Ist mein laptop noch in ordnung? Combofix log und Hijackthis log vorhanden |
||
---|---|---|
#0
| ||
13.03.2008, 15:41
Member
Beiträge: 20 |
||
|
||
14.03.2008, 00:38
Ehrenmitglied
Beiträge: 6028 |
#2
Warum willst du die entfernen?
Zitat Folgendes kann ich nicht fixen weil es immer wieder da ist: __________ MfG Argus |
|
|
||
14.03.2008, 10:28
Member
Themenstarter Beiträge: 20 |
#3
Weil wenn ich den log auf die Hijackthis seite gebe steht das man den eintrag unbedingt fixen muss. bzw. es ist ein rotes x dabei
|
|
|
||
14.03.2008, 11:49
Ehrenmitglied
Beiträge: 6028 |
||
|
||
14.03.2008, 14:08
Member
Themenstarter Beiträge: 20 |
#5
ok is in ordnung, und der rest passt? ich mein wenn ich nix offen habe laufen bei mir 64 prozesse ist das normal ????
|
|
|
||
14.03.2008, 14:19
Ehrenmitglied
Beiträge: 6028 |
||
|
||
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1281 [GMT 1:00]
ausgeführt von:: C:\Users\Dinko\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
((((((((((((((((((((((( Dateien erstellt von 2008-02-13 bis 2008-03-13 ))))))))))))))))))))))))))))))
.
2008-03-12 08:14 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-12 08:14 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-02-18 19:49 . 2008-02-18 19:49 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-18 19:49 . 2008-02-18 19:49 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-18 19:43 . 2008-02-18 19:43 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-18 19:43 . 2008-02-18 19:43 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-18 19:43 . 2008-02-18 19:43 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-18 19:43 . 2008-02-18 19:43 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-18 19:43 . 2008-02-18 19:43 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-18 19:43 . 2008-02-18 19:43 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-18 19:43 . 2008-02-18 19:43 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-18 19:42 . 2008-02-18 19:42 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-18 19:42 . 2008-02-18 19:42 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-18 19:42 . 2008-02-18 19:42 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-18 19:42 . 2008-02-18 19:42 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-18 19:42 . 2008-02-18 19:42 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-18 19:42 . 2008-02-18 19:42 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-18 19:42 . 2008-02-18 19:42 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-18 19:35 . 2008-02-18 19:35 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 18:41 . 2003-03-16 00:15 90,112 --a------ C:\Windows\unvise32.exe
2008-02-18 18:36 . 2008-02-19 13:15 <DIR> d-------- C:\Program Files\SoldnerSecretWars
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 14:32 --------- d-----w C:\Users\Dinko\AppData\Roaming\DNA
2008-03-13 13:16 --------- d-----w C:\Users\Dinko\AppData\Roaming\Skype
2008-03-13 08:18 --------- d-----w C:\Users\Dinko\AppData\Roaming\skypePM
2008-03-12 08:32 --------- d-----w C:\Program Files\Windows Mail
2008-03-09 18:11 --------- d-----w C:\Users\Dinko\AppData\Roaming\teamspeak2
2008-03-05 13:55 --------- d-----w C:\Users\Dinko\AppData\Roaming\BitTorrent
2008-02-19 14:24 --------- d-----w C:\Program Files\Winamp
2008-02-18 18:42 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-18 18:42 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-18 18:42 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-18 18:42 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 18:36 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-18 18:36 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-18 18:36 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-18 18:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 14:31 --------- d-----w C:\ProgramData\Roxio
2008-02-09 15:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 16:30 --------- d-----w C:\Program Files\QuickTime
2008-02-02 18:16 --------- d-----w C:\ProgramData\LightScribe
2008-01-31 20:18 --------- d-----w C:\ProgramData\Apple Computer
2008-01-31 20:09 --------- d-----w C:\Users\Dinko\AppData\Roaming\Apple Computer
2008-01-31 20:07 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-31 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 10:40 --------- d-----w C:\Program Files\World of Warcraft
2008-01-29 08:58 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-28 15:29 --------- d-----w C:\Users\Dinko\AppData\Roaming\Roxio
2008-01-22 22:20 --------- d-----w C:\ProgramData\Apple
2008-01-22 22:20 --------- d-----w C:\Program Files\Apple Software Update
2008-01-22 16:01 --------- d-----w C:\Program Files\Syncrosoft
2008-01-21 15:59 --------- d-----w C:\Users\Dinko\AppData\Roaming\Steinberg
2008-01-18 15:01 --------- d-----w C:\Users\Dinko\AppData\Roaming\Winamp
2008-01-15 12:29 --------- d-----w C:\Program Files\Native Instruments
2008-01-14 23:02 --------- d-----w C:\Users\Dinko\AppData\Roaming\concept design
2008-01-14 09:48 50 ----a-w C:\Users\Dinko\AppData\Roaming\wklnhst.dat
2008-01-14 09:48 --------- d-----w C:\Users\Dinko\AppData\Roaming\Template
2008-01-09 08:05 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-21 09:27 5,862,994 ----a-w C:\Users\Dinko\ts2_client_rc2_2032.exe
2007-12-13 22:53 174 --sha-w C:\Program Files\desktop.ini
