Mal wieder Trojaner Vundo und Crypt.xpack |
||
---|---|---|
#0
| ||
21.05.2008, 00:07
Ehrenmitglied
Beiträge: 29434 |
||
|
||
21.05.2008, 01:21
Member
Themenstarter Beiträge: 19 |
#17
So hier der Report vom Online Scan !! ich bin zufrieden
Scanning Report Wednesday, May 21, 2008 00:38:55 - 05:39:58 Computer name: B-8D0AB22A49714 Scanning type: Scan system for malware, rootkits Target: C:\ Result: 1 malware found Tracking Cookie (spyware) * System Statistics Scanned: * Files: 34444 * System: 3801 * Not scanned: 7 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 1 * Submitted: 0 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Options Scanning engines: * F-Secure USS: 2.30.0 * F-Secure Hydra: 2.8.8110, 2008-05-20 * F-Secure AVP: 7.0.171, 2008-05-20 * F-Secure Pegasus: 1.20.0, 2008-04-15 * F-Secure Blacklight: 1.0.68 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics Copyright © 1998-2007 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. __________ MfG Mangekyou Dieser Beitrag wurde am 21.05.2008 um 05:44 Uhr von Mangekyou editiert.
|
|
|
||
21.05.2008, 12:10
Ehrenmitglied
Beiträge: 29434 |
#18
wende regstuff an + poste den report
http://virus-protect.org/registry_stuff.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2008, 13:14
Member
Themenstarter Beiträge: 19 |
#19
so das ist der Report:
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr ----------------------- ----------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "DependOnGroup"=hex(7):00 "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:00002cf3 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\concept design\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\concept design\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Warcraft III\\Warcraft III.exe"="C:\\Programme\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"="C:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe" "C:\\Programme\\Windows Media Player\\wmplayer.exe"="C:\\Programme\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer" "C:\\Programme\\Warcraft III\\war3.exe"="C:\\Programme\\Warcraft III\\war3.exe:*:Enabled:Warcraft III" "C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"="C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat"="C:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat:*:Enabled:patchgrabber" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"="C:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Programme\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client" "C:\\Programme\\NEXON\\EuropeMapleStory\\Patcher.exe"="C:\\Programme\\NEXON\\EuropeMapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????" "C:\\Programme\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"="C:\\Programme\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe:*:Enabled:battlefrontII" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002" "3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009" "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:65,7d,21,a5,9e,80,44,48,99,ae,25,92,f4,09,8a,e9 "AdjustedNullSessionPipes"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa] [HKEY_CURRENT_USER\Software\Microsoft\OLE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00 "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "LsaPid"=dword:000004d0 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "enabledcom"="y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:8d,6d,7f,08,f7,a8,83,9f,b7,9a,3e,1e,28,eb,cc,26,30,64,37,37,61,\ 61,37,61,00,fd,07,00,8c,72,00,00,34,fa,07,00,56,82,46,75,20,fa,07,00,40,fd,\ 07,00,4c,fd,07,00,a9,b3,82,f8,27,d4,77,da,20,dd,ef,0d [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:75,5c,4a,41,c6,38,8d,52,88 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:39,58,78,ea,90,fa [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:f6,03,a4,fd,54,bc,1c,8e,d5,16,5b,70,65,b2,45,c3 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:0e,69,9b,06,62,ba,c8,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,e0,60,91,1a,7a,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,e0,60,91,1a,7a,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,e0,60,91,1a,7a,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] So ich bin jetzt leider für ne Woche in Urlaub ... China ... *freu* wenn sich aus dem Report was ergibt dann das Thema bitte noch nicht schließen weil ich erst in ner Woche wieder da bin! __________ MfG Mangekyou Dieser Beitrag wurde am 21.05.2008 um 13:20 Uhr von Mangekyou editiert.
|
|
|
||
27.05.2008, 18:31
Member
Themenstarter Beiträge: 19 |
#20
So bin wieder aus China zurück, war super
wie gehts dir denn so? Nochma danke für die Hilfe __________ MfG Mangekyou |
|
|
||
28.05.2008, 00:57
Ehrenmitglied
Beiträge: 29434 |
#21
Hallo
dann kann es ja weiter gehen... scanne mit Kaspersky + poste den Report (auch die Mails mit scannen lassen) http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.06.2008, 23:43
Member
Themenstarter Beiträge: 19 |
#22
Hi ... also ich hab jetzt schon ne Woche rumprobiert aber dieser online scan funktioniert irgendwie nicht bei mir ... also ich hab zwar Firefox und habe es auch mit dem neusten Internet Explorer probiert aber das klappt nicht -.-
soll ich vll nen Kaspersky internet security check machen ?? ... also das Prog zum downlaoden benutzen weil das läuft nicht über nen online scan und funktioniert vll ? __________ MfG Mangekyou |
|
|
||
05.06.2008, 23:57
Ehrenmitglied
Beiträge: 29434 |
#23
nimm den bitdefender . (auch die Mails mit scannen lassen)
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.06.2008, 14:06
Member
Themenstarter Beiträge: 19 |
#24
Also ich hab mir den Bitdefender runtergeladen und installiert.
Aber dadurch ist mein PC sehr sehr langsam geworden so dass ich nichts mehr machen konnte ... ich hatte auch dann Probleme das wieder zu deinstallieren habs aber letzendlich geschafft und mein PC läuft wieder normal ... soll ich vll noch ein Antivir Scan machen ? __________ MfG Mangekyou |
|
|
||
11.06.2008, 14:29
Ehrenmitglied
Beiträge: 29434 |
#25
bitdefender lädt man eigentlich nicht , sondern es ist ein Onlinescan....
