
O41 - Driver: (no object) (EMSCR) - C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
O41 - Driver: (no object) (ESDCR) - C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
O41 - Driver: VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber (FETNDIS) - C:\WINDOWS\system32\DRIVERS\fetnd5.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: GEARAspiWDM (GEARAspiWDM) - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O41 - Driver: Standardpaketklassifizierung (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Microsoft UAA-Bustreiber für High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Microsoft HID Class-Treiber (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: i8042-Tastatur- und PS/2-Mausanschluss-Treiber (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (no object) (ialm) - C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
O41 - Driver: Intel AHCI Controller (iaStor) - C:\WINDOWS\system32\DRIVERS\iaStor.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: Intel-Prozessortreiber (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: IPv6-Windows-Firewalltreiber (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: Filtertreiber für IP-Verkehr (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP/IP-Tunneltreiber (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: IPSEC-Treiber (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: IR-Enumeratordienst (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Microsoft Kernel-Waveaudiomixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Lbd (Lbd) - C:\WINDOWS\system32\DRIVERS\Lbd.sys
O41 - Driver: Maus-HID-Treiber (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirector für WebDav-Client (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft-Systemverwaltungs-BIOS-Treiber (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: RAS-NDIS-TAPI-Treiber (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS-Benutzermodus-E/A-Protokoll (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: RAS-NDIS-WAN-Treiber (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS-Schnittstelle (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBios über TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit (NETw3x32) - C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
O41 - Driver: Filtertreiber für IPX-Verkehr (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Treiber für IPX-Verkehrsweiterleitung (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: WAN-Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: QoS-Paketplaner (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Treiber für direkte Parallelverbindung (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Treiber für automatische RAS-Verbindung (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: WAN-Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Remotezugriff-PPPOE-Treiber (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallelanschluss (direkt) (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Treiber für Terminalserver-Geräteumleitung (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Filtertreiber für digitale CD-Audiowiedergabe (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Bluetooth-Gerät (RFCOMM-Protokoll-TDI) (RFCOMM) - C:\WINDOWS\system32\DRIVERS\rfcomm.sys
O41 - Driver: (no object) (S3SavageNB) - C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
O41 - Driver: (no object) (sdbus) - C:\WINDOWS\system32\DRIVERS\sdbus.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: SFF-Speicherklassentreiber (sffdisk) - C:\WINDOWS\system32\DRIVERS\sffdisk.sys
O41 - Driver: SFF-Speicherprotokolltreiber für SDBus (sffp_sd) - C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
O41 - Driver: SIS AGP-Bus-Filter (sisagp) - C:\WINDOWS\system32\DRIVERS\sisagp.sys
O41 - Driver: (no object) (smserial) - C:\WINDOWS\system32\DRIVERS\smserial.sys
O41 - Driver: Microsoft Kernel-Audiosplitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Filtertreiber für Systemwiederherstellung (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Software-Bus-Treiber (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Microsoft Kernel GS Wavetablesynthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Synaptics TouchPad Driver (SynTP) - C:\WINDOWS\system32\DRIVERS\SynTP.sys
O41 - Driver: Microsoft Kernel-Systemaudiogerät (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: TCP/IP-Protokolltreiber (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: TOSHIBA Bluetooth HID port driver (toshidpt) - C:\WINDOWS\system32\drivers\Toshidpt.sys
O41 - Driver: Bluetooth Port Driver from Toshiba (tosporte) - C:\WINDOWS\system32\DRIVERS\tosporte.sys
O41 - Driver: Bluetooth RFBUS from TOSHIBA (Tosrfbd) - C:\WINDOWS\System32\Drivers\tosrfbd.sys
O41 - Driver: Bluetooth RFBNEP from TOSHIBA (Tosrfbnp) - C:\WINDOWS\System32\Drivers\tosrfbnp.sys
O41 - Driver: Bluetooth RFHID from TOSHIBA (Tosrfhid) - C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
O41 - Driver: Bluetooth Personal Area Network from TOSHIBA (tosrfnds) - C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
O41 - Driver: Bluetooth Audio Device (WDM) from TOSHIBA (TosRfSnd) - C:\WINDOWS\system32\drivers\TosRfSnd.sys
O41 - Driver: Bluetooth USB Controller (Tosrfusb) - C:\WINDOWS\System32\Drivers\tosrfusb.sys
O41 - Driver: Microcode Updatetreiber (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: USB2-aktivierter Hub (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: USB-Massenspeichertreiber (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Miniporttreiber für universellen Microsoft USB-Hostcontroller (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP-Bus-Filter (viaagp) - C:\WINDOWS\system32\DRIVERS\viaagp.sys
O41 - Driver: RAS-IP-ARP-Treiber (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (Wbutton) - C:\WINDOWS\system32\drivers\Wbutton.sys
O41 - Driver: Treiber für Microsoft WINMM-WDM-Audiokompatibilität (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
O41 - Driver: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwxp) - C:\WINDOWS\system32\DRIVERS\yk51x86.sys

:

GerdKueller 23.04.2009 09:13
Fortsetzung ZHP Diag
Code:
---\\ Logiciels installés (O42)
O42 - Logiciel: Ad-Aware
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 7.1.0 - Deutsch
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: Bluetooth Stack for Windows by Toshiba
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: ElsterFormular 2006/2007
O42 - Logiciel: ElsterFormular 2007/2008
O42 - Logiciel: FMGate_Trainerbilder_1Bundesliga_FM09
O42 - Logiciel: Football Manager 2009
O42 - Logiciel: GIMP 2.4.6
O42 - Logiciel: Google Desktop
O42 - Logiciel: HeroCodec
O42 - Logiciel: High Definition Audio - KB888111
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Hotfix für Windows Internet Explorer 7 (KB947864)
O42 - Logiciel: ICQ Toolbar
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: IrfanView (remove only)
O42 - Logiciel: IsoBuster 2.2
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 7
O42 - Logiciel: Java(TM) 6 Update 10
O42 - Logiciel: Java(TM) 6 Update 2
O42 - Logiciel: Java(TM) 6 Update 3
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1
O42 - Logiciel: Joe
O42 - Logiciel: Launch Manager V1.4.5
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Mein CeWe Fotobuch
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 1.1 German Language Pack
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Foto 2006 Standard Edition
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft Office Excel Viewer 2003
O42 - Logiciel: Microsoft Office XP Professional mit FrontPage
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Microsoft Word 2002
O42 - Logiciel: Microsoft Works
O42 - Logiciel: Microsoft Works Suite-Add-Ins für Microsoft Word
O42 - Logiciel: Motorola SM56 Data Fax Modem
O42 - Logiciel: Nero Suite
O42 - Logiciel: QuickTime
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: Schlecker Fotoservice
O42 - Logiciel: Screenshot Captor 2.42.01
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Setup-Start von Microsoft Works Suite 2006
O42 - Logiciel: Sicherheitsupdate für Step by Step Interactive Training (KB898458)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 9 (KB917734)
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: Steam
O42 - Logiciel: Synaptics Pointing Device Driver
O42 - Logiciel: Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
O42 - Logiciel: Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
O42 - Logiciel: TomTom HOME 2.5.2.60
O42 - Logiciel: UseNeXT
O42 - Logiciel: VC_MergeModuleToMSI
O42 - Logiciel: WinRAR archiver
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Media Encoder 9 Series
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: iTunes
O42 - Logiciel: jv16 PowerTools 2009

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\advapi32.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bcdadac7_x.xml -->22.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat -->18.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtmsft.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtrans.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\edacded0_x.dat -->22.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\extmgr.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->11.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\html.iec -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\icardie.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ie4uinit.exe -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakeng.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieaksie.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakui.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iedkcs32.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieencode.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iernonce.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\iertutil.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ieudinit.exe -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\inetcpl.cpl -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\jsproxy.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\kernel32.dll -->21.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\lsasrv.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->06.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeeds.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedsbs.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmled.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msrating.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mstime.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntdll.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntkrnlpa.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ntoskrnl.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\occache.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\pdh.dll -->06.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc007.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh007.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->19.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\pngfilt.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\rpcss.dll -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sc.exe -->06.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\secur32.dll -->03.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\services.exe -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\url.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\urlmon.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\webcheck.dll -->20.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WgaLogon.dll -->10.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wininet.dll -->03.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->23.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntdd.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntflt.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntmgr.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avipbb.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ssmdrv.sys -->13.02.2009

GerdKueller 23.04.2009 09:14
Fortsetzung ZHPDiag
Code:
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWSERVICE.EXE-1E1DE6D1.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AAWTRAY.EXE-31E33C30.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-0EC716D9.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-30CEC19C.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-1618EEEB.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALCMTR.EXE-235F9538.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATTRIB.CFEXE-07A4D3CF.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AU_.EXE-09131EBD.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-1D2DB8A2.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCONFIG.EXE-18FA6095.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-31D7686A.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVP.EXE-0ED7EF87.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVSCAN.EXE-25724B6E.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-24612965.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BTWLANDP.EXE-2474BFA7.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CATCHME.CFEXE-0F2A0789.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCLEANER.EXE-065E2F3F.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP218.EXE-3A5FDAEE.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CF23797.EXE-26E53097.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CF3396.EXE-11ECC0F2.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHROME.EXE-19A6B21A.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXECF-27E83661.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX-DOWNLOAD.CFEXE-1D161D68.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX.EXE-07137BA6.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FABIAN KÜLLER.EXE-205D88F5.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.CFEXE-38519B93.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GMR.EXE-281B05F0.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1955BEA1.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GREP.CFEXE-273BC5E1.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GSAR.CFEXE-0E6FCB31.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GSAR.CFEXE-156760D9.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIDEC.EXE-3B166DB3.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-39024128.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HJTINSTALL.EXE-118C6EBA.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IGFXPERS.EXE-2C07C174.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IGFXTRAY.EXE-3391579A.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IS-JDVUT.TMP-00AEC25A.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JV16PT.EXE-08000C74.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JV16PT_SETUP_HB.EXE-01D9092E.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-0EA35725.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-1902E5F3.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-24D7DC5B.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-31C77B0D.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM.EXE-11D8BBD8.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAMGUI.EXE-1E06AB95.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSXML4-KB954430-ENU.EXE-1B3A5B48.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\N.COM-3222D14C.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NETCFG.EXE-24455B90.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.CFEXE-0E3F4BC2.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.CFEXE-19FF4781.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.COM-323C21EC.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMD.EXE-2C39EF53.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NIRCMDC.CFEXE-049E77E5.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PEV.CFEXE-26A9D6BD.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PEV.CFEXE-29A7886F.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PV.CFEXE-0E6F2701.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PV.CFEXE-23E4A9A0.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PV.EXE-06A2AC78.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGT.CFEXE-15DB5DAE.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSIT.EXE-19D3B0D2.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-132B2031.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1357CA32.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EE676D0.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F20A0D1.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-23F69974.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-29F0D6BF.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2BF3472E.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-47DBD4DB.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SCHED.EXE-3062DD8B.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.CFEXE-238FCCA6.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.CFEXE-268D7E58.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SED.EXE-0F4B402F.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SM56HLPR.EXE-354818CA.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\STEAM.EXE-25824B4E.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.CFEXE-2BF4FFCD.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWREG.EXE-3560BE42.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWSC.CFEXE-3B4FE4FE.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYNTPENH.EXE-3967AE36.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOSBTMNG1.EXE-0C51CE75.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOSBTPCS.EXE-2BFB6ABF.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOSBTPROC.EXE-1DBB706E.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOSBTPSS.EXE-271A2FCF.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOSOBEX.EXE-29489701.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-019B5229.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINST.EXE-0C3A52E2.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNSECAPP.EXE-1A95A33B.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNZIP.CFEXE-16348B59.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-3398FCD6.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINVER.EXE-33E0A108.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLBTTRAY.EXE-0F2D5B80.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf -->22.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->23.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\_IU14D2N.TMP-280665AE.pf -->22.04.2009

