Mein IE auf Vista hatt einen virus |
||
---|---|---|
#0
| ||
20.10.2008, 08:29
...neu hier
Beiträge: 2 |
||
|
||
20.10.2008, 09:43
Moderator
Beiträge: 7805 |
#2
Poste bitte die Ergebnisse von 1-4 aus diesem Thread: http://board.protecus.de/t23188.htm
ein Report von dem was KAV gefunden hat, kannst du auch anfuegen... __________ MfG Ralf SEO-Spam Hunter |
|
|
||
20.10.2008, 13:27
...neu hier
Themenstarter Beiträge: 2 |
#3
Vielen dank Ralf für die schnelle Antwort. Also ich hab das mal gemacht.. kopiere jetzt folgendes hinein.. hoffe ich hab alles richtig gemacht
Malwarebytes' Anti-Malware 1.29 Datenbank Version: 1295 Windows 6.0.6001 Service Pack 1 20.10.2008 12:41:54 mbam-log-2008-10-20 (12-41-35).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 259327 Laufzeit: 2 hour(s), 20 minute(s), 57 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 2 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Windows\nkefbltdntd.dll (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{16d1db95-aafc-427d-81fd-e98028ca7bb7} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{0c3f9c5e-34f0-4b16-b8b7-3505cd992add} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e83238c-a186-4c98-9a91-44b4be62a5ec} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{85af4583-ad9c-4d25-9323-6611490213f0} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85af4583-ad9c-4d25-9323-6611490213f0} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken. C:\Program Files\MicroAntivirus (Rogue.MicroAntivirus) -> No action taken. Infizierte Dateien: C:\Windows\ewpe.exe (Trojan.FakeAlert) -> No action taken. C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken. C:\Program Files\MicroAntivirus\microAV.ooo (Rogue.MicroAntivirus) -> No action taken. C:\Windows\System32\1.ico (Malware.Trace) -> No action taken. C:\Windows\nkefbltdntd.dll (Trojan.FakeAlert) -> No action taken. --------------------------------------- ComboFix 08-10-19.04 - Anthony de Angelis 2008-10-20 12:53:26.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1166 [GMT 2:00] ausgeführt von:: C:\Users\Anthony de Angelis\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Anthony de Angelis\AppData\Roaming\Adobe\crc.dat C:\Users\Anthony de Angelis\AppData\Roaming\Adobe\Player.exe.bak . ((((((((((((((((((((((( Dateien erstellt von 2008-09-20 bis 2008-10-20 )))))))))))))))))))))))))))))) . 2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\Users\Anthony de Angelis\AppData\Roaming\Malwarebytes 2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-20 10:16 . 2008-10-20 10:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-20 10:16 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-20 10:16 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-15 09:37 . 2008-10-15 10:20 96,976 --a------ C:\Windows\System32\drivers\klin.dat 2008-10-15 09:37 . 2008-10-15 09:37 87,855 --a------ C:\Windows\System32\drivers\klick.dat 2008-10-15 09:35 . 2008-10-20 12:47 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-10-15 09:35 . 2008-10-20 12:47 <DIR> d-------- C:\ProgramData\Kaspersky Lab 2008-10-15 09:35 . 2008-10-15 09:35 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-10-15 09:35 . 2008-10-20 12:44 6,651,936 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-10-15 09:35 . 2008-10-20 12:44 606,240 --ahs---- C:\Windows\System32\drivers\fidbox2.dat 2008-10-15 09:35 . 2008-10-20 12:44 53,048 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-10-15 09:35 . 2008-10-20 12:44 3,152 --ahs---- C:\Windows\System32\drivers\fidbox2.idx 2008-10-15 02:07 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-10-15 02:07 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-10-15 02:07 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-15 02:07 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d----c--- C:\Windows\System32\DRVSTORE 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\Program Files\iTunes 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- C:\Program Files\iPod 2008-10-11 16:35 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll 2008-10-11 16:35 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys 2008-10-11 16:27 . 