ComboFix-File wg. Trojaner |
||
|---|---|---|
| #0
| ||
|
05.11.2008, 16:16
...neu hier
Beiträge: 8 |
||
 
|
|
|
|
05.11.2008, 18:26
Moderator
Beiträge: 5694 |
#2
Hallo Tomek
Lass bitte zuerst mit Malwarebytes scannen und lass das gefundene entfernen und poste das Log. Dannach ein neues Combofix Log erstellen: http://virus-protect.org/artikel/tools/malwarebytes.html Zudem poste noch ein HiJackThislog: http://virus-protect.org/hjtkurz.html Gruss Swiss |
|
|
|
|
|
|
05.11.2008, 21:31
...neu hier
Themenstarter Beiträge: 8 |
#3
Hallo Swiss,
danke für Deine schnelle Antwort. Malwarebytes hat nix gefunden. Anbei das Hijackthis-File: Danke und Grüße Thomas Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:42, on 2008-10-18 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Windows\system32\svchost.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Windows\system32\AERTSrv.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe C:\Windows\system32\svchost.exe C:\Program Files\BUFFALO\NASNAVI\nassvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\RtHDVCpl.exe C:\Windows\OEM13Mon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\a-squared Anti-Malware\a2guard.exe C:\Program Files\FaxTalk NetOnHold\FTNohMGR.exe C:\Program Files\FaxTalk Communicator\FTCtrl32.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe C:\Program Files\BUFFALO\NASNAVI\nassche.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\DellTPad\Apntex.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1080809 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKLM\..\Run: [NetOnHold] C:\Program Files\FaxTalk NetOnHold\FTNohmgr.exe O4 - HKLM\..\Run: [CallControl 4.7] "C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe" /autoload O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 12808 bytes |
|
|
|
|
|
|
05.11.2008, 23:45
Ehrenmitglied
 Beiträge: 6028 |
#4
Was sagt dein Up-to-date Virenscanner dazu
Zitat seit Tagen verlangsamt ein Trojaner meinen Rechner __________ MfG Argus |
|
|
|
|
|
|
06.11.2008, 12:06
...neu hier
Themenstarter Beiträge: 8 |
#5
Hallo Arnold,
alle Viren-/Spyware-Scanner halte ich immer Up-to-date. Der AVG findet nix. Vorher hatte ich immer AntiVir und der hat einen Unpacked.Gen-Trojaner im Quarantäne-Ordners des Malware-Scanners Spyware Doctor/avdb/temp gefunden. Aber AntiVir konnte den nicht unschädlich machen. Aller halben Stunde kam die Meldung erneut. Nun habe ich erstmal Antivir mit AVG ausgetauscht und ComboFix hat scheinbar den Schutzschild des Spyware Doctor deaktiviert?! Ich vermute aber, dass noch was auf meinem Rechner ist und eigentlich wollte ich den Spyware Doctor wieder aktivieren. Beim letzten Mal kam dann der Trojaner wieder. Eine scheinbar unendliche Geschichte... Hast Du vielleicht eine Idee? Danke und Grüße Thomas |
|
|
|
|
|
|
06.11.2008, 12:25
Ehrenmitglied
Beiträge: 6028 |
#6
Entferne Spyware Doctor
Du benutzt zuviele Guard's Spybot s&d Teatimer Spyware Doctor A-squared Guard Anscheinen hast du Windows Defender de-aktiviert hat nämlich auch eins Nachteil von SD ist,wenn du die Immunisierfunktion von Spybot benutzt werden die von SD wieder entfernt  Ich benutze nur MBAM und SDFix,SDFix hat in normal Modus 3 scanner a-sqaured 3.5 , Norman Malwarescanner und ein Virenscanner von Sophos Die benutze ich hin und wieder  neben mein normalen Virenscanner__________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
seit Tagen verlangsamt ein Trojaner meinen Rechner. Ich poste hier das ComboFix-File mit der Bitte um Hilfe.
