Eine wirkliche Spezie... Trj/Nabload.DPS :(, Trojaner Nabload.DPS seit 1Woche hier am wuseln...werd ihn nicht los. |
Willkommen, Gast ( Anmelden | Registrierung )
Eine wirkliche Spezie... Trj/Nabload.DPS :(, Trojaner Nabload.DPS seit 1Woche hier am wuseln...werd ihn nicht los. |
14.02.2010, 14:26
Beitrag
#1
|
|
War schon mal da Gruppe: Mitglieder Beiträge: 45 Mitglied seit: 21.08.2009 Wohnort: Bremen Mitglieds-Nr.: 7.687 Betriebssystem: windows vista Virenscanner: Avira Firewall: Comodo |
Hallo,
vor ner Woche hab ich per panda security nen online scan durchgeführt da insgesamt 5mal nen account von mir auf einer der großen online communitys gesperrt war (...mit der begründung das dieser account gecrackt wurde!) , wobei nebst ein paar cookies auch der Nabload.DPS Trojaner gefunden wurde. Panda konnte ihn nach dem auffinden nicht desinfizieren , woraufhin ich mich auf die Suche nach nem Tool hierfür gemachthabe-ohne Erfolg:( Scheint ne wirkliche Spezie zu sein...mit unglaublichen Mimikry-Talent. (Norton wuselt so in seelenruhe auf meinem PC herum...schnaaarch!) Der Räuber steckt jedenfalls (bisher?) in 2 combofix dateien : 1. c:\users\sic\downloads\combofix.exe[32788r22fwjfw\catchme.cfxxe] 2. c:\combofix\catchme.cfxxe Hab die erste auch bei virustotal hochgeladen... das ergebnis von catchme.cfxxs http://www.virustotal.com/de/analisis/480a...72d0-1265836637 die zweite konnte ich nicht finden und somit nicht hochladen...denke aber,es wäre nix besseres bei rumgekommen. Mittlerweile komm ich noch nichteinmal in den normalen modus. windows fährt hoch aber bleibt nach der eingabe des konto-passworts stehen. Funkenstille. ich hab schon versucht per rootkit cleaner irgendwas zu erreichen-aber nicht bedacht das im abgesicherten modus sowas nicht funzt. Mein Hijackthislog ist hier... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:22:36, on 14.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{56FB059E-49F3-4CFD-A117-DC47D0BC215F}: NameServer = 213.191.92.86 62.109.123.6 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadcam.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate1ca11d4c0f3da50) (gupdate1ca11d4c0f3da50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 7783 bytes |
|
|
14.02.2010, 16:15
Beitrag
#2
|
|
War schon mal da Gruppe: Mitglieder Beiträge: 45 Mitglied seit: 21.08.2009 Wohnort: Bremen Mitglieds-Nr.: 7.687 Betriebssystem: windows vista Virenscanner: Avira Firewall: Comodo |
ich hatte damals combofix laut anweisung von jemanden aus diesem forum scannen lassen.
ich ahtte damals ein problem mit virtumonde hier die logs ComboFix 09-08-20.07 - sic 21.08.2009 18:41.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2012.882 [GMT 2:00] ausgeführt von:: c:\users\sic\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\2d438c.msi c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((( Dateien erstellt von 2009-07-21 bis 2009-08-21 )))))))))))))))))))))))))))))) . 2009-08-21 14:30 . 2009-08-19 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVENG.SYS 2009-08-21 14:30 . 2009-08-19 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVEX15.SYS 2009-08-21 14:30 . 2009-08-19 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVENG32.DLL 2009-08-21 14:30 . 2009-08-19 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVEX32A.DLL 2009-08-21 14:30 . 2009-08-19 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\ECMSVR32.DLL 2009-08-21 14:30 . 2009-07-31 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\EECTRL.SYS 2009-08-21 14:30 . 2009-07-31 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\CCERASER.DLL 2009-08-21 14:30 . 2009-07-31 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\ERASER.SYS 2009-08-20 03:21 . 2009-08-20 03:21 -------- d-----w- c:\windows\system32\Adobe 2009-08-20 00:27 . 2009-08-20 00:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-08-20 00:23 . 2009-08-20 00:25 -------- d-----w- c:\windows\system32\LastFM Motorokr Screensaver dir 2009-08-20 00:23 . 2009-08-20 00:23 520192 ----a-w- c:\windows\system32\LastFM Motorokr Screensaver.scr 2009-08-19 23:35 . 2009-08-19 23:35 1924440 ----a-w- c:\users\sic\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-08-19 11:23 . 2009-08-19 11:23 -------- d-----w- c:\program files\CCleaner 2009-08-19 09:49 . 2009-08-21 14:24 -------- d-----w- c:\program files\Top-Rechnung2008v50 2009-08-19 09:49 . 