2007-12-13 22:33 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-13 22:33 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-13 22:33 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-13 22:33 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-13 22:33 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-13 22:33 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-13 22:32 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-13 22:32 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-13 22:32 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-13 22:32 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-13 22:32 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-13 22:32 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-13 22:32 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-13 22:32 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-13 22:32 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-13 22:32 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-13 22:32 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-13 22:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-13 22:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-13 22:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-13 22:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-13 22:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-13 22:31 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-13 22:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-13 22:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-13 22:31 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-13 22:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-13 22:30 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-13 22:30 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-13 22:27 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-12-13 22:26 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-13 22:26 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-13 22:26 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-13 22:26 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-13 22:26 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-13 22:26 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-13 22:26 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-13 22:26 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-13 22:26 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-13 22:26 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-13 22:24 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-13 22:23 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-12-13 22:23 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-12-13 22:22 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 22:20 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 22:20 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-13 22:20 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-13 22:20 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-13 22:20 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-13 22:20 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-13 22:20 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-13 22:20 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 22:20 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-13 22:20 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-13 22:20 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-13 22:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-13 22:16 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-13 22:16 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-13 22:12 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-13 22:11 5,120 ----a-w C:\Windows\System32\wmi.dll
2007-12-13 22:11 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2007-12-13 22:10 750,080 ----a-w C:\Windows\System32\qmgr.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:05 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BitTorrent DNA"="C:\Users\Dinko\Program Files\DNA\btdna.exe" [2008-02-20 07:10 287040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 23:28 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 02:11 176128]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 19:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 19:54 50696]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 00:38 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 00:38 81920]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 21:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 00:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-15 13:54 249896]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7225057D-4C93-46C6-82F1-09AF84568652}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{8E2A0E27-212D-473F-BD20-395990CB367E}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{6109805B-5ADA-42BA-A81F-9EADC7279195}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{B72CA775-AC8B-44F0-9E32-6AA20244C0B7}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E346E4D5-E73F-4667-9626-3C691BDFDCAC}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F450FC94-9640-48B6-A2E0-2AA8B797F40A}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{C4BDC1F6-A48F-4DE7-89BA-E7F7E21F3FF6}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{8EDE109E-2182-41BB-B7E2-657C4940C9D0}"= UDP:C:\Program Files\Tele2\Installer_COMPLETE\Installer_Complete.exe:Tele2 Internet Installation
"{2752C6D1-0463-4AF2-A07F-EC70023EAAB3}"= TCP:C:\Program Files\Tele2\Installer_COMPLETE\Installer_Complete.exe:Tele2 Internet Installation
"TCP Query User{555C9DFB-55D8-4B99-9B81-00E00C48DA3C}C:\program files\videolan\vlc\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"UDP Query User{20FEA9BD-B9A7-4829-A44B-461B108B2D63}C:\program files\videolan\vlc\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"{4EB68578-B631-40A1-848F-C7D943FB61EB}"= UDP:C:\Program Files\Tele2\Installer_COMPLETE\Installer_Complete.exe:Tele2 Internet Installation
"{E168191B-6DA4-4C36-8B8A-466731453835}"= TCP:C:\Program Files\Tele2\Installer_COMPLETE\Installer_Complete.exe:Tele2 Internet Installation
"{D56D93E3-7BE3-4CE9-8DA6-E0FA0259AD3E}"= UDP:C:\Program Files\Tele2\SupportCenter\SupportCenter.exe:Tele2 Support Center
"{96853286-B2E4-461B-ADDB-67FFDB8A834B}"= TCP:C:\Program Files\Tele2\SupportCenter\SupportCenter.exe:Tele2 Support Center