« wende sdfix im normalmodus an : RunThis.bat doppelt klicken schreibe rein: A poste hier den report http://virus-protect.org/artikel/tools/sdfix.html «« p.s. falls die Windowsupdates nicht funktionieren, wende dial-fix an http://virus-protect.org/artikel/tools/dial_a_fix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.06.2008, 17:30
Member
Themenstarter Beiträge: 19 |
#26
So hier der Report von Runthis.bat ... Windows Update funktioniert einwandfrei
System Report ************* Run on 11.06.2008 at 17:28 Microsoft Windows XP [Version 5.1.2600] Current user is an administrator Running Processes: \SystemRoot\System32\smss.exe [1032] \??\C:\WINDOWS\system32\csrss.exe [1152] \??\C:\WINDOWS\system32\winlogon.exe [1176] C:\WINDOWS\system32\services.exe [1220] C:\WINDOWS\system32\lsass.exe [1232] C:\WINDOWS\system32\svchost.exe [1372] C:\WINDOWS\system32\svchost.exe [1452] C:\WINDOWS\System32\svchost.exe [1488] C:\WINDOWS\system32\svchost.exe [1540] C:\WINDOWS\system32\svchost.exe [1624] C:\WINDOWS\system32\spoolsv.exe [228] C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [244] C:\Programme\FRITZ!DSL\IGDCTRL.EXE [364] C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [464] C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [528] C:\WINDOWS\system32\nvsvc32.exe [608] C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [724] C:\WINDOWS\system32\svchost.exe [756] C:\WINDOWS\Explorer.EXE [1932] C:\WINDOWS\System32\alg.exe [1000] C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [1340] C:\Programme\Analog Devices\SoundMAX\SMTray.exe [2212] C:\WINDOWS\system32\RUNDLL32.EXE [2424] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2512] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [2600] C:\Programme\iTunes\iTunesHelper.exe [2684] C:\Programme\QuickTime\qttask.exe [2752] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2820] C:\Programme\iPod\bin\iPodService.exe [2956] C:\Programme\Logitech\QuickCam\Quickcam.exe [2972] C:\WINDOWS\system32\ctfmon.exe [3036] C:\Programme\Messenger\msmsgs.exe [3184] C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE [3444] C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [3508] C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe [3524] C:\Programme\FRITZ!DSL\FwebProt.exe [3540] C:\Programme\FRITZ!DSL\StCenter.EXE [3712] C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe [1124] C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe [2096] C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe [2108] C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [3316] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [3656] C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2456] C:\Programme\Mozilla Firefox\firefox.exe [1224] Drivers - Running: ACEDRV05 ACPI aeaudio AEXPAM AFD AmdK7 atapi audstub avgntdd avgntmgr avipbb Beep Cdfs Cdrom Disk Fdc FETNDIS Fips Flpydisk FltMgr Ftdisk gameenum GEARAspiWDM Gpc HidUsb i8042prt Imapi IpNat IPSec isapnp Kbdclass kmixer KSecDD LVPr2Mon mnmdd Mouclass MountMgr MRxDAV MRxSmb Msfs mssmbios ms_mpu401 Mup NDIS NdisTapi Ndisuio NdisWan NDProxy NetBIOS NetBT nm NPF Npfs npkcrypt Ntfs Null nv odysseyIM3 Parport PartMgr ParVdm PCI PptpMiniport PSched Ptilink PxHelp20 RasAcd Rasl2tp RasPppoe Raspti Rdbss RDPCDD redbook Secdrv serenum Serial sfdrv01 sfhlp02 sfvfs02 smwdm sptd sr Srv ssmdrv swenum sysaudio Tcpip TermDD TNET1130 Update usbehci usbhub usbuhci VgaSave viaagp1 ViaIde VolSnap Wanarp wdmaud WS2IFSL Drivers - Stopped: Abiosdsk abp480n5 ACPIEC adpu160m aec Aha154x aic78u2 aic78xx AliIde amsint asc asc3350p asc3550 AsyncMac Atdisk Atmarpc Bfi02 catchme cbidf2k CCDECODE cd20xrnt Cdaudio Changer CmdIde Cpqarray dac960nt dmboot dmio dmload DMusic dpti2o drmkaud Fastfat hpn HTTP i2omgmt i2omp ini910u IntelIde Ip6Fw IpFilterDriver IpInIp IRENUM lbrtfdc LVcKap LVMVDrv LVUSBSta Modem mraid35x MSKSSRV MSPCLOCK MSPQM MSTEE NABTSFEC NdisIP NTSIM NwlnkFlt NwlnkFwd PCANDIS5 PCIDump PCIIde Pcmcia PDCOMP PDFRAME PDRELI PDRFRAME pepifilter perc2 perc2hib PID_PEPI ql1080 Ql10wnt ql12160 ql1240 ql1280 RDPWD Sfloppy Simbad SLIP Sparrow splitter streamip