Logfile nach Infizierung |
Willkommen, Gast ( Anmelden | Registrierung )
Logfile nach Infizierung |
Gast_Poulsen_* |
16.08.2008, 09:45
Beitrag
#1
|
Gäste |
Ist das logfile sauber. Sorry ich hatte es versehentlich hier gepostet
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:06, on 16.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\cFosSpeed\spd.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure\Common\FSMA32.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\F-Secure\Common\FSMB32.EXE f:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe C:\Programme\UPHClean\uphclean.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure\Common\FCH32.EXE C:\Programme\F-Secure\Common\FAMEH32.EXE C:\Programme\F-Secure\Anti-Virus\fsqh.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\cFosSpeed\cFosSpeed.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Yahoo!\Search Protection\SearchProtection.exe C:\Programme\F-Secure\Common\FSM32.EXE C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\F-Secure\FSGUI\fsguidll.exe E:\Programme\Internet Download Manager\IDMan.exe E:\Programme\PopTray\PopTray.exe C:\Programme\F-Secure\FSAUA\program\fsaua.exe C:\Programme\F-Secure\FWES\Program\fsdfwd.exe C:\Programme\F-Secure\Anti-Virus\fssm32.exe C:\Programme\F-Secure\FSAUA\program\fsus.exe C:\Programme\F-Secure\Anti-Virus\fsav32.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Programme\Internet Download Manager\IDMIECC.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - d:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Programme\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Programme\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [IDMan] e:\Programme\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PopTray.lnk = E:\Programme\PopTray\PopTray.exe O4 - Startup: Wallpaper Aktualisieren.lnk = C:\Programme\Desk-Timer\Desk-Timer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download aller Links mit IDM - E:\Programme\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - E:\Programme\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download mit IDM - E:\Programme\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202565922174 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programme\cFosSpeed\spd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure\ORSP Client\fsorsp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - f:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 10668 bytes |
|
|
Gast_Poulsen_* |
16.08.2008, 10:06
Beitrag
#2
|
Threadersteller Gäste |
Nachdem ich: "O2 - BHO: Gold-Manager - (D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE) - C: \ WINDOWS \ system32 \ goldman.dll" gefixt und in einem Rutsch das YahooGedöns deinstalliert habe, hier das neue Logfile:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:13, on 16.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\cFosSpeed\spd.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure\Common\FSMA32.EXE C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE f:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe C:\Programme\UPHClean\uphclean.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\cFosSpeed\cFosSpeed.exe C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe C:\Programme\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\F-Secure\Anti-Virus\fssm32.exe C:\Programme\F-Secure\Common\FSLAUNCH.EXE C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Programme\Internet Download Manager\IDMIECC.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - d:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] e:\Programme\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PopTray.lnk = E:\Programme\PopTray\PopTray.exe O4 - Startup: Wallpaper Aktualisieren.lnk = C:\Programme\Desk-Timer\Desk-Timer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Download aller Links mit IDM - E:\Programme\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - E:\Programme\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download mit IDM - E:\Programme\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202565922174 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programme\cFosSpeed\spd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure\ORSP Client\fsorsp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - f:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 9278 bytes |