"TCP Query User{5F641628-8EAD-4C64-8C81-AEF751349C80}C:\program files\world of warcraft\wow-1.12.0-dede-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-dede-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"UDP Query User{A84E69F9-F0D6-4569-92D2-01E0071C5788}C:\program files\world of warcraft\wow-1.12.0-dede-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-dede-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"TCP Query User{2BAC9894-3084-4CA7-944A-ADE5013AE910}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{9FE37E37-379A-49CD-B27E-EAAB06AACAB9}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"TCP Query User{4E12E38D-8C0B-498E-912E-6003C9420351}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"UDP Query User{CEC692C1-1BB6-465C-AD2C-F1084F6FBB9E}C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-dede-patch-downloader.exe:Blizzard Downloader|Desc=Blizzard Downloader
"TCP Query User{45426DF9-3C8C-4B1B-B322-9C08D14878EE}C:\program files\world of warcraft\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility|Desc=Blizzard Repair Utility
"UDP Query User{9AD23FDF-1A28-48C9-A964-432A8F08B42A}C:\program files\world of warcraft\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility|Desc=Blizzard Repair Utility
"{1474E3C5-8766-473A-AC95-100B3229CB29}"= UDP:3724:WOW-1
"{9FD5386E-9FE1-4C8C-AE33-B402C92C64A5}"= UDP:6112:WOW-2
"{95A4DF46-10FB-4DA7-BD53-CA83EADB87C4}"= UDP:6881:WOW-3
"{A0AE1AA8-11E0-4633-9039-2A7BED220464}"= UDP:6999:WOW-4
"{0116AFDC-8F8B-44FA-8E79-CFFC13519131}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{14871DC2-76B5-40A8-ABE0-71F11297BA2D}"= TCP:C:\Program Files\DNA\btdna.exeNA
"TCP Query User{EFD156A2-ADE3-4AD9-8586-C6620295A668}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{E9112FF8-0F26-4E62-B5CA-0811D518128E}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"TCP Query User{B6D57F85-E972-4352-9A04-A16A1F03B36F}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{DFA721F1-1FAC-4DA3-8D1F-2960168D80A9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{9A5D5B70-793E-46C4-9572-E77351E03F3E}C:\users\dinko\program files\dna\btdna.exe"= UDP:C:\users\dinko\program files\dna\btdna.exe:btdna.exe|Desc=btdna.exe
"UDP Query User{0B28E096-F6E3-4667-9FD8-3C780EE9927B}C:\users\dinko\program files\dna\btdna.exe"= TCP:C:\users\dinko\program files\dna\btdna.exe:btdna.exe|Desc=btdna.exe
"TCP Query User{75E0E4FB-267A-4FF6-A67C-7185047E9E84}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{6ABBA861-67FC-4F12-88D8-7CC02C6FE7E9}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"{4A69EF9B-27F5-44C2-B2C3-6F27CBF3A5FB}"= UDP:C:\Program Files\PPLive\PPLive.exePLive
"{579B971A-5EC6-43BE-9331-8DA8D7D1148F}"= TCP:C:\Program Files\PPLive\PPLive.exePLive
"TCP Query User{8FCF4ACC-995D-4479-ACC1-4DA16D21E32C}C:\program files\k-lite codec pack\media player classic\mplayerc.exe"= UDP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic|Desc=Media Player Classic
"UDP Query User{F6618EEF-78E4-4736-91A3-2ED3F5372142}C:\program files\k-lite codec pack\media player classic\mplayerc.exe"= TCP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic|Desc=Media Player Classic
"TCP Query User{47172927-3239-49C4-B200-E2CF0E5CE2A0}C:\program files\winamp\winamp.exe"= UDP:C:\program files\winamp\winamp.exe:Winamp|Desc=Winamp
"UDP Query User{F7C55BD8-375B-4860-A847-CBDA034FC410}C:\program files\winamp\winamp.exe"= TCP:C:\program files\winamp\winamp.exe:Winamp|Desc=Winamp
"TCP Query User{ED37C0A4-7EE9-4BA7-850C-5C9CFE5E3B3A}C:\program files\quicktime\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Ressourcendatei|Desc=QuickTime Ressourcendatei
"UDP Query User{E582964F-4640-4723-BBB0-4C007F62ADA3}C:\program files\quicktime\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Ressourcendatei|Desc=QuickTime Ressourcendatei
"TCP Query User{6323BC56-0BAC-410C-A402-EBFFAA38BB75}C:\program files\sierra\fear\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate|Desc=fpupdate
"UDP Query User{1747D9B9-C604-4B54-B99E-CF4982967B8A}C:\program files\sierra\fear\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate|Desc=fpupdate
"TCP Query User{DDABBA87-F3F7-4F6E-8574-9EA710BA13C1}C:\program files\sierra\fear\fearserver.exe"= UDP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server|Desc=F.E.A.R. Stand-Alone Server
"UDP Query User{0FD0B578-B872-499B-862A-4041F6970804}C:\program files\sierra\fear\fearserver.exe"= TCP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server|Desc=F.E.A.R. Stand-Alone Server
"{371E09B5-985E-4326-BA89-85892EB09314}"= UDP:C:\Program Files\Tele2\SupportCenter\SupportCenter.exe:Tele2 Support Center
"{EBAF877F-6634-48F2-87E8-4534B2EB1157}"= TCP:C:\Program Files\Tele2\SupportCenter\SupportCenter.exe:Tele2 Support Center
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50]
S2 LVEzLoader;LifeView EZ-USB FX2 FIRMWARE LOADER (LVEzLD06.sys);C:\Windows\system32\Drivers\LVEzLD06.sys [2005-05-19 04:48]
S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43]
S3 LifeView_USBDVBT;LVUSB Service;C:\Windows\system32\Drivers\LVUSB_TX.sys [2005-06-16 05:08]
.
Inhalt des "geplante Tasks" Ordners
"2008-03-13 08:18:30 C:\Windows\Tasks\User_Feed_Synchronization-{4DDC606A-97A8-426D-B247-1F4991DCF188}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 15:36:53
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-03-13 15:38:51
.
2008-03-12 08:12:37 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 15:40:58, on 13.03.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Dinko\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dinko\Desktop\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2internet.at
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dinko\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Folgendes kann ich nicht fixen weil es immer wieder da ist:
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
Mein problem ist auch das ich ca. 63 Prozesse am laufen hab bei nur einem nutzer, ist das normal bei Vista???