2009-08-21 14:24 -------- d-----w- c:\windows\uninstall 2009-08-18 13:32 . 2009-08-18 13:32 -------- d-----w- c:\users\sic\AppData\Roaming\PeerNetworking 2009-08-18 13:31 . 2009-08-18 13:31 -------- d-----w- c:\users\sic\AppData\Roaming\CopyTransDoctor 2009-08-18 13:29 . 2009-08-18 13:30 -------- d-----w- c:\users\sic\AppData\Roaming\iLibs 2009-08-18 13:27 . 2009-08-21 14:24 -------- d-----w- c:\programdata\WindSolutions 2009-08-18 13:27 . 2009-08-18 13:28 -------- d-----w- c:\users\sic\AppData\Roaming\WindSolutions 2009-08-16 12:24 . 2009-08-21 14:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-08-16 12:24 . 2009-08-16 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-15 22:22 . 2009-08-17 08:58 680 ----a-w- c:\users\sic\AppData\Local\d3d9caps.dat 2009-08-12 02:22 . 2009-07-11 23:15 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-12 02:22 . 2009-07-11 23:15 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-12 02:22 . 2009-07-11 23:15 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-12 02:22 . 2009-07-11 23:15 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-12 02:22 . 2009-07-11 23:15 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-11 23:02 . 2009-08-11 23:02 -------- d-----w- c:\programdata\Ableton 2009-08-11 23:02 . 2009-08-11 23:02 -------- d-----w- c:\users\sic\AppData\Roaming\Ableton 2009-08-11 22:45 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\users\sic\AppData\Local\Native Instruments 2009-08-11 19:48 . 2009-08-11 19:48 -------- d-----w- c:\program files\Native Instruments 2009-08-11 15:53 . 2009-08-11 15:53 -------- d-----w- c:\program files\ASIO4ALL v2 2009-08-09 16:20 . 2009-08-09 16:20 -------- d-----w- c:\users\sic\AppData\Roaming\DivX 2009-08-09 00:28 . 2009-08-09 00:28 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-08-09 00:28 . 2009-08-09 00:29 -------- d-----w- c:\program files\DivX 2009-08-07 18:42 . 2009-08-07 18:42 -------- d-----w- c:\users\sic\AppData\Roaming\MixMeister Technology 2009-08-07 18:42 . 2009-08-07 18:42 -------- d-----w- c:\program files\MixMeister Fusion 2009-08-06 18:07 . 2009-08-06 18:07 -------- d-----w- c:\programdata\ALM 2009-08-05 03:24 . 2009-08-05 03:24 -------- d-----w- c:\programdata\FLEXnet 2009-08-05 03:15 . 2009-08-05 03:15 -------- d-----w- c:\program files\Adobe Media Player 2009-08-05 03:13 . 2009-08-05 03:13 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-08-05 03:10 . 2009-08-05 03:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-08-05 01:09 . 2009-08-05 01:09 -------- d-----w- c:\users\sic\AppData\Local\eMule 2009-08-05 01:09 . 2009-08-05 01:09 -------- d-----w- c:\programdata\eMule 2009-08-04 20:31 . 2009-08-04 20:34 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-04 20:31 . 2009-08-04 20:31 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-04 18:25 . 2009-08-04 18:28 -------- d-----w- c:\users\sic\sic 2009-08-04 15:13 . 2009-06-04 07:40 43872 ------w- c:\windows\system32\drivers\PxHelp20.sys 2009-08-04 15:13 . 2009-06-04 07:40 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-08-04 15:13 . 2009-06-04 07:40 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-08-04 15:13 . 2009-08-04 15:13 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-08-03 21:28 . 2009-08-03 21:28 339968 ----a-w- c:\windows\system32\pythoncom25.dll 2009-08-03 21:28 . 2009-08-03 21:28 2117632 ----a-w- c:\windows\system32\python25.dll 2009-08-03 21:28 . 2009-08-03 21:28 114688 ----a-w- c:\windows\system32\pywintypes25.dll 2009-08-03 21:28 . 2008-09-16 16:26 1332197 ----a-w- c:\windows\system32\pythondll.zip 2009-08-02 16:07 . 2009-08-02 16:07 -------- d-----w- c:\users\sic\AppData\Local\Mozilla 2009-08-02 16:07 . 2009-03-12 08:42 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2009-08-02 15:22 . 2009-08-02 15:22 -------- d-----w- c:\users\sic\AppData\Local\Power2Go 2009-08-01 20:21 . 2009-08-01 20:21 -------- d-----w- c:\users\sic\AppData\Roaming\Canneverbe_Limited 2009-08-01 20:21 . 2009-08-01 20:21 -------- d-----w- c:\program files\CDBurnerXP 2009-08-01 18:02 . 2009-08-18 10:02 -------- d-----w- c:\users\sic\AppData\Roaming\Download Manager 2009-08-01 17:40 . 2009-08-01 17:40 -------- d-----w- c:\users\sic\AppData\Local\ASUS 2009-08-01 14:10 . 2009-08-01 14:10 -------- d-----w- c:\program files\Audacity 2009-08-01 13:01 . 2009-08-01 13:01 53319 ----a-w- c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe 2009-08-01 13:00 . 