|
|
16.08.2008, 10:12
Beitrag
#3
|
|
AV-Spezialist Gruppe: Mitarbeiter Beiträge: 2.935 Mitglied seit: 27.04.2003 Wohnort: Nordhorn Mitglieds-Nr.: 59 |
Nutz bitte nocheinmal Combofix:
Downloade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichere es auf den Desktop Danach schliesse alle Fenster, deaktiviere alle Hintergrundwaechter (AV und z.B. Spybots Tea-Timer) starte die combofix.exe, lies die Informationen auf den auftauchenden Fenstern und beantworte sie danach mit Ja. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinen Thread einfuegen. http://www.bleepingcomputer.com/combofix/d...ix-benutzt-wird Es ist zwar nicht unbedingt wichtig, aber wenn du kannst, starte die Combofix.exe mit Option /Skipfix Nachtrag: du nutzt noch Nero? O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -------------------- MfG Ralf
|
|
|
Gast_Poulsen_* |
16.08.2008, 10:44
Beitrag
#4
|
Threadersteller Gäste |
Hallo raman,
Combofix war bereits in Arbeit. Hier die logDatei: Und zu Deiner zweiten Anmerkung: Ja Nero nutze ich. ComboFix 08-08-14.05 - Detlev 2008-08-16 11:34:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.1553 [GMT 2:00] ausgeführt von:: G:\Opera-Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt * Resident AV is active Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\inst.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-07-16 bis 2008-08-16 )))))))))))))))))))))))))))))) . 2008-08-16 02:00 . 2008-08-16 05:11 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\DoctorWeb 2008-08-14 22:21 . 2008-08-14 22:21 <DIR> d-------- C:\Programme\DiskTrix 2008-08-14 21:30 . 2008-08-14 21:30 4,958,588 --a------ C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20021102}.BAK 2008-08-14 16:14 . 2008-08-14 16:14 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\MOBackup 2008-08-14 15:59 . 2008-08-11 10:34 210,944 --a------ C:\WINDOWS\mobackup.EXE 2008-08-14 15:59 . 2008-08-14 15:59 1,710 -r------- C:\WINDOWS\MOBackup-DatensicherungfrOutlook_Uninstall.in 2008-08-14 15:47 . 2008-08-14 15:47 <DIR> d-------- C:\Programme\Trend Micro 2008-08-12 22:50 . 2008-08-12 22:50 <DIR> d-------- C:\Program Files 2008-08-12 20:37 . 2008-08-12 20:37 <DIR> d-------- C:\Programme\MSXML 4.0 2008-08-12 20:37 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 20:37 . 2008-08-12 20:38 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-12 20:36 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-12 20:18 . 2008-08-12 20:18 <DIR> d-------- C:\Programme\YooApplications 2008-08-12 20:18 . 2005-04-15 19:58 1,351,392 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-08-12 20:18 . 2003-12-26 01:13 212,992 --a------ C:\WINDOWS\system32\YExBar.ocx 2008-08-12 20:18 . 1998-06-24 11:55 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX 2008-08-12 20:18 . 2004-03-09 17:45 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2008-08-12 20:18 . 1998-05-05 17:35 112,640 --a------ C:\WINDOWS\system32\CMCTLde.DLL 2008-08-12 20:18 . 2003-04-18 17:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2008-08-12 20:18 . 2003-04-18 17:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2008-08-12 20:18 . 1998-07-06 18:55 33,792 --a------ C:\WINDOWS\system32\CMDLGDE.DLL 2008-08-12 20:18 . 