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export - "C:\Programme\Microsoft Games\Age of Empires II\empires2.exe"="C:\Programme\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*:Disabled:igfxsrvc Module"
O47 - AAKE:Key Export - "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
O47 - AAKE:Key Export - "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
O47 - AAKE:Key Export - "C:\Programme\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Programme\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

---\\ Déni du service LSA (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{2044345a-5fbd-11dd-903f-0010c6f4105a}\Shell\AutoRun\command - E:\LaunchU3.exe -a
O51 - MPSK:{3b07de3b-9e08-11dd-9187-0010c6f4105a}\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
O51 - MPSK:{d46a9414-e35c-11db-8146-806d6172696f}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-9-70-100013251-100017588-100021550-6835.com c:\
O51 - MPSK:{d46a9414-e35c-11db-8146-806d6172696f}\Shell\open\command - RECYCLER\S-0-9-70-100013251-100017588-100021550-6835.com c:\

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iyuv"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.uyvy"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yuy2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvu9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvyu"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="L3CODECA.ACM"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"


End of the scan

john.doe 23.04.2009 15:27
1.) Deinstalliere:
  • Ad-Aware
  • Adobe Reader 7.1.0 - Deutsch
  • Apple Software Update
  • ElsterFormular 2006/2007 (könnte knapp werden) :)
  • Google Desktop
  • ICQ Toolbar
  • J2SE Runtime Environment 5.0 Update 7
  • Java(TM) 6 Update 10
  • Java(TM) 6 Update 2
  • Java(TM) 6 Update 3
  • Java(TM) 6 Update 5
  • Java(TM) SE Runtime Environment 6 Update 1
  • Skype™ 3.8
  • UseNeXT (Virenschleuder)
2.) Installiere (Toolbars immer abwählen, Haken weg):
3.) Jetzt klicke auf "Für alle Neuen" in meiner Signatur, lies alles und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

GerdKueller 24.04.2009 12:01
HI,
ich hatte den PC jetzt bei nem Bekannten und er meinte, er konnte den Virus und einen Wurm entfernen. Jetzt bin ich mir nicht sicher, ob das auch so "einfach" geht und der PC wirklich sauber ist.

Vielleicht kannst nochmal nen Blick drauf werfen, freuen würds mich ja, wenn er sauber wär bzgl Homebanking etc...zumal AntiVir immer noch Trojaner findet, wohl aber nicht damit umgehen kann oder so...
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:10, on 24.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
C:\Programme\TomTom HOME 2\HOMERunner.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Launch Manager\WLBTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Fabian Küller\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207766105812
O16 - DPF: {99C4B3C5-166D-4B6B-8305-C59FB5AF5BF6} (ConvisionVideoStream Control) - http://mail.almesberger.at/ConvisionVideo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{222542B0-FEE6-4CD3-AF58-98A798F88716}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD791768-6D7A-4526-A39B-5A3AF543AD5A}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{222542B0-FEE6-4CD3-AF58-98A798F88716}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS2\Services\Tcpip\..\{222542B0-FEE6-4CD3-AF58-98A798F88716}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 9008 bytes

GerdKueller 24.04.2009 12:21
Code:
Adobe Flash Player 10 Plugin
Apple Mobile Device Support
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
CCleaner (remove only)
ElsterFormular 2007/2008
FMGate_Trainerbilder_1Bundesliga_FM09
Football Manager 2009
Foxit Reader
Foxit Toolbar
GIMP 2.4.6
HeroCodec
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix für Windows Internet Explorer 7 (KB947864)
ICQ Toolbar
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
IsoBuster 2.2
iTunes
Java(TM) 6 Update 13
Joe
Launch Manager V1.4.5
Malwarebytes' Anti-Malware
Mein CeWe Fotobuch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Foto 2006 Standard Edition
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional mit FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite-Add-Ins für Microsoft Word
Motorola SM56 Data Fax Modem
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
QuickTime
Realtek High Definition Audio Driver
Schlecker Fotoservice
Screenshot Captor 2.42.01
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Setup-Start von Microsoft Works Suite 2006
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Steam
Synaptics Pointing Device Driver
Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
TomTom HOME 2.5.2.60
VC_MergeModuleToMSI
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
hab alles gemacht was du geschrieben hast nur die ICQ Toolbar ließ sich nicht entfernen und Malwarebytes reagiert auch nicht (Für alle Neuen).

john.doe 24.04.2009 15:23
Du befolgst jetzt erstmal alles, das hier steht: http://www.trojaner-board.de/431272-post13.html