2008-10-11 16:27 <DIR> d-------- C:\Program Files\Bonjour 2008-10-10 22:45 . 2008-10-10 22:45 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-10-10 22:45 . 2008-10-10 22:45 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-10-10 21:50 . 2008-10-10 21:50 <DIR> d-------- C:\Program Files\VirtualDJ 2008-10-10 05:15 . 2008-10-10 05:15 <DIR> d-------- C:\Program Files\Safari 2008-10-04 10:28 . 2008-10-04 19:37 <DIR> d-------- C:\Users\Anthony de Angelis\AppData\Roaming\uTorrent 2008-10-04 00:46 . 2008-10-04 00:46 <DIR> d-------- C:\Users\Anthony de Angelis\AppData\Roaming\MAGIX 2008-10-04 00:42 . 2008-10-04 00:45 <DIR> d-------- C:\Program Files\MAGIX 2008-10-04 00:42 . 2007-04-27 09:43 120,200 --a------ C:\Windows\System32\DLLDEV32i.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 01:11 --------- d-----w C:\Program Files\Windows Mail 2008-10-15 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-14 01:21 --------- d-----w C:\Program Files\XoftSpySE 2008-10-11 14:34 --------- d-----w C:\Program Files\QuickTime Alternative 2008-10-11 14:33 --------- d-----w C:\Program Files\Common Files\Apple 2008-10-09 01:50 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\Corel 2008-10-09 01:50 --------- d-----w C:\Program Files\Corel 2008-10-09 01:31 3,350 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-10-03 22:45 --------- d-----w C:\ProgramData\MAGIX 2008-09-28 13:54 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\CyberLink 2008-09-11 05:22 --------- d-----w C:\ProgramData\CyberLink 2008-09-11 01:02 --------- d-----w C:\Program Files\Microsoft Works 2008-09-09 20:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-09 20:35 --------- d-----w C:\Program Files\Ontrack 2008-09-05 20:07 210,944 ----a-w C:\Windows\System32\Msvcrt10.dll 2008-09-05 02:19 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-05 01:42 --------- d-----w C:\Program Files\Common Files\Steam 2008-09-02 21:57 --------- d-----w C:\ProgramData\Corel 2008-09-02 21:41 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\InstallShield 2008-08-30 19:47 --------- d-----w C:\Users\Anthony de Angelis\AppData\Roaming\OpenOffice.org2 2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-22 10:08 878,592 ----a-w C:\Windows\System32\wininet.dll 2008-08-22 10:07 43,008 ----a-w C:\Windows\System32\licmgr10.dll 2008-08-22 10:07 18,944 ----a-w C:\Windows\System32\corpol.dll 2008-08-22 10:06 72,704 ----a-w C:\Windows\System32\admparse.dll 2008-08-22 10:06 71,680 ----a-w C:\Windows\System32\iesetup.dll 2008-08-22 10:06 66,560 ----a-w C:\Windows\System32\wextract.exe 2008-08-22 10:06 129,024 ----a-w C:\Windows\System32\ieUnatt.exe 2008-08-22 10:06 110,080 ----a-w C:\Windows\System32\PDMSetup.exe 2008-08-22 10:06 103,936 ----a-w C:\Windows\System32\SetDepNx.exe 2008-08-22 10:06 103,424 ----a-w C:\Windows\System32\SetIEInstalledDate.exe 2008-08-22 10:05 35,840 ----a-w C:\Windows\System32\imgutil.dll 2008-08-22 10:05 168,960 ----a-w C:\Windows\System32\iexpress.exe 2008-08-22 10:04 48,640 ----a-w C:\Windows\System32\PrivacIE.dll 2008-08-22 10:04 48,128 ----a-w C:\Windows\System32\mshtmler.dll 2008-08-22 10:04 45,568 ----a-w C:\Windows\System32\mshta.exe 2008-08-22 09:57 156,160 ----a-w C:\Windows\System32\msls31.dll 2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-08-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-29 18:21 218,376 ----a-w C:\Windows\System32\klogon.dll 2008-07-18 00:06 63,488 ----a-w C:\Users\Anthony de Angelis\xobglu16.dll 2008-07-18 00:06 23,552 ----a-w C:\Users\Anthony de Angelis\xobglu32.dll 2008-05-31 18:53 174 --sha-w C:\Program Files\desktop.ini 2008-02-08 15:38 13 ---h--w C:\Users\All Users\ÙÝÃÄ3113›.sys 2008-02-08 15:38 13 ---h--w C:\ProgramData\ÙÝÃÄ3113›.sys 2007-11-27 15:30 5,232 ----a-w C:\Users\Anthony de Angelis\AppData\Roaming\wklnhst.