2009-08-01 13:00 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe 2009-08-01 12:58 . 2007-01-08 20:17 27168 ------w- c:\windows\system32\msxml3a.dll 2009-08-01 12:50 . 2008-09-25 08:33 34088 ----a-w- c:\programdata\CyberLink\Power2Go\P2GoGadget.dll 2009-08-01 12:49 . 2009-08-01 12:49 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe 2009-08-01 12:48 . 2009-08-01 12:48 -------- d-----w- C:\MyWorks 2009-08-01 12:47 . 2007-03-22 19:28 1053232 ------w- c:\windows\system32\MFC71u.dll 2009-08-01 12:47 . 2007-03-22 19:28 1066544 ------w- c:\windows\system32\MFC71.dll 2009-08-01 12:46 . 2009-08-01 13:01 -------- d-----w- c:\program files\CyberLink 2009-08-01 12:46 . 2009-08-01 12:50 -------- d-----w- c:\programdata\CyberLink 2009-08-01 12:46 . 2009-08-01 12:46 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe 2009-08-01 12:38 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-08-01 12:38 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-08-01 12:37 . 2009-08-01 12:37 -------- d-----w- c:\program files\iPod 2009-08-01 11:47 . 2009-08-01 11:47 -------- d-----w- c:\users\sic\AppData\Roaming\Sony 2009-08-01 11:46 . 2009-08-01 11:46 -------- d-----w- c:\users\sic\AppData\Roaming\Publish Providers 2009-08-01 11:46 . 2009-08-01 11:46 -------- d-----w- c:\users\sic\AppData\Roaming\NetMedia Providers 2009-08-01 10:03 . 2009-03-12 08:42 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2009-08-01 01:10 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-07-31 21:51 . 2009-07-31 21:51 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe 2009-07-31 21:51 . 2009-07-31 21:51 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat 2009-07-31 21:51 . 2009-07-31 21:51 -------- d-----w- c:\programdata\Last.fm 2009-07-31 21:51 . 2009-07-31 21:51 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe 2009-07-31 21:50 . 2009-07-31 21:50 -------- d-----w- c:\users\sic\AppData\Local\Last.fm 2009-07-31 21:50 . 2009-07-31 21:50 -------- d-----w- c:\program files\Last.fm 2009-07-31 18:45 . 2009-08-01 11:45 -------- d-----w- c:\users\sic\AppData\Local\Sony 2009-07-31 18:42 . 2009-07-31 19:40 -------- d-----w- c:\program files\Sony Setup 2009-07-31 18:21 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-07-31 18:21 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-07-31 18:21 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-07-31 18:21 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-07-31 18:21 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2009-07-31 18:17 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2009-07-31 18:17 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll 2009-07-31 18:17 . 2008-12-16 05:31 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-31 18:17 . 2008-12-16 05:31 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-31 18:17 . 2008-12-16 03:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-31 18:15 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-07-31 18:14 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll 2009-07-31 18:00 . 2009-08-21 14:34 -------- d-----w- c:\program files\VstPlugins 2009-07-31 17:59 . 2009-07-31 17:59 -------- d-----w- c:\program files\Outsim 2009-07-31 17:58 . 2009-08-21 14:28 -------- d-----w- c:\program files\Image-Line 2009-07-31 16:09 . 2009-07-11 23:15 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll 2009-07-31 16:09 . 2009-07-11 23:15 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll 2009-07-31 16:09 . 2009-07-11 23:15 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys 2009-07-31 16:09 . 2009-07-11 23:15 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys 2009-07-31 16:09 . 2009-07-11 23:15 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys 2009-07-31 15:44 . 2009-08-01 14:05 -------- d-----w- c:\users\sic\AppData\Roaming\Audacity 2009-07-31 15:43 . 2009-07-31 15:43 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-07-31 15:36 . 2009-08-21 14:26 -------- d-----w- c:\program files\Steinberg 2009-07-31 15:36 . 2009-07-31 15:36 -------- d-----w- c:\program files\Common Files\KORG 2009-07-31 15:36 . 2009-07-31 15:36 -------- d-----w- c:\program files\KORG Legacy 2009-07-31 15:36 . 2009-07-31 15:36 -------- d-----w- c:\programdata\KORG 2009-07-31 15:11 . 2009-07-31 15:12 -------- d-----w- c:\programdata\WinZip 2009-07-31 14:34 . 2009-07-31 14:34 -------- d-----w- c:\users\sic\AppData\Local\Apple Computer 2009-07-31 14:34 . 