Anschliessend postest du das Log von Avira mit den Meldungen. Ich brauche die Dateinamen und Pfade, so wie es auch in den Trojaner-Board - Impressum steht.
Zitat:
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
Zitat:
ich hatte den PC jetzt bei nem Bekannten und er meinte, er konnte den Virus und einen Wurm entfernen.
Ja, in keinem anderen Wissensgebiet gibt es soviele wie in der Computerbranche, die glauben sie hätten Ahnung.

ciao, andreas

GerdKueller 24.04.2009 15:37
Naja dieses "glauben" hat ihm zumindest 35 Euro eingebracht :teufel1:
Avira folgt

hjt
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:40, on 24.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TomTom HOME 2\HOMERunner.exe
C:\programme\steam\steam.exe
C:\Programme\Launch Manager\WLBTTray.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 5666 bytes

GerdKueller 24.04.2009 15:47
Meldung: Das ist das Trojanische Pferd TR/Agent2.iex,
Quelle c:\windows\system32\drivers\gxvxcaavdymtnqwhpmbnmpjwiemqrmwuyabwe.sys

Meldung: es wurde eine versteckte Datei gefunden
Quelle: c:\windows\system32\gxvxccounter

Meldung:ist das Trojanische Pferd TR/Dldr.Agent.brpo
Quelle: c:\windows\system32\gxvxcmovrerfolilrlxbcnpxurtejhfsxpvhq.dll

john.doe 24.04.2009 16:03
Warum nicht gleich so? :confused:

1.) Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
Drivers to delete:
gxvxcserv.sys
gxvxcserv

Files to delete:
c:\windows\system32\drivers\gxvxcaavdymtnqwhpmbnmpjwiemqrmwuyabwe.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcmovrerfolilrlxbcnpxurtejhfsxpvhq.dll
http://saved.im/mzi3ndg3nta0/aven.jpg
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

2.) ComboFix

Achtung: Die Anleitung ist veraltet. Den Teil mit der Systemwiederherstellungskonsole nicht ausführen. Die wird bei Internetverbindung automatisch installiert.

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

    Sollte sich ComboFix nicht starten lassen, dann benenne es um in cf.com und versuche es nocheinmal.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

GerdKueller 24.04.2009 16:20
Hopsassa
Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath:  \systemroot\system32\drivers\gxvxcaavdymtnqwhpmbnmpjwiemqrmwuyabwe.sys
Start Type:  4 (Disabled)

Rootkit scan completed.

Driver "gxvxcserv.sys" deleted successfully.

Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\gxvxcserv" not found!
Deletion of driver "gxvxcserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "c:\windows\system32\drivers\gxvxcaavdymtnqwhpmbnmpjwiemqrmwuyabwe.sys" deleted successfully.
File "c:\windows\system32\gxvxccounter" deleted successfully.

Error:  file "c:\windows\system32\gxvxcmovrerfolilrlxbcnpxurtejhfsxpvhq.dll" not found!
Deletion of file "c:\windows\system32\gxvxcmovrerfolilrlxbcnpxurtejhfsxpvhq.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
ComboFix sagt nach wie vor, dass etwas von Kaspersky Security aktiv ist, soll ich trotzdem ausführen?

john.doe 24.04.2009 16:30
Ja, unbedingt, sonst wirst du das Teufelszeug nie los.

ciao, andreas

GerdKueller 24.04.2009 16:48
Code:
ComboFix 09-04-24.01 - XXX24.04.2009 17:40.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.669 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\XXX\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: Kaspersky Security Suite CBE *On-access scanning enabled* (Updated)
FW: Kaspersky Security Suite CBE *enabled*
FW: Norton Internet Worm Protection *disabled*
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
(((((((((((((((((((((((  Dateien erstellt von 2009-05-24 bis 2009-4-24  ))))))))))))))))))))))))))))))
.