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-02-20 61440] [HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-06-02 6210888] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-05 160592] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LanguageShortcut"="C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" [2006-12-05 54832] "TVEService"="C:\Program Files\Home Cinema\TV Enhance\TVEService.exe" [2007-01-12 155648] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 168120] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [2006-11-03 264704] "WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-16 1257104] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 C:\Windows\RtHDVCpl.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-28 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8BB2ACBE-EB76-424F-A732-E53A948B9A99}"= UDP:C:\Program Files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance "{86AA0C93-5EF3-420E-9B70-F9C44C69F7D7}"= TCP:C:\Program Files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance "{8327200F-A82D-40BC-9626-6AEADB92AB41}"= UDP:C:\Program Files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program "{BD9A3423-41D5-4A81-9977-CDD22273E3F0}"= TCP:C:\Program Files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program "TCP Query User{BA22411C-716B-46B4-94CF-42A5BB288770}C:\\program files\\emule.de 0.46c v17\\emule.exe"= UDP:C:\program files\emule.de 0.46c v17\emule.exe:eMule "UDP Query User{9D5A64B6-568C-42C3-B7B2-2A15D33E7155}C:\\program files\\emule.de 0.46c v17\\emule.exe"= TCP:C:\program files\emule.de 0.46c v17\emule.exe:eMule "TCP Query User{B2EC3753-B9E9-4321-A467-6C7C16F59EE2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C63EB571-D756-4867-8466-96BC882FAC4B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{0BD015A4-9B55-40E7-B7DA-46BB1880E49C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{23E20550-F179-4469-B4B1-442E4FD0055E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{3A94B00E-EF2D-499F-99C2-478364D891D8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{81DC086A-1A2D-4917-B54D-D0F5876B3C96}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0CC47035-7F5C-469A-BD44-B55C1E1498EA}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3D1032CF-0289-4EBF-B4B4-5ECC0D45E6DA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{10D888B5-7B17-43AE-847A-FBDC7C6EB205}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{24827B53-A4B7-404B-971C-EDD22A2B37D1}C:\\config.msi\\4ed37.rbf"= UDP:C:\config.msi\4ed37.rbfando "UDP Query User{6BE7F82A-2ED7-42EA-AAC7-717785BE260C}C:\\config.msi\\4ed37.rbf"= TCP:C:\config.msi\4ed37.rbfando "TCP Query User{E1D90568-C56D-4085-B3BB-3C4155BF6C6F}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exeando "UDP Query User{5DE6D337-CA9F-4C89-BD9C-97B7DADE4607}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exeando "TCP Query User{C687AB8C-12A1-4934-BEB8-276F10E0294B}C:\\config.msi\\4c9e3.rbf"= UDP:C:\config.msi\4c9e3.rbfando "UDP Query User{55D9778C-AA06-4B25-A633-7B0EA3B35E31}C:\\config.msi\\4c9e3.rbf"= TCP:C:\config.msi\4c9e3.rbfando "TCP Query User{411CA7B0-A928-4026-B696-BE5DA3ABE698}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{88C72BC1-9C4F-43D8-9E79-57965044740C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{622135A6-A89C-45ED-B18B-E5F1739D9924}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam "UDP Query User{7B879DD8-06C5-4500-B50E-7A8956A6CBA6}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam "{898BA438-28F9-4F5A-B51B-DCD6ABE0A587}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQW40ZRY\incredimail_install[1].exe:IncrediMail Installer "{90317CC7-3174-4710-9254-36803CABE9FC}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQW40ZRY\incredimail_install[1].exe:IncrediMail Installer "{8AC19259-ADC6-4E40-966A-52B7E5A5A106}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYNT8KJW\incredimail_install[1].exe:IncrediMail Installer "{847E044E-F436-4AAD-8A5E-443C898373C8}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYNT8KJW\incredimail_install[1].exe:IncrediMail Installer "{6AA0E3DF-6DA9-444D-A6A2-37492DD5041B}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG6TO12Z\incredimail_install[1].exe:IncrediMail Installer "{87B4576F-0A30-40F4-A391-BB311653CBE2}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG6TO12Z\incredimail_install[1].exe:IncrediMail Installer "{D59F6046-C798-4034-92CE-88C60BA498A4}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RQVCTP7\incredimail_install[1].exe:IncrediMail Installer "{20B495FC-D5E6-4155-9111-EE04FEEEE1A1}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RQVCTP7\incredimail_install[1].exe:IncrediMail Installer "{FDAAC80C-6744-44D9-A588-B0044663A7A1}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[2].exe:IncrediMail Installer "{A1331AFE-24FE-4245-9E5C-A1EE40A44E27}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[2].exe:IncrediMail Installer "{1074AC0C-9F85-4A78-807A-CA16953B148C}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[1].exe:IncrediMail Installer "{B8675185-1275-4EFB-955C-B5A47B37AE48}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVORJBJP\incredimail_install[1].exe:IncrediMail Installer "{FCAADF89-C588-4B73-B778-D0B7B6F6EC06}"= Disabled:UDP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WL822JU\incredimail_install[1].exe:IncrediMail Installer "{A4A0EF08-B372-4980-864E-167DD1BB8468}"= Disabled:TCP:C:\Users\Anthony de Angelis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WL822JU\incredimail_install[1].exe:IncrediMail Installer "{3C29F75E-8B67-4486-AFA2-435C103F402B}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImSc.exe:IncrediMail "{4D1AE7FE-0E5D-4222-8255-7A8B94BD3D0A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImSc.exe:IncrediMail "TCP Query User{E3A015BC-6A81-4ACE-B38D-A7115B89EC33}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic "UDP Query User{0D4130BF-139A-47D8-818B-101E18A634F8}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic "{D8A4E640-A1DC-4794-BB05-63882D054F94}"= UDP:56367ando P2P TCP Listening Port "{EFD3F9B3-97A1-49EE-AC45-22000B366802}"= TCP:56367ando P2P UDP Listening Port "{ED83FD88-7D2E-4420-8688-54DC4B77950D}"= UDP:58976ando P2P TCP Listening Port "{1A51CB1E-CDDF-4250-9330-DD70B043658F}"= TCP:58976ando P2P UDP Listening Port "{FE3657A0-DD45-44AA-9115-4CC709975163}"= UDP:56266ando P2P TCP Listening Port "{A525F2B9-159B-474F-BF79-F9F7E6182A39}"= TCP:56266ando P2P UDP Listening Port "{EE064BA3-3D58-4D52-A069-D1012DC723E2}"= UDP:56711ando P2P TCP Listening Port "{E9A94AED-08D0-49E2-8CEC-E4F32640B508}"= TCP:56711ando P2P UDP Listening Port "{C900AE9D-6478-45C3-B1D0-D03D8E07BE20}"= UDP:56764ando P2P TCP Listening Port "{B39D57A5-38E7-403E-85ED-CE35F2FADCAF}"= TCP:56764ando P2P UDP Listening Port "{E2C61B9B-AC50-4246-A707-042B384F1874}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{5D778298-11D6-4B5C-8297-B6AFFA5A5D7E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{EB808634-A0C5-4C48-8EC1-B5EF3C65CD70}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{122B5241-BD8A-4569-BF23-283B48104074}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{36D238B8-5841-4165-82CB-563A90FF2AC7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{38F67A74-6D5C-4EC8-B216-D37264A7D13D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{1DA3A468-3CBE-47FE-BBAA-AB6EDFB8EDBC}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{C725ACB6-E97C-44DE-896D-ECC1957B3945}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{DCDD7385-900D-4C4C-B026-06BF8409B1B1}"= UDP:57883ando P2P TCP Listening Port "{639DB0CF-990A-4A86-A6A0-3FC17C387AD7}"= TCP:57883ando P2P UDP Listening Port "{066EA408-B0F4-496F-AA07-3EAF5A5C54BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0152E10D-8C32-4812-8DC2-B51A7360AD37}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{28B05D03-F7A9-48FC-8326-DE19083BAA71}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "TCP Query User{AD42AB8D-21DF-453C-A579-517AE12AFF1F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\german\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 7.0 "UDP Query User{1833528E-8D6D-44ED-B8A8-6CDC4C2EEE5B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\german\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 7.0 "TCP Query