swmidi symc810 symc8xx sym_hi sym_u3 tcpsr TDPIPE TDTCP TosIde Udfs ultra usbaudio usbccgp usbprint USBSTOR WDICA WSTCODEC WudfPf WudfRd Services - Running: ALG AntiVirScheduler AntiVirService AudioSrv AVM BITS CryptSvc DcomLaunch Dhcp Dnscache ERSvc Eventlog EventSystem FastUserSwitchingCompatibility helpsvc iPod lanmanserver lanmanworkstation LmHosts LVCOMSer LVPrcSrv MDM Netman Nla NVSvc PlugPlay PolicyAgent ProtectedStorage RasMan RpcSs SamSs seclogon SENS SharedAccess ShellHWDetection SoundMAX Spooler srservice stisvc TapiSrv TermService Themes TrkWks W32Time WebClient winmgmt wscsvc wuauserv WZCSVC Services - Stopped: Alerter AppMgmt Browser CiSvc ClipSrv COMSysApp de_serv dmadmin dmserver FirebirdServerMAGIXInstance HidServ HTTPFilter IDriverT ImapiService LVSrvLauncher Messenger mnmsrvc MSDTC MSIServer NetDDE NetDDEdsdm Netlogon NMIndexingService NtLmSsp NtmsSvc ose RasAuto RDSessMgr RemoteAccess rpcapd RpcLocator RSVP SCardSvr SSDPSRV SwPrv SysmonLog upnphost UPS usnjsvc usprserv VSS WLSetupSvc WmdmPmSN WmiApSrv WMPNetworkSvc WudfSvc xmlprov Files Created/Modified - 60 Days: C:\ 20 May 2008 17:09:52 5.616 A.... "C:\avenger.txt" 20 May 2008 18:28:02 3.669 A.... "C:\Bug.txt" 14 May 2008 19:38:38 118.730 A.... "C:\dirdat.txt" 20 May 2008 10:53:24 616 A.... "C:\firstrun6.log" 11 Jun 2008 13:42:44 805.306.368 A.SH. "C:\pagefile.sys" 20 May 2008 11:00:36 751 A.... "C:\RVAXO-results.log" 20 May 2008 11:00:36 4.939 A.... "C:\RVAXO-Vfind.log" C:\WINDOWS\ 11 Jun 2008 13:38:18 121 A.... "C:\WINDOWS\bdagent.INI" 9 May 2008 20:01:24 23 A.... "C:\WINDOWS\BlendSettings.ini" 11 Jun 2008 13:42:54 2.048 A.S.. "C:\WINDOWS\bootstat.dat" 13 May 2008 17:43:06 33.097 A.... "C:\WINDOWS\DIIUnin.dat" 13 May 2008 17:29:24 102.400 A.... "C:\WINDOWS\DIIUnin.exe" 13 May 2008 17:29:24 2.829 A.... "C:\WINDOWS\DIIUnin.pif" 13 May 2008 14:18:52 4.094 A.... "C:\WINDOWS\mozver.dat" 14 May 2008 4:29:42 69 A.... "C:\WINDOWS\NeroDigital.ini" 12 May 2008 15:28:34 54.156 A..H. "C:\WINDOWS\QTFont.qfn" 20 May 2008 15:09:50 227 A.... "C:\WINDOWS\system.ini" 11 Jun 2008 13:43:00 159 ..... "C:\WINDOWS\wiadebug.log" 11 Jun 2008 13:42:58 50 ..... "C:\WINDOWS\wiaservc.log" 11 Jun 2008 16:42:30 2.064.423 ..... "C:\WINDOWS\WindowsUpdate.log" 11 Jun 2008 13:42:54 0 ..... "C:\WINDOWS\Debug\PASSWD.LOG" 20 May 2008 11:45:12 705 ..... "C:\WINDOWS\inf\branches.inf" 11 Jun 2008 12:17:00 4.100 A.... "C:\WINDOWS\inf\branches.PNF" 6 Jun 2008 12:40:26 1.614 A.... "C:\WINDOWS\inf\ieaccess.inf" 6 Jun 2008 12:45:34 4.448 A.... "C:\WINDOWS\inf\ieaccess.PNF" 11 Jun 2008 12:17:04 1.386.312 A.... "C:\WINDOWS\inf\INFCACHE.1" 11 Jun 2008 12:17:00 5.232 A.... "C:\WINDOWS\inf\oem51.PNF" 11 Jun 2008 12:17:04 7.716 A.... "C:\WINDOWS\inf\oem52.PNF" 23 Apr 2008 6:16:30 124.928 A.... "C:\WINDOWS\system32\advpack.dll" 20 May 2008 11:17:14 0 A.... "C:\WINDOWS\system32\clkcnt.txt" 30 May 2008 13:30:30 43.520 A.... "C:\WINDOWS\system32\CmdLineExt03.dll" 23 Apr 2008 6:16:30 347.136 ..... "C:\WINDOWS\system32\dxtmsft.dll" 23 Apr 2008 6:16:30 214.528 ..... "C:\WINDOWS\system32\dxtrans.dll" 23 Apr 2008 6:16:30 133.120 ..... "C:\WINDOWS\system32\extmgr.dll" 11 Apr 2008 14:30:36 300.440 A.... "C:\WINDOWS\system32\FNTCACHE.DAT" 23 Apr 2008 6:16:30 63.488 A.... "C:\WINDOWS\system32\icardie.dll" 22 Apr 2008 9:39:48 70.656 ..... "C:\WINDOWS\system32\ie4uinit.exe" 23 Apr 2008 6:16:30 153.088 ..... "C:\WINDOWS\system32\ieakeng.dll" 23 Apr 2008 6:16:30 230.400 ..... "C:\WINDOWS\system32\ieaksie.dll" 20 Apr 2008 7:07:52 161.792 ..... "C:\WINDOWS\system32\ieakui.dll" 23 Apr 2008 6:16:30 383.488 A.... "C:\WINDOWS\system32\ieapfltr.dll" 23 Apr 2008 6:16:30 384.512 ..... "C:\WINDOWS\system32\iedkcs32.dll" 23 Apr 2008 6:16:30 6.066.176 A.... "C:\WINDOWS\system32\ieframe.dll" 23 Apr 2008 6:16:30 44.544 ..... "C:\WINDOWS\system32\iernonce.dll" 23 Apr 2008 6:16:30 267.776 A.... "C:\WINDOWS\system32\iertutil.dll" 22 Apr 2008 9:39:58 13.824 A.... "C:\WINDOWS\system32\ieudinit.exe" 23 Apr 2008 6:16:30 1.831.424 ..... "C:\WINDOWS\system32\inetcpl.cpl" 23 Apr 2008 6:16:30 27.648 ..... "C:\WINDOWS\system32\jsproxy.dll" 6 Jun 2008 12:37:16 