2009-04-24 15:15 . 2009-04-24 15:15        0        ----a-w        C:\backup.reg
2009-04-24 15:15 . 2009-04-24 15:15        19286        ----a-w        C:\cleanup.exe
2009-04-24 11:12 . 2009-04-24 11:12        --------        d-----w        c:\programme\AskBarDis
2009-04-24 11:12 . 2009-04-24 11:12        --------        d-----w        c:\programme\Foxit Software
2009-04-24 11:12 . 2009-04-24 11:12        --------        d-----w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\Foxit
2009-04-24 11:11 . 2009-04-24 11:10        73728        ----a-w        c:\windows\system32\javacpl.cpl
2009-04-24 08:53 . 2009-04-24 08:53        --------        d-----w        c:\programme\Avira
2009-04-24 08:53 . 2009-04-24 08:53        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-04-24 07:40 . 2006-06-29 11:07        14048        ------w        c:\windows\system32\spmsg2.dll
2009-04-24 07:34 . 2009-04-24 07:34        --------        d-----w        c:\windows\system32\XPSViewer
2009-04-24 07:34 . 2009-04-24 07:34        --------        d-----w        c:\programme\MSBuild
2009-04-24 07:34 . 2009-04-24 07:34        --------        d-----w        c:\programme\Reference Assemblies
2009-04-24 07:33 . 2009-04-24 07:33        --------        d-----w        C:\83c45d19af270721f5b488fb
2009-04-24 07:33 . 2008-07-06 12:06        89088        ------w        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-24 07:33 . 2008-07-06 12:06        575488        ------w        c:\windows\system32\xpsshhdr.dll
2009-04-24 07:33 . 2008-07-06 12:06        575488        ------w        c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-24 07:33 . 2008-07-06 12:06        1676288        ------w        c:\windows\system32\xpssvcs.dll
2009-04-24 07:33 . 2008-07-06 12:06        1676288        ------w        c:\windows\system32\dllcache\xpssvcs.dll
2009-04-24 07:33 . 2008-07-06 12:06        117760        ------w        c:\windows\system32\prntvpt.dll
2009-04-24 07:33 . 2008-07-06 10:50        597504        ------w        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-23 12:07 . 2009-04-23 12:07        --------        d-----w        c:\programme\AVG
2009-04-23 11:17 . 2007-11-28 15:45        561152        ----a-w        c:\dokumente und einstellungen\XXX\KAVremover.exe
2009-04-23 11:17 . 2007-11-28 15:45        561152        ----a-w        c:\dokumente und einstellungen\XXX\KAVremover.exe
2009-04-23 11:10 . 2009-04-23 11:10        282980        ----a-w        c:\dokumente und einstellungen\XXX\kavremover.zip
2009-04-23 11:10 . 2009-04-23 11:10        282980        ----a-w        c:\dokumente und einstellungen\XXX\kavremover.zip
2009-04-22 19:51 . 2009-04-22 19:51        --------        d-----w        C:\rsit
2009-04-22 19:12 . 2009-04-22 19:12        23        --sha-w        c:\windows\system32\edacded0_x.dat
2009-04-22 19:12 . 2009-04-22 19:12        23        ----a-w        c:\windows\system32\bcdadac7_x.xml
2009-04-22 15:44 . 2009-04-22 15:44        --------        d-----w        c:\programme\Trend Micro
2009-04-21 18:06 . 2009-04-21 18:06        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-04-17 15:25 . 2009-02-13 09:31        55640        ----a-w        c:\windows\system32\drivers\avgntflt.sys
2009-04-17 14:34 . 2009-04-17 14:34        --------        d-----r        c:\dokumente und einstellungen\LocalService\Favoriten
2009-04-17 14:34 . 2009-04-17 14:34        --------        d-----w        c:\programme\HeroCodec
2009-04-16 10:39 . 2009-02-20 16:49        78336        ------w        c:\windows\system32\dllcache\ieencode.dll
2009-04-16 05:20 . 2009-02-06 10:10        227840        ------w        c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:20 . 2009-03-06 14:19        286720        ------w        c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:20 . 2009-02-09 11:21        111104        ------w        c:\windows\system32\dllcache\services.exe
2009-04-16 05:20 . 2009-02-09 10:51        401408        ------w        c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:20 . 2009-02-09 10:51        678400        ------w        c:\windows\system32\dllcache\advapi32.dll
2009-04-16 05:20 . 2009-02-09 10:51        473600        ------w        c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:20 . 2009-02-09 10:51        736768        ------w        c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 05:20 . 2009-02-09 10:51        740352        ------w        c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:20 . 2009-02-09 10:51        453120        ------w        c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:34 . 2009-03-27 06:49        1203922        ------w        c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:34 . 2008-04-21 21:13        217600        ------w        c:\windows\system32\dllcache\wordpad.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 15:18 . 2009-02-28 12:50        --------        d-----w        c:\programme\Steam
2009-04-24 15:17 . 2009-04-24 15:17        2606        ----a-w        C:\avenger.txt
2009-04-24 12:20 . 2008-07-27 10:59        --------        d-----w        c:\programme\Google
2009-04-24 11:10 . 2008-11-14 16:46        410984        ----a-w        c:\windows\system32\deploytk.dll
2009-04-24 11:10 . 2007-04-05 10:10        --------        d-----w        c:\programme\Java
2009-04-24 11:08 . 2007-04-06 12:28        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-04-24 11:05 . 2006-10-23 15:42        --------        d--h--w        c:\programme\InstallShield Installation Information
2009-04-24 08:59 . 2009-04-21 18:43        10972        ----a-w        C:\aaw7boot.log
2009-04-24 07:38 . 2006-01-30 19:41        536778        ----a-w        c:\windows\system32\perfh007.dat
2009-04-24 07:38 . 2006-01-30 19:41        109384        ----a-w        c:\windows\system32\perfc007.dat
2009-04-22 18:31 . 2008-06-13 17:14        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-04-22 18:18 . 2008-07-04 19:15        --------        d-----w        c:\programme\CCleaner
2009-04-19 12:23 . 2008-08-01 12:30        12070        ----a-w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\wklnhst.dat
2009-04-04 07:40 . 2009-04-04 07:40        190        ----a-w        C:\drwtsn32.log
2009-03-21 14:06 . 2009-03-21 14:06        1063424        ------w        c:\windows\system32\dllcache\kernel32.dll
2009-03-10 20:18 . 2007-03-15 16:17        970632        ------w        c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2007-03-15 16:16        265096        ------w        c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 14:19 . 2006-01-30 19:41        286720        ----a-w        c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-01-30 19:41        826368        ----a-w        c:\windows\system32\wininet.dll
2009-03-03 00:03 . 2006-01-30 19:41        826368        ----a-w        c:\windows\system32\dllcache\wininet.dll
2009-03-01 19:39 . 2009-02-18 07:11        --------        d-----w        c:\programme\ScreenshotCaptor
2009-02-28 12:48 . 2007-11-19 13:26        --------        d-----w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\Sports Interactive
2009-02-28 04:54 . 2006-01-30 19:55        636072        ----a-w        c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-10 05:28        13824        ------w        c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-01-30 19:40        70656        ----a-w        c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-01-30 19:40        161792        ----a-w        c:\windows\system32\dllcache\ieakui.dll
2009-02-18 07:12 . 2009-02-18 07:12        58        ----a-w        c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2009-02-10 17:03 . 2008-10-16 05:55        2068352        ------w        c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2008-10-16 05:56        1846912        ------w        c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2006-01-30 19:41        1846912        ----a-w        c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2008-10-16 05:55        2191360        ------w        c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:21 . 2008-10-16 05:55        2026496        ------w        c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:21 . 2004-08-04 00:50        2026496        ----a-w        c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2008-10-16 05:55        2147840        ------w        c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:21 . 2006-01-30 19:40        2147840        ----a-w        c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2006-01-30 19:41        111104        ----a-w        c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-01-30 19:41        401408        ----a-w        c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-01-30 19:40        736768        ----a-w        c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-01-30 19:40        678400        ----a-w        c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-01-30 19:40        740352        ----a-w        c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2006-01-30 19:41        35328        ----a-w        c:\windows\system32\sc.exe
2009-02-06 10:39 . 2006-01-30 19:41        35328        ----a-w        c:\windows\system32\dllcache\sc.exe
2009-02-03 19:57 . 2009-02-03 19:57        56832        ------w        c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2006-01-30 19:41        56832        ----a-w        c:\windows\system32\secur32.dll
2009-01-27 10:39 . 2008-05-13 19:05        60416        ----a-w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-01-10 15:35 . 2007-04-05 10:15        60416        ----a-w        c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-08-26 19:46 . 2008-08-26 19:46        9501920        ----a-w        c:\programme\vlc-0.8.6i-win32.exe
2008-05-28 20:09 . 2008-05-28 20:09        3278848        ----a-w        c:\programme\Duden Korrektor PLUS.msi
2008-02-13 14:21 . 2008-02-13 14:21        32        ----a-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ezsid.dat
2006-01-30 20:06 . 2007-04-05 10:12        146        ----a-w        c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2006-01-30 20:06 . 2006-01-30 20:06        146        ----a-w        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2004-08-21 10:08 . 2007-06-05 16:10        1648        ----a-w        c:\programme\PowerDVD.lnk
2008-07-29 10:46 . 2008-07-29 10:46        32768        --sha-w        c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008072920080730\index.dat
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58        333192        ----a-w        c:\programme\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Steam"="c:\programme\steam\steam.exe" [2009-02-28 1410296]
"NBJ"="c:\programme\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2006-05-04 86016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-20 544768]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