1998-05-05 17:35 24,576 --a------ C:\WINDOWS\system32\CMCT2DE.dll 2008-08-12 19:12 . 2008-08-12 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\F-Secure 2008-08-12 19:07 . 2008-08-16 01:52 <DIR> d-------- C:\Programme\F-Secure 2008-08-12 19:07 . 2008-08-12 19:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg 2008-08-12 19:07 . 2008-05-30 21:15 79,904 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-08-12 19:06 . 2008-08-12 19:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\f-secure 2008-08-11 17:17 . 2008-08-11 17:17 2,335,270 --a------ C:\WINDOWS\system32\a1019B.mht 2008-08-11 14:39 . 2008-08-14 15:35 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\IDM 2008-08-11 14:39 . 2008-08-16 11:37 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\DMCache 2008-08-11 14:21 . 2008-08-11 14:21 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-10 19:01 . 2008-08-10 19:01 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\SmartTools 2008-08-09 19:12 . 2008-08-09 19:12 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\InstallShield 2008-08-09 19:12 . 2008-04-14 07:52 185,344 --a--c--- C:\WINDOWS\system32\dllcache\framedyn.dll 2008-08-09 19:11 . 2007-09-28 15:33 2,796,032 --a------ C:\WINDOWS\system32\ImageEnXLibrary.ocx 2008-08-09 19:11 . 2007-10-05 16:00 1,444,864 --a------ C:\WINDOWS\system32\osenxpsuite2007.ocx 2008-08-09 19:11 . 2007-01-16 16:31 630,784 --a------ C:\WINDOWS\system32\osmax.ocx 2008-08-09 19:11 . 2007-10-05 16:00 247,808 --a------ C:\WINDOWS\system32\osenxpsuite2007.dll 2008-08-09 19:11 . 2000-12-06 01:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX 2008-08-09 19:11 . 2007-06-20 02:32 140,824 --a------ C:\WINDOWS\system32\secman.dll 2008-08-09 19:09 . 2008-08-09 19:10 <DIR> d-------- C:\Programme\SmartTools 2008-08-09 19:06 . 2008-08-09 19:06 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\Scan2PDF 2008-08-09 19:04 . 2008-08-09 19:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations 2008-08-09 18:58 . 2008-08-09 18:58 <DIR> d-------- C:\Programme\Java 2008-08-09 18:58 . 2008-08-09 18:58 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java 2008-08-09 18:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-09 18:56 . 2008-08-09 18:56 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-08-06 22:27 . 2008-08-06 22:28 <DIR> d-------- C:\Programme\Spybot - Search & Destroy 2008-08-06 22:27 . 2008-08-10 13:31 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-08-06 22:00 . 2008-08-06 22:00 <DIR> d-------- C:\Programme\ClearProg 2008-08-02 15:23 . 2008-08-02 15:23 2,287,616 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-08-02 15:18 . 2008-08-14 18:41 <DIR> d--h----- C:\WINDOWS\Icons 2008-08-02 15:10 . 2008-08-02 15:10 <DIR> d--h----- C:\WINDOWS\PIF 2008-08-02 14:48 . 2008-08-02 14:48 <DIR> d-------- C:\Programme\IEPro 2008-08-02 14:48 . 2008-08-02 14:48 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\IEPro 2008-08-02 14:48 . 2008-08-10 22:59 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\Canon 2008-08-02 14:14 . 2008-08-02 14:15 <DIR> d-------- C:\Programme\TuneUp Utilities 2008 2008-08-02 14:14 . 2008-08-02 14:14 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\TuneUp Software 2008-08-02 14:14 . 2008-08-02 14:14 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-08-02 14:14 . 2008-05-17 14:56 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-02 14:13 . 2008-08-02 14:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-08-02 13:37 . 2008-08-02 13:37 <DIR> d-------- C:\Programme\MSECache 2008-08-02 13:31 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-02 13:31 . 2008-08-02 13:31 400 --a------ C:\WINDOWS\ODBC.INI 2008-08-02 13:30 . 2008-08-02 13:30 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-02 13:30 . 2008-08-02 13:36 <DIR> d-------- C:\Programme\Microsoft Works 2008-08-02 13:29 . 