24.080 A.... "C:\WINDOWS\system32\lvcoinst.log" 30 May 2008 1:35:12 17.486.968 A.... "C:\WINDOWS\system32\MRT.exe" 20 May 2008 12:03:36 197 A.... "C:\WINDOWS\system32\MRT.INI" 23 Apr 2008 6:16:30 459.264 A.... "C:\WINDOWS\system32\msfeeds.dll" 23 Apr 2008 6:16:30 52.224 A.... "C:\WINDOWS\system32\msfeedsbs.dll" 23 Apr 2008 22:16:32 3.591.680 A.... "C:\WINDOWS\system32\mshtml.dll" 23 Apr 2008 6:16:32 478.208 ..... "C:\WINDOWS\system32\mshtmled.dll" 23 Apr 2008 6:16:32 193.024 ..... "C:\WINDOWS\system32\msrating.dll" 23 Apr 2008 6:16:32 671.232 ..... "C:\WINDOWS\system32\mstime.dll" 11 Jun 2008 13:43:16 43.573 A.... "C:\WINDOWS\system32\nvapps.xml" 23 Apr 2008 6:16:32 102.912 ..... "C:\WINDOWS\system32\occache.dll" 11 Jun 2008 13:47:02 49.174 A.... "C:\WINDOWS\system32\perfc007.dat" 11 Jun 2008 13:47:02 40.836 A.... "C:\WINDOWS\system32\perfc009.dat" 11 Jun 2008 13:47:02 320.094 A.... "C:\WINDOWS\system32\perfh007.dat" 11 Jun 2008 13:47:02 314.508 A.... "C:\WINDOWS\system32\perfh009.dat" 11 Jun 2008 13:47:02 732.342 A.... "C:\WINDOWS\system32\PerfStringBackup.INI" 23 Apr 2008 6:16:32 44.544 ..... "C:\WINDOWS\system32\pngfilt.dll" 7 May 2008 7:14:46 1.293.312 A.... "C:\WINDOWS\system32\quartz.dll" 20 May 2008 6:42:52 824.759 A.... "C:\WINDOWS\system32\RVAXO.bat" 13 May 2008 17:42:04 12.067 A.... "C:\WINDOWS\system32\SIntf16.dll" 13 May 2008 17:42:04 17.212 A.... "C:\WINDOWS\system32\SIntf32.dll" 13 May 2008 17:42:04 21.840 A.... "C:\WINDOWS\system32\SIntfNT.dll" 23 Apr 2008 6:16:32 105.984 A.... "C:\WINDOWS\system32\url.dll" 23 Apr 2008 6:16:32 1.159.680 A.... "C:\WINDOWS\system32\urlmon.dll" 23 Apr 2008 6:16:32 233.472 A.... "C:\WINDOWS\system32\webcheck.dll" 23 Apr 2008 6:16:32 826.368 A.... "C:\WINDOWS\system32\wininet.dll" 11 Jun 2008 13:43:20 13.646 A.... "C:\WINDOWS\system32\wpa.dbl" 14 May 2008 20:25:04 276 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" 15 May 2008 15:45:12 248 A.... "C:\WINDOWS\Tasks\Auf Updates fr Windows Live Toolbar prfen.job" 20 May 2008 10:42:36 6 A..H. "C:\WINDOWS\Tasks\SA.DAT" 11 Jun 2008 12:31:14 70.514 A.... "C:\WINDOWS\TEMP\bda52.tmp" 11 Jun 2008 13:36:14 214 A.... "C:\WINDOWS\TEMP\kds.xml" 11 Jun 2008 13:43:12 20.408 A.... "C:\WINDOWS\TEMP\LVCOMSX.LOG" 11 Jun 2008 17:27:42 77.936 A.... "C:\WINDOWS\TEMP\scs5F.tmp" 11 Jun 2008 12:20:30 7.276 A.... "C:\WINDOWS\TEMP\updateop.xml" 11 Jun 2008 13:43:04 255 A.... "C:\WINDOWS\TEMP\WGAErrLog.txt" 11 Jun 2008 13:43:22 409 A.... "C:\WINDOWS\TEMP\WGANotify.settings" 13 May 2008 2:00:52 6.129 A.... "C:\WINDOWS\Downloaded Installations\{E2075F98-0309-4564-B904-0115BE537CB5}\0x0409.ini" 13 May 2008 2:00:52 2.059 A.... "C:\WINDOWS\Downloaded Installations\{E2075F98-0309-4564-B904-0115BE537CB5}\Setup.INI" 13 May 2008 2:00:52 128.625 A.... "C:\WINDOWS\Downloaded Installations\{E2075F98-0309-4564-B904-0115BE537CB5}\setup.isn" 13 May 2008 2:01:00 14.475.264 A.... "C:\WINDOWS\Downloaded Installations\{E2075F98-0309-4564-B904-0115BE537CB5}\veoh.msi" 14 Apr 2008 17:51:00 273.024 ..... "C:\WINDOWS\Driver Cache\i386\bthport.sys" 6 Jun 2008 12:40:26 357.007 A.... "C:\WINDOWS\ie7\spuninst\spuninst.inf" 6 Jun 2008 12:39:28 9.543 A.... "C:\WINDOWS\ie7\spuninst\spuninst.txt" 6 Jun 2008 12:44:56 8.192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00002" 6 Jun 2008 12:44:56 8.192 A.... 23 Apr 2008 6:16:30 124.928 ..... "C:\WINDOWS\system32\dllcache\advpack.dll" 14 Apr 2008 17:51:00 273.024 ..... "C:\WINDOWS\system32\dllcache\bthport.sys" 23 Apr 2008 6:16:30 347.136 ..... "C:\WINDOWS\system32\dllcache\dxtmsft.dll" 23 Apr 2008 6:16:30 214.528 ..... "C:\WINDOWS\system32\dllcache\dxtrans.dll" 23 Apr 2008 6:16:30 133.120 ..... "C:\WINDOWS\system32\dllcache\extmgr.dll" 23 Apr 2008 6:16:30 63.488 ..... "C:\WINDOWS\system32\dllcache\icardie.dll" 22 Apr 2008 9:39:48 70.656 ..... "C:\WINDOWS\system32\dllcache\ie4uinit.exe" 23 Apr 2008 6:16:30 153.088 ..... "C:\WINDOWS\system32\dllcache\ieakeng.dll" 23 Apr 2008 6:16:30 230.400 ..... "C:\WINDOWS\system32\dllcache\ieaksie.dll" 20 Apr 2008 7:07:52 161.792 ..... "C:\WINDOWS\system32\dllcache\ieakui.dll" 23 Apr 2008 6:16:30 383.488 ..... "C:\WINDOWS\system32\dllcache\ieapfltr.dll" 23 Apr 2008 6:16:30 384.512 ..... "C:\WINDOWS\system32\dllcache\iedkcs32.dll" 23 Apr 2008 6:16:30 6.066.176 ..... "C:\WINDOWS\system32\dllcache\ieframe.dll" 23 Apr 2008 6:16:30 44.544 ..... "C:\WINDOWS\system32\dllcache\iernonce.dll" 23 Apr 2008 6:16:30 267.776 ..... "C:\WINDOWS\system32\dllcache\iertutil.dll" 22 Apr 2008 9:39:58 13.824 ..... "C:\WINDOWS\system32\dllcache\ieudinit.exe" 22 Apr 2008 9:40:20 625.664 ..... "C:\WINDOWS\system32\dllcache\iexplore.exe" 23 Apr 2008 6:16:30 1.831.424 ..... "C:\WINDOWS\system32\dllcache\inetcpl.cpl" 23 Apr 2008 6:16:30 27.648 ..... "C:\WINDOWS\system32\dllcache\jsproxy.dll" 23 Apr 2008 6:16:30 459.264 ..... "C:\WINDOWS\system32\dllcache\msfeeds.dll" 23 Apr 2008 6:16:30 52.224 ..... "C:\WINDOWS\system32\dllcache\msfeedsbs.dll" 23 Apr 2008 22:16:32 3.591.680 ..... "C:\WINDOWS\system32\dllcache\mshtml.dll" 23 Apr 2008 6:16:32 478.208 ..... "C:\WINDOWS\system32\dllcache\mshtmled.dll" 23 Apr 2008 6:16:32 193.024 ..... "C:\WINDOWS\system32\dllcache\msrating.dll" 23 Apr 2008 6:16:32 671.232 ..... "C:\WINDOWS\system32\dllcache\mstime.dll" 23 Apr 2008 6:16:32 102.912 ..... "C:\WINDOWS\system32\dllcache\occache.dll" 23 Apr 2008 6:16:32 44.544 ..... "C:\WINDOWS\system32\dllcache\pngfilt.dll" 7 May 2008 7:14:46 1.293.312 A.... "C:\WINDOWS\system32\dllcache\quartz.dll" 8 May 2008 14:28:50 202.752 A.... "C:\WINDOWS\system32\dllcache\rmcast.sys" 23 Apr 2008 6:16:32 105.984 ..... "C:\WINDOWS\system32\dllcache\url.dll" 23 Apr 2008 6:16:32 1.159.680 ..... "C:\WINDOWS\system32\dllcache\urlmon.dll" 23 Apr 2008 6:16:32 233.472 ..... "C:\WINDOWS\system32\dllcache\webcheck.dll" 23 Apr 2008 6:16:32 826.368 ..... "C:\WINDOWS\system32\dllcache\wininet.dll" 14 Apr 2008 17:51:00 273.024 ..... "C:\WINDOWS\system32\drivers\bthport.sys" 5 May 2008 20:46:32 15.864 A.... "C:\WINDOWS\system32\drivers\mbam.sys" 5 May 2008 20:46:36 27.048 A.... "C:\WINDOWS\system32\drivers\mbamcatchme.sys" 8 May 2008 14:28:50 202.752 A.... "C:\WINDOWS\system32\drivers\rmcast.sys" 20 May 2008 18:31:52 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt" 3 Jun 2008 17:49:58 3.338 A.... "C:\WINDOWS\system32\wbem\Outlook_01c8c591788c1dbc.mof" 11 Jun 2008 13:05:54 0 A.... "C:\WINDOWS\TEMP\tmp0000670e\tmp00000000" 11 Jun 2008 12:56:00 0 A.... "C:\WINDOWS\TEMP\tmp00005f7e\tmp00000000" 11 Jun 2008 12:23:40 0 A.... "C:\WINDOWS\TEMP\tmp000046bb\tmp00000000" 11 Jun 2008 12:19:46 0 A.... "C:\WINDOWS\TEMP\tmp000043c2\tmp00000000" 11 Jun 2008 12:32:42 0 A.... "C:\WINDOWS\TEMP\tmp00004dac\tmp00000000" 11 Jun 2008 12:40:18 0 A.... "C:\WINDOWS\TEMP\tmp00005376\tmp00000000" 24 Apr 2008 6:40:54 871 A.... "C:\WINDOWS\$hf_mig$\KB950760\update\branches.inf" 24 Apr 2008 10:11:48 10.439 A.... "C:\WINDOWS\$hf_mig$\KB950760\update\KB950760.CAT" 24 Apr 2008 13:53:14 18 A.... "C:\WINDOWS\$hf_mig$\KB950760\update\update.ver" 24 Apr 2008 6:40:54 496 A.... "C:\WINDOWS\$hf_mig$\KB950760\update\updatebr.inf" 24 Apr 2008 9:47:20 26.887 A.... "C:\WINDOWS\$hf_mig$\KB950760\update\update_SP3QFE.inf" 8 May 2008 14:14:52 203.008 A.... "C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys" 8 May 2008 16:02:52 203.136 A.... "C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys" 8 May 2008 15:58:18 203.136 A.... "C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys" 8 May 2008 22:07:20 926 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\branches.inf" 8 May 2008 23:25:26 12.431 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\KB950762.CAT" 9 May 2008 0:12:28 386 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\update.ver" 15 Apr 2008 18:25:40 678 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\updatebr.inf" 8 May 2008 23:27:36 23.978 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\update_SP2QFE.inf" 8 May 2008 23:48:58 26.289 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\update_SP3GDR.inf" 8 May 2008 23:26:08 26.289 A.... "C:\WINDOWS\$hf_mig$\KB950762\update\update_SP3QFE.inf" "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950760.cat" 8 May 2008 23:25:26 12.431 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950762.cat" 