R1 Wbutton;Wbutton; [x]
S1 Hotkey;Hotkey; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2044345a-5fbd-11dd-903f-0010c6f4105a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b07de3b-9e08-11dd-9187-0010c6f4105a}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 17:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8c,3e,96,5e,9d,7b,b0,14,98,a3,72,da,9f,4c,81,b8,c9,9b,93,78,71,81,00,
  2c,6d,44,83,67,90,15,6d,c8,da,70,64,da,51,65,b0,36,52,e0,73,07,3b,7f,87,48,\
"??"=hex:70,ef,7c,e9,d1,3d,80,4e,92,70,c8,13,aa,32,a5,58
.
Zeit der Fertigstellung: 2009-04-24 17:43
ComboFix-quarantined-files.txt  2009-04-24 15:43

Vor Suchlauf: 21 Verzeichnis(se), 28.321.816.576 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 29.123.612.672 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

206        --- E O F ---        2009-04-24 07:48

john.doe 24.04.2009 17:14
1.) Gehe zu dem Typen und hole dir dein Geld zurück. :D

2.) Deinstalliere (falls möglich):
  • FoxIt Toolbar

3.) Download und Ausführung des Norton-Entfernungsprogramms

4.) Scripten mit Combofix
  • Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld und ändere alle XXX durch den Benutzernamen:
Code:
KILLALL::

Driver::
Wbutton
Hotkey

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=-
"TomTomHOME.exe"=-
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b07de3b-9e08-11dd-9187-0010c6f4105a}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2044345a-5fbd-11dd-903f-0010c6f4105a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Folder::
c:\programme\AskBarDis
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
c:\programme\Kaspersky Lab
c:\programme\Kaspersky
c:\programme\HeroCodec
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
C:\rsit
c:\programme\AVG

File::
C:\backup.reg
c:\dokumente und einstellungen\XXX\KAVremover.exe
c:\dokumente und einstellungen\XXX\KAVremover.exe
c:\dokumente und einstellungen\XXX\kavremover.zip
c:\dokumente und einstellungen\XXX\kavremover.zip
C:\aaw7boot.log
c:\windows\System32\perfh007.dat
c:\windows\System32\perfc007.dat
c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008072920080730\index.dat
c:\programme\vlc-0.8.6i-win32.exe
c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
c:\dokumente und einstellungen\XXX\Anwendungsdaten\GDIPFONTCACHEV1.DAT
C:\drwtsn32.log

DirLook::
C:\83c45d19af270721f5b488fb
Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt
  • Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!
http://users.pandora.be/bluepatchy/m...s/CFScript.gif
  • Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten


Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

5.) Neues Gmer-Log posten.

6.) Malwarebytes laufen lassen und Log posten.

7.) SASW laufen lassen und Log posten.

8.) Erstelle ein Filelisting.
ciao, andreas

GerdKueller 24.04.2009 17:48
1.) das nehm ich mit :aufsmaul:
2.) deinstalliert
3.) erledigt
4.)

Code:
ComboFix 09-04-25.01 - XXX 24.04.2009 18:36.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.663 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\XXX\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: Kaspersky Security Suite CBE *On-access scanning enabled* (Updated)
FW: Kaspersky Security Suite CBE *enabled*
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2009-05-24 bis 2009-4-24  ))))))))))))))))))))))))))))))
.