2009-08-02 17:47 -------- d-----w- c:\users\sic\AppData\Roaming\Apple Computer 2009-07-31 14:33 . 2009-08-01 12:37 -------- d-----w- c:\program files\iTunes 2009-07-31 14:33 . 2009-07-31 14:33 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-31 14:31 . 2009-07-31 14:31 -------- d-----w- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-10 19:48 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat 2009-08-10 19:48 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat 2009-08-07 19:26 . 2009-08-07 19:26 766 ----a-r- c:\users\sic\AppData\Roaming\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe 2009-08-05 03:26 . 2009-07-30 21:52 49776 ----a-w- c:\users\sic\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-03 21:28 . 2008-07-29 10:54 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-02 18:24 . 2009-08-02 18:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-08-02 17:47 . 2009-08-02 17:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-08-01 13:17 . 2009-08-01 13:17 84 ---ha-w- c:\programdata\aspg.dat 2009-08-01 13:06 . 2009-07-31 10:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-01 10:04 . 2009-07-31 10:25 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-08-01 10:04 . 2009-07-31 10:25 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-08-01 02:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-01 02:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-07-31 10:35 . 2009-07-31 10:35 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_K50IJ.alu 2009-07-31 10:26 . 2009-07-31 10:21 -------- d-----w- c:\programdata\Norton 2009-07-31 10:21 . 2009-07-31 10:21 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-07-31 10:21 . 2009-07-31 10:21 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-07-31 10:21 . 2009-07-31 10:21 288104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CPDOEM\CPDOEM.dll 2009-07-31 10:21 . 2009-07-31 10:21 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-07-31 10:21 . 2009-07-31 10:21 -------- d-----w- c:\program files\Norton Internet Security 2009-07-31 10:21 . 2009-07-31 10:21 -------- d-----w- c:\programdata\NortonInstaller 2009-07-31 10:21 . 2009-07-31 10:21 -------- d-----w- c:\program files\NortonInstaller 2009-07-31 10:16 . 2009-07-31 10:06 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-31 10:06 . 2009-07-31 10:06 -------- d-----w- c:\program files\VIA 2009-07-30 21:50 . 2009-07-30 21:50 -------- d-sh--we c:\programdata\Vorlagen 2009-07-30 21:50 . 2009-07-30 21:50 -------- d-sh--we c:\programdata\Startmenü 2009-07-30 21:50 . 2009-07-30 21:50 -------- d-sh--we c:\programdata\Favoriten 2009-07-30 21:50 . 2009-07-30 21:50 -------- d-sh--we c:\programdata\Dokumente 2009-07-30 21:50 . 2009-07-30 21:50 -------- d-sh--we c:\programdata\Anwendungsdaten 2009-07-30 21:50 . 2009-07-30 21:50 -------- d-sh--we c:\program files\Gemeinsame Dateien 2009-07-18 16:06 . 2009-07-31 18:15 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-31 18:15 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-31 18:15 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-07-11 23:15 . 2009-07-31 10:21 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-07-11 23:15 . 2009-07-31 10:21 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 23:15 . 2009-07-31 10:21 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 23:15 . 2009-07-31 10:21 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 23:15 . 2009-07-31 10:21 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-09 10:16 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 10:16 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-15 15:24 . 2009-07-31 18:18 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-31 18:18 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-31 18:18 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-31 18:18 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-12 17:53 . 2008-07-29 10:53 368640 ----a-w- c:\windows\system32\ReWire.dll 2008-12-23 11:36 . 2008-12-23 11:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2008-05-22 06:35 . 2008-05-22 06:35 51962 ----a-w- c:\program files\Common Files\banner.jpg 2007-06-12 07:34 . 