2008-08-02 13:29 <DIR> d-------- C:\Programme\Microsoft.NET 2008-08-02 13:24 . 2008-08-02 13:24 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\Lingo4u 2008-08-02 13:21 . 2008-08-02 13:21 <DIR> d-------- C:\Programme\Desk-Timer 2008-08-02 13:03 . 2008-04-14 07:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe.backup 2008-08-02 12:57 . 2008-08-02 12:57 <DIR> d-------- C:\Programme\UPHClean 2008-08-02 12:51 . 2008-08-02 12:51 <DIR> d-------- C:\Hintergrundbilder 2008-08-02 12:47 . 2008-08-02 12:47 <DIR> d-------- C:\Programme\Total Uninstall 4 2008-08-02 12:47 . 2008-08-02 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Martau 2008-08-02 12:46 . 2008-08-02 12:46 <DIR> d-------- C:\Programme\ERUNT 2008-08-02 12:46 . 2008-08-02 12:46 <DIR> d-------- C:\Programme\CCleaner 2008-08-02 12:45 . 2008-08-02 12:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-08-02 12:45 . 2008-08-02 12:45 <DIR> d-------- C:\Programme\GiPo@Utilities 2008-08-02 12:45 . 2008-08-02 12:45 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Gibinsoft Shared 2008-08-02 12:42 . 1997-01-16 23:24 532,240 -ra------ C:\WINDOWS\system32\MSEXCH35.DLL 2008-08-02 12:42 . 1996-11-08 09:48 368,912 -ra------ C:\WINDOWS\system32\VBAR332.DLL 2008-08-02 12:42 . 1996-12-03 00:44 290,816 -ra------ C:\WINDOWS\system32\MSXBSE35.DLL 2008-08-02 12:42 . 1996-12-31 19:19 254,976 -ra------ C:\WINDOWS\system32\MSEXCL35.DLL 2008-08-02 12:42 . 1996-12-03 00:44 253,952 -ra------ C:\WINDOWS\system32\MSPDOX35.DLL 2008-08-02 12:42 . 1997-08-21 18:44 229,376 --------- C:\WINDOWS\system32\rpza32.qtc 2008-08-02 12:42 . 1997-11-09 14:59 211,456 --------- C:\WINDOWS\system32\qd3d_ir2.q3x 2008-08-02 12:42 . 1996-12-31 19:19 169,984 -ra------ C:\WINDOWS\system32\MSLTUS35.DLL 2008-08-02 12:42 . 1996-12-03 00:44 166,912 -ra------ C:\WINDOWS\system32\MSTEXT35.DLL 2008-08-02 12:41 . 1997-07-30 21:21 553,984 --------- C:\WINDOWS\system32\rave.dll 2008-08-02 12:41 . 1997-11-09 15:00 412,160 --------- C:\WINDOWS\system32\scint78.dll 2008-08-02 12:41 . 1997-08-21 18:44 165,888 --------- C:\WINDOWS\system32\smc32.qtc 2008-08-02 12:41 . 1997-06-03 10:31 108,032 --------- C:\WINDOWS\system32\sh33w32.dll 2008-08-02 12:41 . 1997-08-21 18:44 83,456 --------- C:\WINDOWS\system32\iv32qt32.qtc 2008-08-02 12:41 . 1997-11-09 15:00 71,168 --------- C:\WINDOWS\system32\3dviewer.dll 2008-08-02 12:41 . 1997-08-21 18:44 35,840 --------- C:\WINDOWS\system32\navg32.qtc 2008-08-02 12:41 . 1997-08-21 18:44 32,768 --------- C:\WINDOWS\system32\cmgr32.dll 2008-08-02 12:41 . 1997-08-21 18:44 24,064 --------- C:\WINDOWS\system32\dci32.qtc 2008-08-02 12:41 . 1997-08-21 18:44 20,480 --------- C:\WINDOWS\system32\raw32.qtc 2008-08-02 12:40 . 1997-11-09 14:59 909,312 --------- C:\WINDOWS\system32\qd3d.dll 2008-08-02 12:40 . 1997-08-21 18:44 345,600 --------- C:\WINDOWS\system32\qtim32.dll 2008-08-02 12:40 . 1997-08-21 18:44 151,040 --------- C:\WINDOWS\system32\cvid32.qtc 2008-08-02 12:40 . 1997-08-21 18:44 128,000 --------- C:\WINDOWS\system32\mc32.qtc 2008-08-02 12:40 . 1997-11-20 17:53 102,912 --------- C:\WINDOWS\system32\verscpl.cpl 2008-08-02 12:40 . 1996-12-10 19:21 39,095 --------- C:\WINDOWS\iccsigs.dat 2008-08-02 12:40 . 1997-08-21 18:44 34,816 --------- C:\WINDOWS\system32\jpeg32.qtc 2008-08-02 12:39 . 2008-08-02 12:39 <DIR> d-------- C:\WINDOWS\Favorites 2008-08-02 12:39 . 1997-08-21 18:44 103,936 --------- C:\WINDOWS\system32\rle32.qtc 2008-08-02 12:39 . 1997-08-21 18:44 38,912 --------- C:\WINDOWS\system32\dhio32.qtc 2008-08-02 12:39 . 1997-11-18 16:24 32 --------- C:\WINDOWS\barcode.ini 2008-08-02 12:38 . 2008-08-02 12:42 <DIR> d-------- C:\WINDOWS\Corel 2008-08-02 12:36 . 1998-04-04 20:21 288,256 --a------ C:\WINDOWS\system32\Ltkrn90n.dll 2008-08-02 12:36 . 1998-04-04 20:22 146,432 --a------ C:\WINDOWS\system32\Ltefx90n.dll 2008-08-02 12:36 . 