2009-04-24 16:23 . 2009-04-24 16:23        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-04-24 15:15 . 2009-04-24 15:15        0        ----a-w        C:\backup.reg
2009-04-24 15:15 . 2009-04-24 15:15        19286        ----a-w        C:\cleanup.exe
2009-04-24 11:12 . 2009-04-24 11:12        --------        d-----w        c:\programme\Foxit Software
2009-04-24 11:12 . 2009-04-24 11:12        --------        d-----w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\Foxit
2009-04-24 11:11 . 2009-04-24 11:10        73728        ----a-w        c:\windows\system32\javacpl.cpl
2009-04-24 08:53 . 2009-04-24 08:53        --------        d-----w        c:\programme\Avira
2009-04-24 08:53 . 2009-04-24 08:53        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-04-24 07:40 . 2006-06-29 11:07        14048        ------w        c:\windows\system32\spmsg2.dll
2009-04-24 07:34 . 2009-04-24 07:34        --------        d-----w        c:\windows\system32\XPSViewer
2009-04-24 07:34 . 2009-04-24 07:34        --------        d-----w        c:\programme\MSBuild
2009-04-24 07:34 . 2009-04-24 07:34        --------        d-----w        c:\programme\Reference Assemblies
2009-04-24 07:33 . 2009-04-24 07:33        --------        d-----w        C:\83c45d19af270721f5b488fb
2009-04-24 07:33 . 2008-07-06 12:06        89088        ------w        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-24 07:33 . 2008-07-06 12:06        575488        ------w        c:\windows\system32\xpsshhdr.dll
2009-04-24 07:33 . 2008-07-06 12:06        575488        ------w        c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-24 07:33 . 2008-07-06 12:06        1676288        ------w        c:\windows\system32\xpssvcs.dll
2009-04-24 07:33 . 2008-07-06 12:06        1676288        ------w        c:\windows\system32\dllcache\xpssvcs.dll
2009-04-24 07:33 . 2008-07-06 12:06        117760        ------w        c:\windows\system32\prntvpt.dll
2009-04-24 07:33 . 2008-07-06 10:50        597504        ------w        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-23 12:07 . 2009-04-23 12:07        --------        d-----w        c:\programme\AVG
2009-04-23 11:17 . 2007-11-28 15:45        561152        ----a-w        c:\dokumente und einstellungen\XXX\KAVremover.exe
2009-04-23 11:17 . 2007-11-28 15:45        561152        ----a-w        c:\dokumente und einstellungen\XXX\KAVremover.exe
2009-04-23 11:10 . 2009-04-23 11:10        282980        ----a-w        c:\dokumente und einstellungen\XXX\kavremover.zip
2009-04-23 11:10 . 2009-04-23 11:10        282980        ----a-w        c:\dokumente und einstellungen\XXX\kavremover.zip
2009-04-22 19:51 . 2009-04-22 19:51        --------        d-----w        C:\rsit
2009-04-22 19:12 . 2009-04-22 19:12        23        --sha-w        c:\windows\system32\edacded0_x.dat
2009-04-22 19:12 . 2009-04-22 19:12        23        ----a-w        c:\windows\system32\bcdadac7_x.xml
2009-04-22 15:44 . 2009-04-22 15:44        --------        d-----w        c:\programme\Trend Micro
2009-04-21 18:06 . 2009-04-21 18:06        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-04-17 15:25 . 2009-02-13 09:31        55640        ----a-w        c:\windows\system32\drivers\avgntflt.sys
2009-04-17 14:34 . 2009-04-17 14:34        --------        d-----r        c:\dokumente und einstellungen\LocalService\Favoriten
2009-04-17 14:34 . 2009-04-17 14:34        --------        d-----w        c:\programme\HeroCodec
2009-04-16 10:39 . 2009-02-20 16:49        78336        ------w        c:\windows\system32\dllcache\ieencode.dll
2009-04-16 05:20 . 2009-02-06 10:10        227840        ------w        c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:20 . 2009-03-06 14:19        286720        ------w        c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:20 . 2009-02-09 11:21        111104        ------w        c:\windows\system32\dllcache\services.exe
2009-04-16 05:20 . 2009-02-09 10:51        401408        ------w        c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:20 . 2009-02-09 10:51        678400        ------w        c:\windows\system32\dllcache\advapi32.dll
2009-04-16 05:20 . 2009-02-09 10:51        473600        ------w        c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:20 . 2009-02-09 10:51        736768        ------w        c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 05:20 . 2009-02-09 10:51        740352        ------w        c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:20 . 2009-02-09 10:51        453120        ------w        c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:34 . 2009-03-27 06:49        1203922        ------w        c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:34 . 2008-04-21 21:13        217600        ------w        c:\windows\system32\dllcache\wordpad.exe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 16:27 . 2009-02-28 12:50        --------        d-----w        c:\programme\Steam
2009-04-24 16:24 . 2007-04-05 12:04        --------        d-----w        c:\programme\Gemeinsame Dateien\Symantec Shared
2009-04-24 15:17 . 2009-04-24 15:17        2606        ----a-w        C:\avenger.txt
2009-04-24 12:20 . 2008-07-27 10:59        --------        d-----w        c:\programme\Google
2009-04-24 11:10 . 2008-11-14 16:46        410984        ----a-w        c:\windows\system32\deploytk.dll
2009-04-24 11:10 . 2007-04-05 10:10        --------        d-----w        c:\programme\Java
2009-04-24 11:08 . 2007-04-06 12:28        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-04-24 11:05 . 2006-10-23 15:42        --------        d--h--w        c:\programme\InstallShield Installation Information
2009-04-24 08:59 . 2009-04-21 18:43        10972        ----a-w        C:\aaw7boot.log
2009-04-24 07:38 . 2006-01-30 19:41        536778        ----a-w        c:\windows\system32\perfh007.dat
2009-04-24 07:38 . 2006-01-30 19:41        109384        ----a-w        c:\windows\system32\perfc007.dat
2009-04-22 18:31 . 2008-06-13 17:14        --------        d-----w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-04-22 18:18 . 2008-07-04 19:15        --------        d-----w        c:\programme\CCleaner
2009-04-19 12:23 . 2008-08-01 12:30        12070        ----a-w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\wklnhst.dat
2009-04-04 07:40 . 2009-04-04 07:40        190        ----a-w        C:\drwtsn32.log
2009-03-21 14:06 . 2009-03-21 14:06        1063424        ------w        c:\windows\system32\dllcache\kernel32.dll
2009-03-10 20:18 . 2007-03-15 16:17        970632        ------w        c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2007-03-15 16:16        265096        ------w        c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 14:19 . 2006-01-30 19:41        286720        ----a-w        c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-01-30 19:41        826368        ----a-w        c:\windows\system32\wininet.dll
2009-03-03 00:03 . 2006-01-30 19:41        826368        ----a-w        c:\windows\system32\dllcache\wininet.dll
2009-03-01 19:39 . 2009-02-18 07:11        --------        d-----w        c:\programme\ScreenshotCaptor
2009-02-28 12:48 . 2007-11-19 13:26        --------        d-----w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\Sports Interactive
2009-02-28 04:54 . 2006-01-30 19:55        636072        ----a-w        c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-10 05:28        13824        ------w        c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-01-30 19:40        70656        ----a-w        c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-01-30 19:40        161792        ----a-w        c:\windows\system32\dllcache\ieakui.dll
2009-02-18 07:12 . 2009-02-18 07:12        58        ----a-w        c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2009-02-10 17:03 . 2008-10-16 05:55        2068352        ------w        c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2008-10-16 05:56        1846912        ------w        c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2006-01-30 19:41        1846912        ----a-w        c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2008-10-16 05:55        2191360        ------w        c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:21 . 2008-10-16 05:55        2026496        ------w        c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:21 . 2004-08-04 00:50        2026496        ----a-w        c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2008-10-16 05:55        2147840        ------w        c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:21 . 2006-01-30 19:40        2147840        ----a-w        c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2006-01-30 19:41        111104        ----a-w        c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-01-30 19:41        401408        ----a-w        c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-01-30 19:40        736768        ----a-w        c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-01-30 19:40        678400        ----a-w        c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-01-30 19:40        740352        ----a-w        c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2006-01-30 19:41        35328        ----a-w        c:\windows\system32\sc.exe
2009-02-06 10:39 . 2006-01-30 19:41        35328        ----a-w        c:\windows\system32\dllcache\sc.exe
2009-02-03 19:57 . 2009-02-03 19:57        56832        ------w        c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2006-01-30 19:41        56832        ----a-w        c:\windows\system32\secur32.dll
2009-01-27 10:39 . 2008-05-13 19:05        60416        ----a-w        c:\dokumente und einstellungen\XXX\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-01-10 15:35 . 2007-04-05 10:15        60416        ----a-w        c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-08-26 19:46 . 2008-08-26 19:46        9501920        ----a-w        c:\programme\vlc-0.8.6i-win32.exe
2008-05-28 20:09 . 2008-05-28 20:09        3278848        ----a-w        c:\programme\Duden Korrektor PLUS.msi
2008-02-13 14:21 . 2008-02-13 14:21        32        ----a-w        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ezsid.dat
2006-01-30 20:06 . 2007-04-05 10:12        146        ----a-w        c:\dokumente und einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2006-01-30 20:06 . 2006-01-30 20:06        146        ----a-w        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2004-08-21 10:08 . 2007-06-05 16:10        1648        ----a-w        c:\programme\PowerDVD.lnk
2008-07-29 10:46 . 2008-07-29 10:46        32768        --sha-w        c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008072920080730\index.dat
.