2007-06-12 07:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{89E160C3-BABF-49A1-8CEE-B189FCCF5073}"= c:\program files\Skype\Phone\Skype.exe:Skype "{994523C1-2021-49DE-A342-F595A6399844}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{0C2806F4-69E5-4FB2-BC02-8C816E979B8D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FA6D4CFA-5DDE-4954-B2EB-FAB4C45D784B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{76B94052-8486-4A02-AEDE-58BED9B8EC95}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{0CCF3C69-84D7-407D-9E3A-0780BB78F151}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{13F72BE5-1219-4947-B7B9-709E2C60B7DD}"= c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe:Symantec Service Framework "{1B099D6F-1B74-4DB4-9033-98348FFACF1B}"= UDP:5353:Adobe CSI CS4 "{815DBF82-8AA8-4BDA-97C7-A9A1F7B3B85E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{7E5FCCAD-1C35-42A1-8CDE-125386566389}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{79F52F5A-E6B3-46F0-AAAC-80236C0C7A09}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{AE3D2F09-ADEF-44F7-B8A8-815C16B43506}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [31.07.2009 12:14 15416] R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [01.08.2009 12:04 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [01.08.2009 12:04 258608] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [01.08.2009 12:03 482352] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [12.08.2009 04:22 293424] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [01.08.2009 12:03 115560] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [16.08.2009 14:24 1153368] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [31.07.2009 10:00 101936] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [31.07.2009 12:08 48128] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\System32\drivers\SRS_PremiumSound_i386.sys [31.07.2009 12:20 230952] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [01.08.2009 12:04 39984] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [31.07.2009 12:06 984064] S2 gupdate1ca11d4c0f3da50;Google Update Service (gupdate1ca11d4c0f3da50);c:\program files\Google\Update\GoogleUpdate.exe [31.07.2009 13:47 133104] S3 CRFILTER;USB Mass Storage Filter;c:\windows\System32\drivers\CRFILTER.sys [07.04.2008 08:00 6656] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\System32\drivers\ETD.sys [31.07.2009 12:22 140800] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31.07.2009 14:49 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 533360] . Inhalt des "geplante Tasks" Ordners 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 11:47] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 11:47] 2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{BB51562E-E818-4E28-995B-06C015D21A84}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ uInternet Settings,ProxyOverride = *.local DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab FF - ProfilePath - c:\users\sic\AppData\Roaming\Mozilla\Firefox\Profiles\9502pxtn.default\ FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q= FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(2856) c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\audiodg.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ASUS\ATK Hotkey\AsLdrSrv.exe c:\windows\System32\wlanext.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\rpcnet.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\ASUS\ASUS CopyProtect\ASPG.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\program files\ASUS\Splendid\ACMON.exe c:\program files\ASUS\Wireless Console 3\wcourier.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\windows\System32\conime.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\windows\System32\ACEngSvr.exe c:\windows\System32\igfxsrvc.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-08-21 18:58 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-08-21 16:58 Vor Suchlauf: 7 Verzeichnis(se), 171.685.883.904 Bytes frei Nach Suchlauf: 7 Verzeichnis(se), 171.523.010.560 Bytes frei 364 --- E O F --- 2009-08-01 10:25 2009-08-21 16:52:16 . 2009-08-21 16:52:30 45,056 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\acovcnt.exe.vir 2009-08-21 16:47:41 . 2009-08-21 16:47:41 5,721 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-08-21 16:39:45 . 2009-08-21 16:41:43 62 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-08-01 12:46:57 . 2009-08-01 12:46:57 5,644,288 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\2d438c.msi.vir |
|
|
Vereinfachte Darstellung | Aktuelles Datum: 20.05.2024, 03:07 |