User{5C17F4BD-A7F2-4D90-8E46-EBC41DBA8CDC}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{8926DD98-FB7E-4034-8F81-CCA4D7C07708}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{3FCEEA25-1F85-4E84-9DD4-562F2CF2ACB4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1CC0BB8E-5057-4CB4-B205-890173C20242}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImLc.exe:IncrediMail "{626AEA9A-4E02-4256-8CD5-657965764552}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImLc.exe:IncrediMail "{B689A912-C719-4920-A136-608A4CF0851A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{13D4932D-BC1F-4CDE-B499-9B488F4BDCD6}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{0785C919-7160-427A-88B0-B7EFB69BB9A7}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{CD8546B4-A584-412B-BC0A-25F24E64E51B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{6A255346-18CB-404A-A10B-CA01F547D972}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{1ACB38F7-EBF3-4CCF-BACC-911F01F6E70D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{104B3663-3B04-4217-9435-0DB7BAC70C51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{D3584FC2-CFFD-4D22-9A54-692F8603A9AB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{93DDAC79-CA52-4DE3-8216-0217A69403EA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AC7B70F1-7AD1-483E-A083-E6FE00711F06}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 7680] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 crlscsi;crlscsi;C:\Windows\system32\drivers\crlscsi.sys [1995-11-07 6144] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-01-12 290908] R2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-01-12 114778] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-22 3076608] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [ ] S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-05 92656] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners 2008-10-18 C:\Windows\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe [2006-11-07 00:31] . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Zusätzlicher Suchlauf ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sf.tv/sfsport/ R0 -: HKLM-Main,Start Page = hxxp://www.sf.tv/sfsport/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 -: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 -: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 -: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 -: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-20 12:58:27 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-10-20 13:00:25 ComboFix-quarantined-files.txt 2008-10-20 11:00:16 Vor Suchlauf: 30 Verzeichnis(se), 128'592'637'952 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 128,558,022,656 Bytes frei 286 --- E O F --- 2008-10-19 05:01:58 --------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:22:01, on 20.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Home Cinema\TV Enhance\TVEService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Portrait Displays\HP My Display\dthtml.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf.tv/sfsport/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sf.tv/sfsport/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf.tv/sfsport/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12089 bytes Guten Morgen.. betreff meines letzten Postings.. kommt jetzt noch was, was zu machen wäre oder war es das schon?? Aufjedenfall scheint mein IE wieder korrekt zu laufen ohne Malware Ansage auf der Seiten und ohne leere Seiten. Sag schon mal ein riesendank***. falls noch was zu erledigen wäre, wäre ich froh dies noch zum Abschluss bringen zu können dass die Sicherheit meines PC gewährleistet ist. Lieber Gruss Toni Dieser Beitrag wurde am 22.10.2008 um 11:55 Uhr von Toni68 editiert.
|
|
|
Auch ich hab nen Problem mit meinem IE.. beim surfen kommt immer wieder mal eine leere Seite mit dem Vermerk Virus, Maleware Threat. Hab auch schon x scanns mit meinem Kapersky gemacht, der aber nichts finden kann.
Ich bin total anfängerr im EDV berreich hoffentlich kann mir jemand weiterhelfen.
Muss/kann ich auch meinen Scann ergebnisse hier durchposten?
danke und gRuss Toni