1998-04-04 20:22 142,336 --a------ C:\WINDOWS\system32\Ltdlg90n.dll 2008-08-02 12:36 . 1998-04-04 20:22 107,008 --a------ C:\WINDOWS\system32\Ltimg90n.dll 2008-08-02 12:36 . 1998-04-04 20:21 98,304 --a------ C:\WINDOWS\system32\Ltfil90n.dll 2008-08-02 12:36 . 1998-04-04 20:22 35,328 --a------ C:\WINDOWS\system32\Lttwn90n.dll 2008-08-02 12:34 . 2008-08-02 12:34 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\WINDOWS 2008-08-02 12:34 . 2002-04-25 10:45 269,312 --a------ C:\WINDOWS\uninst.exe 2008-08-02 12:31 . 2002-10-01 09:22 9,856 --------- C:\WINDOWS\system32\drivers\pfc.sys 2008-08-02 12:26 . 2008-08-02 12:26 <DIR> d-------- C:\Programme\Canon 2008-08-02 12:25 . 2008-08-02 12:25 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\ScanSoft Shared 2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\Detlev\Anwendungsdaten\ScanSoft 2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard 2008-08-02 12:19 . 2008-08-02 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 09:37 --------- d-----w C:\Programme\cFosSpeed 2008-08-10 10:58 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-08-02 08:35 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2008-08-01 12:47 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-08-01 12:04 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys 2008-08-01 12:04 44,416 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys 2008-08-01 12:04 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-07-03 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-07-03 16:04 290,008 ----a-w C:\WINDOWS\system32\cfosspeed.dll 2008-06-26 11:06 93,128 ------w C:\WINDOWS\system32\ElbyCDIO.dll 2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2003-01-13 08:59 278,528 ------w C:\Programme\internet explorer\plugins\PanoViewer.dll 1999-04-30 14:00 98,304 ------w C:\Programme\internet explorer\plugins\UPjpeg.dll . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="C:\Programme\Creative\MediaSource\RemoteControl\RcMan.exe" [2003-10-08 17:35 139264] "Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:52 15360] "IDMan"="e:\Programme\Internet Download Manager\IDMan.exe" [2008-08-11 16:55 2610608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344] "CTDVDDET"="C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2003-05-16 01:45 114688] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2003-05-16 01:41 163840] "cFosSpeed"="C:\Programme\cFosSpeed\cFosSpeed.exe" [2008-07-03 18:04 867544] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "F-Secure Manager"="C:\Programme\F-Secure\Common\FSM32.EXE" [2008-05-30 21:17 182936] "F-Secure TNB"="C:\Programme\F-Secure\FSGUI\TNBUtil.exe" [2008-05-30 21:16 957024] "Tweak UI 1.33 deutsch"="TWEAKUI.CPL" [2000-10-07 01:13 106544 C:\WINDOWS\system32\TWEAKUI.CPL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 01000000 "NoSMHelp"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-08-31 18:38 140568 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-08-31 18:43 907040 C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-editiert-Tray] --a------ 2006-09-28 21:21 57344 f:\Programme\-editiert-\-editiert-\-editiert-Tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 07:52 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mount.exe] --a------ 2003-05-24 02:09 315904 C:\Programme\GiPo@Utilities\GiPo@FileUtilities\mount.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-06-03 11:38 49152 D:\Programme\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2006-03-10 17:15 1249280 C:\Programme\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-08-02 11:24 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-08-31 18:35 2622232 C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] --a------ 2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"= "C:\\Programme\\IEPro\\MiniDM.