20 May 2008 14:57:20 32.215 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950759-IE7.cat" 14 Apr 2008 18:54:08 12.431 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951376.cat" 7 May 2008 8:02:50 12.431 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951698.cat" 11 Jun 2008 12:17:04 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp" 20 May 2008 15:09:40 27 A.... "C:\WINDOWS\system32\drivers\etc\hosts" 13 May 2008 15:49:06 149.398 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6206B6CE9414EC69B957659CDA0CB60B.mof" C:\Programme\ 11 Jun 2008 14:01:40 168.310 A.... "C:\Programme\AntiVir PersonalEdition Classic\aecore.dll" 20 May 2008 10:22:42 111.005 A.... "C:\Programme\CCleaner\uninst.exe" 22 Apr 2008 9:40:20 625.664 ..... "C:\Programme\Internet Explorer\iexplore.exe" 11 Jun 2008 16:50:28 52 A.... "C:\Programme\Lescos\LWT.dat" 5 May 2008 20:46:30 65.144 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbam.dll" 9 May 2008 16:57:10 4.113.688 A.... "C:\Programme\PokerStars\PokerStars.exe" 9 May 2008 16:57:12 578.448 A.... "C:\Programme\PokerStars\PokerStarsCommunicate.exe" 9 May 2008 16:57:12 294.912 A.... "C:\Programme\PokerStars\PokerStarsUninstall.exe" 9 May 2008 16:57:12 435.088 A.... "C:\Programme\PokerStars\PokerStarsUpdate.exe" 9 May 2008 16:57:14 36.864 A.... "C:\Programme\PokerStars\Stub.exe" 9 May 2008 16:57:16 191 A.... "C:\Programme\PokerStars\tinfo.dat" 9 May 2008 16:57:14 172.032 A.... "C:\Programme\PokerStars\Tracer.exe" 9 May 2008 16:57:38 163 A.... "C:\Programme\PokerStars\_update2rare.dat" 9 May 2008 16:57:38 431 A.... "C:\Programme\PokerStars\_update2s.dat" 9 May 2008 16:57:38 74 A.... "C:\Programme\PokerStars\_update2def.dat" 9 May 2008 16:57:38 31.350 A.... "C:\Programme\PokerStars\_update2g.dat" 9 May 2008 16:57:38 28.746 A.... "C:\Programme\PokerStars\_update2gcd.dat" 9 May 2008 16:57:38 934 A.... "C:\Programme\PokerStars\_update2ni.dat" 11 May 2008 16:20:52 77.371 A.... "C:\Programme\PokerStars\_updcache.dat" 11 Jun 2008 16:49:08 2.245.040 A.... "C:\Programme\Warcraft III\bncache.dat" 11 Jun 2008 16:49:54 5 A.... "C:\Programme\WC3Banlist\autokick.dat" 11 Jun 2008 16:49:54 5 A.... "C:\Programme\WC3Banlist\comments.dat" 11 Jun 2008 16:49:54 338 A.... "C:\Programme\WC3Banlist\phrases.dat" 11 Jun 2008 16:49:38 3.364 A.... "C:\Programme\WC3Banlist\pinfo.dat" 11 Jun 2008 16:49:54 126 A.... "C:\Programme\WC3Banlist\serverlists.dat" 3 Jun 2008 2:54:54 103.780 A.... "C:\Programme\WinPcap\Uninstall.exe" 13 May 2008 2:03:30 1.991.481 A.... "C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\ISSetup.dll" 13 May 2008 2:01:40 294.912 A.... "C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe" 28 Apr 2008 10:01:30 3.612.656 A.... "C:\Programme\Microsoft Office\OFFICE11\OUTLFLTR.DAT" 11 Apr 2008 19:42:58 12.313.096 A.... "C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE" 18 Apr 2008 12:14:56 67.696 A.... "C:\Programme\Mozilla Firefox\components\jar50.dll" 18 Apr 2008 12:14:56 54.376 A.... "C:\Programme\Mozilla Firefox\components\jsd3250.dll" 18 Apr 2008 12:14:56 34.952 A.... "C:\Programme\Mozilla Firefox\components\myspell.dll" 18 Apr 2008 12:14:56 46.720 A.... "C:\Programme\Mozilla Firefox\components\spellchk.dll" 18 Apr 2008 12:14:56 172.144 A.... "C:\Programme\Mozilla Firefox\components\xpinstal.dll" 18 Apr 2008 12:15:02 22.664 A.... "C:\Programme\Mozilla Firefox\plugins\npnul32.dll" 18 Apr 2008 12:15:04 451.928 A.... "C:\Programme\Mozilla Firefox\uninstall\helper.exe" 9 May 2008 16:57:38 163 A.... "C:\Programme\PokerStars\update\_update2rare.dat" 9 May 2008 16:57:38 431 A.... "C:\Programme\PokerStars\update\_update2s.dat" 11 May 2008 16:20:50 3.727 A.... "C:\Programme\PokerStars\update\_update2.dat" 9 May 2008 16:57:38 74 A.... "C:\Programme\PokerStars\update\_update2def.dat" 9 May 2008 16:57:38 31.350 A.... "C:\Programme\PokerStars\update\_update2g.dat" 9 May 2008 16:57:38 28.746 A.... "C:\Programme\PokerStars\update\_update2gcd.dat" 9 May 2008 16:57:38 934 A.... "C:\Programme\PokerStars\update\_update2ni.dat" Files with hidden attributes: Sat 27 Jan 2007 56 ..SHR --- "C:\WINDOWS\system32\2A01FEA211.sys" Sat 27 Jan 2007 900 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Fri 4 Aug 2006 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Mon 11 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp" Sat 22 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5738cdd16dbca4079cb3b3de6eaf620f\BIT7E5.