Danke und Grüße Thomas
ComboFix 08-11-02.05 - tri 2008-11-04 21:44:20.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1996 [GMT 1:00]
ausgeführt von:: c:\users\tri\Downloads\TrojanerEntferner\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2008-10-04 bis 2008-11-04 ))))))))))))))))))))))))))))))
.
2008-11-03 13:28 . 2008-11-03 13:27 160,792 --a------ c:\windows\System32\drivers\pctfw2.sys
2008-11-03 13:26 . 2008-11-03 13:27 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-11-03 13:24 . 2008-11-03 13:24 <DIR> d-------- c:\users\tri\AppData\Roaming\PC Tools
2008-11-03 13:24 . 2008-11-04 21:42 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-03 13:24 . 2008-08-25 11:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-03 13:24 . 2008-08-25 11:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-03 13:24 . 2008-08-25 11:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-03 13:24 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-10-29 16:19 . 2008-10-29 16:19 <DIR> d-------- c:\users\All Users\Apple Computer
2008-10-29 16:19 . 2008-10-29 16:19 <DIR> d-------- c:\programdata\Apple Computer
2008-10-29 16:19 . 2008-10-29 16:19 <DIR> d-------- c:\program files\QuickTime
2008-10-29 16:19 . 2008-10-29 16:19 <DIR> d-------- c:\program files\Common Files\Apple
2008-10-29 16:16 . 2008-10-29 16:16 <DIR> d-------- c:\users\All Users\Apple
2008-10-29 16:16 . 2008-10-29 16:16 <DIR> d-------- c:\programdata\Apple
2008-10-29 16:16 . 2008-10-29 16:17 <DIR> d-------- c:\program files\Apple Software Update
2008-10-24 22:07 . 2008-10-24 22:07 <DIR> d-------- c:\users\tri\AppData\Roaming\CSR
2008-10-24 22:07 . 2008-10-24 22:07 <DIR> d-------- c:\program files\CSR
2008-10-24 18:35 . 2008-10-24 18:35 <DIR> d-------- c:\program files\Magic M4A to MP3 Converter
2008-10-24 18:10 . 2008-10-24 18:10 <DIR> d-------- c:\program files\Efficient WMA MP3 Converter
2008-10-24 07:23 . 2008-10-24 07:23 <DIR> d-------- c:\users\tri\AppData\Roaming\Toolbars
2008-10-24 07:23 . 2008-10-24 07:23 <DIR> d-------- c:\users\tri\AppData\Roaming\Desktopicon
2008-10-24 07:23 . 2008-10-24 07:24 <DIR> d-------- c:\program files\Audiograbber
2008-10-23 11:58 . 2008-10-24 20:56 32 --a------ c:\windows\0
2008-10-23 11:58 . 2008-10-23 11:58 0 --a------ c:\windows\System32\0
2008-10-21 16:49 . 2008-10-21 16:49 <DIR> d-------- c:\program files\Common Files\Acronis
2008-10-21 16:49 . 2008-10-21 16:49 132,224 --a------ c:\windows\System32\drivers\snapman.sys
2008-10-18 19:41 . 2008-10-18 19:41 <DIR> d-------- c:\program files\Trend Micro
2008-10-18 19:35 . 2008-10-18 19:35 <DIR> d-------- c:\users\tri\AppData\Roaming\dvdcss
2008-10-18 11:58 . 2008-10-18 11:58 <DIR> d-------- c:\users\tri\AppData\Roaming\Malwarebytes
2008-10-18 11:58 . 2008-10-18 11:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-10-18 11:58 . 2008-10-18 11:58 <DIR> d-------- c:\programdata\Malwarebytes
2008-10-18 11:44 . 2008-10-18 11:44 <DIR> d-------- c:\program files\Yahoo!