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-30 21:15] R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-08-01 14:04] R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Programme\F-Secure\HIPS\drivers\fshs.sys [2008-05-30 21:16] R2 NMSAccessU;NMSAccessU;f:\Programme\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34] R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2006-08-11 15:56] R2 TryAndDecideService;Acronis Try And Decide Service;C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe [2007-08-31 19:49] R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 07:53] R3 AVMWAN;AVM NDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2003-02-27 02:00] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-05-30 21:14] R3 FSORSPClient;F-Secure ORSP Client;C:\Programme\F-Secure\ORSP Client\fsorsp.exe [2008-05-30 21:17] R3 FXPCBASE;AVM FRITZ!X PC v2.0/v3.0 (WinXP/2000);C:\WINDOWS\system32\DRIVERS\fxpcbase.sys [2003-02-27 02:00] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 01:09] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-02 14:14] S4 F-Secure Filter;F-Secure File System Filter;C:\Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-05-30 21:14] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-05-30 21:14] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2008-08-16 C:\WINDOWS\Tasks\1-Klick-Wartung.job - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-05-17 15:04] 2008-08-16 C:\WINDOWS\Tasks\Scheduled scanning task.job - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe [2008-05-30 21:14] . . ------- Zus„tzlicher Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://de.yahoo.com/ O8 -: Download aller Links mit IDM - E:\Programme\Internet Download Manager\IEGetAll.htm O8 -: Download FLV Video Inhalt mit IDM - E:\Programme\Internet Download Manager\IEGetVL.htm O8 -: Download mit IDM - E:\Programme\Internet Download Manager\IEExt.htm O8 -: Mit &Google suchen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.htm ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 11:37:22 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Weitere, laufende Prozesse ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\cFosSpeed\spd.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure\Common\FSMA32.EXE C:\Programme\F-Secure\Anti-Virus\fsgk32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\F-Secure\Common\FSMB32.EXE C:\Programme\UPHClean\uphclean.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\F-Secure\Common\FCH32.EXE C:\Programme\F-Secure\Common\FAMEH32.EXE C:\Programme\F-Secure\Anti-Virus\fsqh.exe C:\Programme\F-Secure\FSGUI\fsguidll.exe C:\Programme\F-Secure\Anti-Virus\fssm32.exe C:\Programme\F-Secure\FSAUA\program\fsaua.exe C:\Programme\F-Secure\FWES\program\fsdfwd.exe E:\Programme\PopTray\PopTray.exe C:\Programme\F-Secure\FSAUA\program\fsus.exe C:\PROGRA~1\F-Secure\ANTI-V~1\fsav32.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-08-16 11:38:58 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-08-16 09:38:51 Pre-Run: 10 Verzeichnis(se), 16,649,424,896 Bytes frei Post-Run: 13 Verzeichnis(se), 16,605,233,152 Bytes frei 325 --- E O F --- 2008-08-06 19:57:00 |
|
|
Gast_Poulsen_* |
16.08.2008, 11:07
Beitrag
#5
|
Threadersteller Gäste |
|
|
|
16.08.2008, 11:10
Beitrag
#6
|
|
AV-Spezialist Gruppe: Mitarbeiter Beiträge: 2.935 Mitglied seit: 27.04.2003 Wohnort: Nordhorn Mitglieds-Nr.: 59 |
Nein, es ist nur eine kleine Sicherheitfunktion. Sprich es wird nur geprueft und nicht geloescht...
Ansonsten seh ich nichts auffaelliges... -------------------- MfG Ralf
|
|
|
Gast_Poulsen_* |
16.08.2008, 11:34
Beitrag
#7
|
Threadersteller Gäste |
@raman
ich danke Dir für die Hilfe. |
|
|
Vereinfachte Darstellung | Aktuelles Datum: 13.05.2024, 07:49 |