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ccba472a05828aa2a3ee32c96c6466ca\BITAD6.tmp" Program Folders: C:\Programme\ Adobe Ahead Analog Devices AntiVir PersonalEdition Classic Apple Software Update Bethesda Softworks CCleaner DAEMON Tools Diablo II DivX D-Link Electronic Arts FRITZ!Box FRITZ!DSL Gemeinsame Dateien Hewlett-Packard Hi-Net Software HP Infogrames InstallShield Installation Information Internet Explorer InterVideo iPod IrfanView iTunes Java Konsolen Labtec Lavasoft Lescos Logitech LucasArts Malwarebytes' Anti-Malware Messenger Microsoft CAPICOM 2.1.0.2 microsoft frontpage Microsoft Games Microsoft Office Microsoft Visual Studio Microsoft Works Microsoft.NET Movie Maker Mozilla Firefox MSN MSN Gaming Zone neoSoftware Nero NetMeeting NEXON Ocean Technology Online Services Online-Dienste Outlook Express PartyGaming Philips Flat Panel Adjust PhotoFiltre PokerStars QuickDic QuickTime Teamspeak2_RC2 Ubisoft Uninstall Information Warcraft III WC3Banlist Windows Live Windows Live Favorites Windows Live Safety Center Windows Live Toolbar Windows Media Connect 2 Windows Media Player Windows NT WindowsUpdate WinPcap WinRAR xerox XP Codec Pack C:\Programme\Gemeinsame Dateien\ Adobe Ahead AVM BitDefender DESIGNER Dienste HP InstallShield Java LogiShrd Logitech MAGIX Shared Microsoft Shared MSSoap NSV ODBC Real SpeechEngines System WindowsLiveInstaller Add/Remove Programs: Ad-Aware SE Personal Adobe Flash Player Plugin Avira AntiVir Personal – Free Antivirus FRITZ!Box CCleaner (remove only) Der Clou!2 Diablo II DEUTSCHLAND SPIELT GAME CENTER AVM FRITZ!DSL Frontschweine HP Imaging Device Functions 5.0 HP Solution Center & Imaging Support Tools 5.0 HP Extended Capabilities 5.0 Icy Tower v1.3.1 Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 VeohTV BETA Age of Empires III Far Cry IrfanView (remove only) Kaspersky Online Scanner Labtec Desktop V5.1 Logitech Legacy USB Camera-Treiberpaket Logitech QuickCam-Treiberpaket Macromedia Shockwave Player MAGIX Online Druck Service (D) Malwarebytes' Anti-Malware Mozilla Firefox (2.0.0.14) Microsoft Compression Client Pack 1.0 for Windows XP MSN Microsoft National Language Support Downlevel APIs NVIDIA Drivers Oblivion Oblivion User Patch Oblivion User Patch Oblivion User Patch Oblivion-Schilder-Mod-v0.5 Oblivion User Patch v0.10.5 PhotoFiltre PokerStars Adobe Flash Player 9 ActiveX TeamSpeak 2 RC2 Windows Genuine Advantage Validation Tool Windows Genuine Advantage Notifications (KB905474) Winamp Toolbar for Internet Explorer Windows Live OneCare safety scanner Windows Live Toolbar Windows Media Format 11 runtime Windows Media Player 11 WinPcap 4.0.2 WinRAR Archivierer Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 XP Codec Pack ZoneAlarm MSXML4 Parser Destinations Windows Live Toolbar Security Update for CAPICOM (KB931906) HP Software Update Windows Live Toolbar-Erweiterung (Windows Live Toolbar) Philips Flat Panel Adjust Die Schlacht um Mittelerde™ II Windows Live Messenger Smart Menus (Windows Live Toolbar) TrayApp J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 10 Java(TM) 6 Update 3 Browsen mit Registerkarten (Windows Live Toolbar) MVision Oblivion MSXML 4.0 SP2 (KB927978) HP Deskjet 3900 series OneCare Advisor (Windows Live Toolbar) Star Wars Battlefront II HPDeskjet3900Series iTunes QuickTime WebReg MarketResearch DeviceFunctionQFolder eSupportQFolder CustomerResearchQFolder Popupblocker (Windows Live Toolbar) Windows Live Favorites für Windows Live Toolbar Windows Live installer Text-To-Speech-Runtime Nero 7 Essentials SpeechRedist GG E-Sports Platform Microsoft Silverlight Microsoft Office Professional Edition 2003 Logitech QuickCam Project64 1.6 InterVideo WinDVD 4 D-Link AirPlus G+ Wireless Adapter Utility Microsoft