2008-10-18 11:44 . 2008-10-18 11:46 <DIR> d-------- c:\program files\CCleaner
2008-10-18 10:41 . 2008-10-18 20:51 <DIR> d-------- c:\users\tri\AppData\Roaming\TrueCrypt
2008-10-18 10:39 . 2008-10-18 10:39 235,840 --a------ c:\windows\System32\drivers\truecrypt.sys
2008-10-18 10:38 . 2008-10-18 10:39 <DIR> d-------- c:\program files\TrueCrypt
2008-10-11 14:16 . 2008-10-11 14:16 <DIR> d-------- c:\program files\Common Files\Scanner
2008-10-11 14:16 . 2008-10-11 14:18 <DIR> d-------- c:\program files\CA Yahoo! Anti-Spy
2008-10-11 14:02 . 2007-06-26 11:03 27,136 --a------ c:\windows\System32\ftcumn47.dll
2008-10-11 14:00 . 2008-10-11 14:00 <DIR> d-------- c:\users\All Users\Thought Communications
2008-10-11 14:00 . 2008-10-11 14:00 <DIR> d-------- c:\programdata\Thought Communications
2008-10-11 14:00 . 2008-10-11 14:02 <DIR> d-------- c:\program files\FaxTalk Communicator
2008-10-11 13:28 . 2007-10-31 01:26 54,824 --------- c:\windows\System32\agrsmdel.exe
2008-10-11 13:27 . 2007-10-30 07:54 1,201,632 --a------ c:\windows\System32\drivers\AGRSM.sys
2008-10-11 13:27 . 2007-10-31 01:26 54,824 --a------ c:\windows\agrsmdel.exe
2008-10-11 13:27 . 2007-08-17 07:09 13,312 --a------ c:\windows\System32\agrscoin.dll
2008-10-11 13:27 . 2007-09-26 06:24 12,800 --a------ c:\windows\System32\agrsmsvc.exe
2008-10-11 13:26 . 2008-10-11 13:26 <DIR> d-------- c:\windows\Options
2008-10-11 13:19 . 2008-10-11 13:19 <DIR> d-------- c:\program files\FaxTalk NetOnHold
2008-10-07 14:35 . 2008-10-22 16:36 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-10-07 14:23 . 2008-10-07 14:28 <DIR> d-------- c:\program files\a2 free
2008-10-07 13:47 . 2008-10-25 07:52 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-10-07 13:47 . 2008-10-25 07:52 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-10-07 13:47 . 2008-10-25 07:52 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-07 09:35 . 2008-10-07 09:35 <DIR> d-------- c:\program files\Playlist Creator 3
2008-10-06 14:27 . 2008-10-06 14:27 <DIR> d-------- c:\users\tri\AppData\Roaming\CD-LabelPrint
2008-10-04 19:06 . 2002-08-22 12:07 331,776 --a------ c:\windows\System32\cdintf.dll
2008-10-04 19:06 . 2003-11-24 14:43 16,466 --------- c:\windows\LxFrame.ini
2008-10-04 19:06 . 2008-10-04 19:06 31 --a------ c:\windows\LxTrans.INI
2008-10-04 19:05 . 2002-10-22 11:43 2,993,152 --------- c:\windows\System32\ktdev32.dll
2008-10-04 19:05 . 1999-03-02 08:12 372,736 --------- c:\windows\System32\KSDB32.DLL
2008-10-04 19:05 . 1999-11-03 06:00 249,344 --------- c:\windows\System32\vpes32.dll
2008-10-04 19:05 . 2002-10-22 10:14 212,992 --------- c:\windows\System32\AVCoD32r.dll
2008-10-04 19:05 . 2003-11-27 22:33 53,248 --------- c:\windows\System32\LxDbSets.dll
2008-10-04 19:04 . 2008-10-04 19:04 <DIR> d-------- c:\program files\Sybase
2008-10-04 19:04 . 2008-10-04 19:07 <DIR> d-------- c:\program files\Lexware
2008-10-04 19:02 . 2008-10-04 19:14 <DIR> d-------- c:\program files\Common Files\Lexware
2008-10-04 11:57 . 2008-10-23 11:22 <DIR> d-------- C:\SESAM_ALL
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 21:00 --------- d-----w c:\users\tri\AppData\Roaming\OpenOffice.org2
2008-11-04 20:42 --------- d---a-w c:\programdata\TEMP
2008-11-03 12:08 --------- d-----w c:\programdata\FreePDF
2008-10-21 15:49 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2008-10-21 15:49 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-10-21 15:49 368,480 ----a-w c:\windows\system32\drivers\tdrpman.sys
2008-10-18 19:02 --------- d-----w c:\users\tri\AppData\Roaming\ESTsoft
2008-10-18 19:02 --------- d-----w c:\program files\ESTsoft
2008-10-11 12:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-10 19:53 --------- d-----w c:\programdata\Acronis
2008-10-07 14:48 --------- d-----w c:\program files\Error Repair Professional
2008-10-02 12:37 --------- d-----w c:\programdata\Roxio
2008-10-01 14:33 --------- d-----w c:\programdata\WindowsSearch
2008-10-01 13:31 --------- d-----w c:\users\tri\AppData\Roaming\Creative
2008-10-01 09:11 --------- d-----w c:\programdata\PC Tools
2008-09-27 13:02 --------- d-----w c:\program files\Mozilla Thunderbird
2008-09-23 18:25 --------- d-----w c:\users\tri\AppData\Roaming\vlc