(((((((((((((((((((((((((((((  SnapShot@2009-04-24_15.41.44  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-24 16:26 . 2009-04-24 16:26        16384              c:\windows\Temp\Perflib_Perfdata_bec.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Steam"="c:\programme\steam\steam.exe" [2009-02-28 1410296]
"NBJ"="c:\programme\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2006-04-19 65536]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2006-05-04 86016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 761946]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-20 544768]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

R1 Wbutton;Wbutton; [x]
S1 Hotkey;Hotkey; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2044345a-5fbd-11dd-903f-0010c6f4105a}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b07de3b-9e08-11dd-9187-0010c6f4105a}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 18:38
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3902489987-3502258820-393941312-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8c,3e,96,5e,9d,7b,b0,14,98,a3,72,da,9f,4c,81,b8,c9,9b,93,78,71,81,00,
  2c,6d,44,83,67,90,15,6d,c8,da,70,64,da,51,65,b0,36,52,e0,73,07,3b,7f,87,48,\
"??"=hex:70,ef,7c,e9,d1,3d,80,4e,92,70,c8,13,aa,32,a5,58
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2009-04-24 18:39
ComboFix-quarantined-files.txt  2009-04-24 16:39
ComboFix2.txt  2009-04-24 15:43

Vor Suchlauf: 20 Verzeichnis(se), 29.087.903.744 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 29.088.845.824 Bytes frei

200        --- E O F ---        2009-04-24 07:48


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:57 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131