Visual C++ 2005 Redistributable Nero - Burning Rom Apple Software Update Age of Empires III DeviceManagementQFolder Adobe Reader 7.0.8 - Deutsch Windows Live Anmelde-Assistent BufferChm Logitech Audio Echo Cancellation Component MSXML 4.0 SP2 (KB936181) Microsoft XML Parser EuropeMapleStory Far Cry Altiris Philips SmartManage Agent HPProductAssistant SolutionCenter Logitech Video Enumerator Feederkennung (Windows Live Toolbar) Windows Live Outlook-Toolbar (Windows Live Toolbar) SoundMAX WC3Banlist Status HP Image Zone Express Sun Java Runtime Environment and JMF Warcraft III: All Products Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Smapp"="C:\\Programme\\Analog Devices\\SoundMAX\\SMTray.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe" "HP Software Update"="C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\LogiShrd\\LComMgr\\Communications_Helper.exe\"" "LogitechQuickCamRibbon"="\"C:\\Programme\\Logitech\\QuickCam\\Quickcam.exe\" /hide" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Sicherheitscenter START_TYPE : 2 AUTO_START SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatische Updates START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : Systemwiederherstellungsdienst START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\QuickTime\QTSystem windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP CLASSPATH REG_SZ .;C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip QTJAVA REG_SZ C:\Programme\Java\jre1.5.0_10\lib\ext\QTJava.zip SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" "midi1"="wdmaud.drv" "MIDI2"="SYNCOR11.DLL" "midi3"="wdmaud.drv" "midi4"="wdmaud.drv" "midi5"="wdmaud.drv" Non-Default IFEO Debugger: Non-Default Installed Components: Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\bfi02.sys <NO NAME> REG_SZ Driver File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! __________ MfG Mangekyou |
|
|
||
11.06.2008, 22:55
Ehrenmitglied
Beiträge: 29434 |
#27
ich dachte schon, ich finde nichts mehr... aber zum schluss war doch noch ein rootkit sichtbar
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) bfi02 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.06.2008, 00:58
Member
Themenstarter Beiträge: 19 |
#28
So ich hoffe du findest langsam nichts mehr
Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 12.06.2008 00:56:29 for strings: ; 'bfi02' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Bfi02.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Bfi02.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfi02] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfi02] "ImagePath"="System32\\Drivers\\Bfi02.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfi02\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Bfi02.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\Bfi02.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfi02] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfi02] "ImagePath"="System32\\Drivers\\Bfi02.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfi02\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfi02.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bfi02.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfi02] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfi02] "ImagePath"="System32\\Drivers\\Bfi02.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfi02\Security] ; End Of The Log... __________ MfG Mangekyou |
|
|
||
12.06.2008, 01:07
Ehrenmitglied
Beiträge: 29434 |
#29
schau erst mal, ob die sys noch drauf ist:
Virustotal http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\drivers\Bfi02.sys Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.06.2008, 01:10
Ehrenmitglied
Beiträge: 29434 |
#30
dann weg mit der Zecke ...
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere in das weisse Feld: Zitat Drivers to disable:schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) Klicke: Execute bestätige, dass der Rechner neu gestartet wird - klicke "yes" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
http://virus-protect.org/onlinescan.html
__________
MfG Sabina
rund um die PC-Sicherheit