2008-09-23 18:24 --------- d-----w c:\program files\VideoLAN
2008-09-21 19:09 --------- d-----w c:\program files\ElsterFormular
2008-09-21 14:00 --------- d-----w c:\program files\EasyCash&Tax
2008-09-21 13:43 --------- d-----w c:\programdata\ElsterFormular
2008-09-21 10:45 --------- d-----w c:\users\tri\AppData\Roaming\Acronis
2008-09-21 08:38 --------- d-----w c:\program files\Acronis
2008-09-10 16:20 --------- d-----w c:\program files\software4u
2008-09-10 10:53 --------- d-----w c:\program files\WinASO
2008-09-10 10:23 --------- d-----w c:\users\tri\AppData\Roaming\Nokia
2008-09-10 09:19 --------- d-----w c:\program files\Windows Messaging
2008-09-10 06:10 --------- d-----w c:\users\tri\AppData\Roaming\PC Suite
2008-09-10 06:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-09-10 06:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-10 06:09 --------- d-----w c:\programdata\PC Suite
2008-09-09 19:52 --------- d-----w c:\program files\Canon
2008-09-09 19:50 --------- d--h--w c:\programdata\CanonBJ
2008-09-09 19:49 --------- d--h--w c:\program files\CanonBJ
2008-09-09 19:23 --------- d-----w c:\program files\Google
2008-09-09 19:10 --------- d-----w c:\program files\BUFFALO
2008-09-09 18:57 --------- d-----w c:\users\tri\AppData\Roaming\Roxio
2008-09-05 09:00 --------- d-----w c:\program files\FreePDF_XP
2008-09-05 08:50 --------- d-----w c:\program files\gs
2008-09-05 08:45 --------- d-----w c:\programdata\ESTsoft
2008-09-05 08:42 --------- d-----w c:\programdata\Installations
2008-09-05 08:41 --------- d-----w c:\program files\Nokia
2008-09-05 08:41 --------- d-----w c:\program files\DIFX
2008-09-05 08:41 --------- d-----w c:\program files\Common Files\PCSuite
2008-09-05 08:41 --------- d-----w c:\program files\Common Files\Nokia
2008-09-05 08:40 --------- d-----w c:\program files\PC Connectivity Solution
2008-09-05 08:30 --------- d-----w c:\program files\Acrobat 5.0
2008-09-05 08:28 --------- d-----w c:\program files\Common Files\Adobe
2008-09-05 08:22 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-02 09:23 442 ----a-w c:\users\tri\AppData\Roaming\wklnhst.dat
2008-08-09 17:43 540,672 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-08-09 17:43 458,752 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-08-09 17:43 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-08-09 17:43 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-08-09 17:43 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-08-09 17:43 2,153,984 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-08-09 17:43 2,032,128 ----a-w c:\windows\System32\win32k.sys
2008-08-09 17:43 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-09 17:43 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-08-09 17:43 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-08-09 17:42 988,216 ----a-w c:\windows\System32\winload.exe
2008-08-09 17:42 927,288 ----a-w c:\windows\System32\winresume.exe
2008-08-09 17:42 826,880 ----a-w c:\windows\System32\wininet.dll
2008-08-09 17:42 615,992 ----a-w c:\windows\System32\ci.dll
2008-08-09 17:42 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-08-09 17:42 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-08-09 17:42 40,960 ----a-w c:\windows\System32\srclient.dll
2008-08-09 17:42 378,368 ----a-w c:\windows\System32\srcore.dll
2008-08-09 17:42 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-08-09 17:42 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-08-09 17:42 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-11-03_16.52.26.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-11-03 14:40:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-04 20:57:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-03 14:43:45 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-04 20:58:09 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-04 20:58:09 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-03 14:43:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-04 20:58:09 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-04 20:58:09 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-03 15:08:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-04 20:57:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-03 15:08:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-04 20:57:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-03 15:08:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-04 20:57:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-03 15:48:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-04 20:43:42 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-04 20:43:42 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-11-03 14:55:35 122,842 ----a-w c:\windows\System32\perfc007.dat
+ 2008-11-04 20:23:38 122,842 ----a-w c:\windows\System32\perfc007.dat
- 2008-11-03 14:55:35 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-04 20:23:38 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-03 14:55:35 618,430 ----a-w c:\windows\System32\perfh007.dat
+ 2008-11-04 20:23:38 618,430 ----a-w c:\windows\System32\perfh007.dat
- 2008-11-03 14:55:35 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-04 20:23:38 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-03 14:44:05 8,476 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-482242281-1869312470-1521840184-1000_UserData.bin
+ 2008-11-04 20:22:48 8,906 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-482242281-1869312470-1521840184-1000_UserData.bin
- 2008-11-03 14:44:02 75,944 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-04 20:22:45 76,512 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-03 12:34:20 51,346 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-04 20:22:41 51,370 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-09 68856]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"ErrorRepairPro"="c:\program files\Error Repair Professional\autostart.exe" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
c:\users\tri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2008-04-25 1230256]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2008-09-09 200704]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-02-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-482242281-1869312470-1521840184-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6216C6EC-43B7-407B-BE3D-C34D7215D16E}"= UDP:c:\program files\BUFFALO\NASNAVI\NasInst.exe:BUFFALO NAS Navigator Inst
"{7147761D-7E58-41C6-82E9-213EF54D83C9}"= TCP:c:\program files\BUFFALO\NASNAVI\NasInst.exe:BUFFALO NAS Navigator Inst
"{A1B95928-CF6C-42B6-9D5C-CD4FC421A69B}"= UDP:c:\program files\BUFFALO\NASNAVI\NasNavi.exe:BUFFALO NAS Navigator2
"{E807C22D-E3BE-4BA5-BC0C-255D96ECE145}"= TCP:c:\program files\BUFFALO\NASNAVI\NasNavi.exe:BUFFALO NAS Navigator2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;c:\windows\system32\DRIVERS\tdrpman.sys [2008-10-21 368480]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [2008-11-03 160792]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-06-21 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-22 77824]
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe [2008-03-03 251184]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 1357096]
R2 TryAndDecideService;Acronis Try And Decide Service;c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-21 498952]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-22 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-02-22 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-02-22 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-02-22 235200]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 BTHFILT;Bluetooth-Befehlsfilter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{412BF4BD-F87C-4ADD-BE45-B9B985A9E378}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\users\tri\AppData\Roaming\Mozilla\Firefox\Profiles\y45u50h8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 21:58:40
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\System32\conime.exe
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-11-04 22:05:41 - PC wurde neu gestartet [tri]
ComboFix-quarantined-files.txt 2008-11-04 21:05:26
ComboFix2.txt 2008-11-03 15:55:11
Vor Suchlauf: 19 Verzeichnis(se), 87,304,560,640 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 87,277,043,712 Bytes frei
302