Trojaner?, kein Virenscanner kann mehr automatisch updaten |
||
---|---|---|
#0
| ||
11.01.2009, 22:58
...neu hier
Beiträge: 4 |
||
|
||
12.01.2009, 00:14
Ehrenmitglied
Beiträge: 6028 |
#2
Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download link 1 MalwareBytes' Anti-Malware Download link 2 MalwareBytes' Anti-Malware Download link 3 MalwareBytes' Anti-Malware Download link 4 MalwareBytes' Anti-Malware Download link 5 MalwareBytes' Anti-Malware Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet Wähle bei Reiter: “Update “> klicke “Suche nache Aktualisierungen “ “Einstellungen“ hake an “Beende Inter Explorer während des Löschvorgangs“ “Scanner”> "Vollständigen Suchlauf durchführen". Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaken und entfernen lassen Starte dein Rechner neu Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt) Poste dessen inhalt hier ins Forum Note: Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK Danach wird gefragt den Rechner neu zu starten,lass es zu Malwarebytes Anti-Malware kann man nachher behalten ! Und ein log von Hijack This __________ MfG Argus |
|
|
||
12.01.2009, 17:07
...neu hier
Themenstarter Beiträge: 4 |
#3
Vielen Dank, mit MalwareBytes hat es funktioniert, der Trojaner is weg, warum hat der die Adresse von dem Programm im Inet geblockt?
|
|
|
||
13.01.2009, 00:28
Moderator
Beiträge: 5694 |
||
|
||
13.01.2009, 18:24
...neu hier
Themenstarter Beiträge: 4 |
#5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:12, on 13.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe -- End of file - 7620 bytes |
|
|
||
14.01.2009, 00:02
Moderator
Beiträge: 5694 |
#6
Dieser Service sticht mir ins Auge:
Zitat O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe>> Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis: C:\Windows\System32\WinService.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren >> Wende Combofix an und poste das Log: http://www.virus-protect.org/artikel/tools/combofix.html Gruss Swiss |
|
|
||
14.01.2009, 07:55
...neu hier
Themenstarter Beiträge: 4 |
#7
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.14 - AhnLab-V3 2009.1.13.3 2009.01.14 - AntiVir 7.9.0.54 2009.01.13 - Authentium 5.1.0.4 2009.01.13 - Avast 4.8.1281.0 2009.01.13 - AVG 8.0.0.229 2009.01.13 - BitDefender 7.2 2009.01.14 - CAT-QuickHeal 10.00 2009.01.14 - ClamAV 0.94.1 2009.01.14 - Comodo 927 2009.01.13 - DrWeb 4.44.0.09170 2009.01.13 - eSafe 7.0.17.0 2009.01.13 - eTrust-Vet 31.6.6306 2009.01.13 - F-Prot 4.4.4.56 2009.01.13 - F-Secure 8.0.14470.0 2009.01.14 - Fortinet 3.117.0.0 2009.01.14 - GData 19 2009.01.14 - Ikarus T3.1.1.45.0 2009.01.14 - K7AntiVirus 7.10.584 2009.01.09 - Kaspersky 7.0.0.125 2009.01.14 - McAfee 5494 2009.01.13 - McAfee+Artemis 5494 2009.01.13 - Microsoft 1.4205 2009.01.14 - NOD32 3763 2009.01.13 - Norman 5.93.01 2009.01.13 - Panda 9.5.1.2 2009.01.13 - PCTools 4.4.2.0 2009.01.13 - Prevx1 V2 2009.01.14 - Rising 21.12.20.00 2009.01.14 - SecureWeb-Gateway 6.7.6 2009.01.13 - Sophos 4.37.0 2009.01.14 - Sunbelt 3.2.1831.2 2009.01.09 - Symantec 10 2009.01.14 - TheHacker 6.3.1.4.219 2009.01.14 - TrendMicro 8.700.0.1004 2009.01.14 - VBA32 3.12.8.10 2009.01.13 - ViRobot 2009.1.14.1558 2009.01.14 - VirusBuster 4.5.11.0 2009.01.13 - weitere Informationen File size: 180224 bytes MD5...: a174e13276d418e97e30a82e3556b77c SHA1..: 7475b7a0e894668574fd27c51fd9c73d27de5ec7 SHA256: 9f4ab502889f54130f6781543eacae3b3dd17f58da9fe355f7d06346c85ed80e SHA512: abfc41cc45e406171195d4554a1e9f3638618402bd89a6e4eedad8d7d9612503 3de97e0f35b947e2c3b27dc25a3f07e41acba0cce4fd6463fbfa79c865cc9177 ssdeep: 3072:E8bPe+vL46uB7lJhJyLywC7oKWl47R8UKB+tkKO1hc54D:mS46uB7l/J1wC 7W27Rxu+EhtD PEiD..: - TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40f592 timedatestamp.....: 0x460c6b13 (Fri Mar 30 01:42:43 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1f5e5 0x20000 6.61 ca52335892355b77d55f45b82e731621 .rdata 0x21000 0x7592 0x8000 4.75 2811ac03fcd673ad48eca5efd5cfa544 .data 0x29000 0x6558 0x2000 3.77 cc7c6ee5f70213017bf9938b6d82fa62 .rsrc 0x30000 0x51c 0x1000 4.27 0f8aee232e8d9f85db530f466835f12c ( 9 imports ) > Wlanapi.dll: WlanOpenHandle, WlanEnumInterfaces, WlanCloseHandle, WlanFreeMemory > IPHLPAPI.DLL: GetAdaptersInfo > KERNEL32.dll: InterlockedDecrement, FreeLibrary, InterlockedIncrement, GlobalGetAtomNameA, GetThreadLocale, GetVersionExA, lstrcmpW, LoadLibraryA, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalFlags, GetLocaleInfoA, GetCPInfo, GetOEMCP, TlsFree, SetEndOfFile, GetCurrentProcess, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, ExitThread, GetCommandLineA, GetProcessHeap, RaiseException, HeapSize, ExitProcess, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetHandleCount, GetFileType, GetStartupInfoA, GetACP, IsValidCodePage, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleA, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, GetCurrentProcessId, CreateEventA, SuspendThread, SetEvent, WaitForSingleObject, GetCurrentThreadId, ResumeThread, SetThreadPriority, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, SetLastError, InitializeCriticalSection, DeleteCriticalSection, GetExitCodeProcess, lstrcmpA, GlobalAlloc, GlobalFree, lstrcpynA, lstrlenA, CompareStringA, CreateNamedPipeA, ConnectNamedPipe, CreateThread, ReadFile, Sleep, lstrcpyA, WriteFile, FlushFileBuffers, DisconnectNamedPipe, DeleteFileA, CreateFileA, DeviceIoControl, TerminateThread, CloseHandle, GetModuleFileNameA, EnterCriticalSection, GetLocalTime, LeaveCriticalSection, GetVersion, FindResourceA, LoadResource, LockResource, SizeofResource, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, SetStdHandle, GetProcAddress, SetFilePointer > USER32.dll: TabbedTextOutA, DrawTextA, DrawTextExA, GrayStringA, PostQuitMessage, SetWindowTextA, RegisterWindowMessageA, LoadIconA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, PostMessageA, CreateWindowExA, GetClassInfoExA, DestroyMenu, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetWindow, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetWindowTextA, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, UnhookWindowsHookEx, GetParent, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, SendMessageA, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, ClientToScreen, UnregisterClassA, ShowWindow, GetClassInfoA, GetWindowThreadProcessId > ADVAPI32.dll: RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceCtrlDispatcherA, RegOpenKeyA, RegQueryValueExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegOpenKeyExA, DeleteService, CreateServiceA, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService > OLEACC.dll: CreateStdAccessibleObject, LresultFromObject > GDI32.dll: GetStockObject, GetClipBox, SetTextColor, SetBkColor, DeleteObject, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, TextOutA, RectVisible, PtVisible, ExtTextOutA, SaveDC, RestoreDC, DeleteDC, CreateBitmap, GetDeviceCaps, SetMapMode > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > OLEAUT32.dll: -, -, - ( 0 exports ) CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a174e13276d418e97e30a82e3556b77c' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=a174e13276d418e97e30a82e3556b77c</a> Der Scanner sagt kein Virus gefunden Combofix Log: ComboFix 09-01-13.04 - Florian 2009-01-14 7:58:11.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3071.1956 [GMT 1:00] ausgeführt von:: c:\users\Florian\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) . ADS - Windows: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\emMON.exe D:\Autorun.inf D:\resycled d:\resycled\boot.com Y:\Autorun.inf Y:\resycled y:\resycled\boot.com . ((((((((((((((((((((((( Dateien erstellt von 2008-12-14 bis 2009-01-14 )))))))))))))))))))))))))))))) . 2009-01-13 20:18 . 2009-01-13 20:18 <DIR> d-------- C:\Fedora10 2009-01-12 21:43 . 2009-01-12 21:43 <DIR> d-------- c:\users\All Users\BVRP Software 2009-01-12 21:43 . 2009-01-12 21:43 <DIR> d-------- c:\programdata\BVRP Software 2009-01-12 13:04 . 2009-01-12 22:54 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-12 11:45 . 2009-01-12 11:52 <DIR> d-------- c:\program files\Wise Registry Cleaner 3 2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\users\Florian\AppData\Roaming\Malwarebytes 2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-12 10:32 . 2009-01-12 10:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-12 10:32 . 2009-01-04 18:41 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-12 10:32 . 2009-01-04 18:41 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-11 22:52 . 2009-01-11 22:52 <DIR> d-------- c:\program files\Trend Micro 2009-01-11 22:47 . 2009-01-14 07:57 <DIR> d-------- c:\windows\System32\drivers\Avg 2009-01-11 22:47 . 2009-01-12 13:06 <DIR> d-------- c:\users\All Users\avg8 2009-01-11 22:47 . 2009-01-12 13:06 <DIR> d-------- c:\programdata\avg8 2009-01-11 22:47 . 2009-01-11 22:47 <DIR> d-------- c:\program files\AVG 2009-01-11 22:47 . 2009-01-11 22:47 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2009-01-11 22:47 . 2009-01-11 22:47 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys 2009-01-11 22:47 . 2009-01-11 22:47 10,520 --a------ c:\windows\System32\avgrsstx.dll 2009-01-11 21:16 . 2009-01-11 22:08 <DIR> d-------- c:\program files\Drakensang 2009-01-07 16:30 . 2009-01-07 16:31 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-07 12:30 . 2009-01-07 12:30 <DIR> d-------- c:\program files\Bonjour 2009-01-07 12:28 . 2009-01-07 13:06 265,603,432 --a------ c:\users\Florian\Sacred2-DE-2_31_0_0-2_34_0_0.exe 2008-12-14 13:34 . 2008-12-14 13:33 410,984 --a------ c:\windows\System32\deploytk.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-13 18:28 --------- d-----w c:\users\Florian\AppData\Roaming\Skype 2009-01-13 18:10 --------- d-----w c:\users\Florian\AppData\Roaming\skypePM 2009-01-12 20:50 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-12 20:50 --------- d-----w c:\program files\Sony Ericsson 2009-01-12 10:54 --------- d-----w c:\program files\Ubisoft 2009-01-12 10:54 --------- d-----w c:\program files\Total Video Converter 2009-01-12 10:54 --------- d-----w c:\program files\THQ 2009-01-12 10:52 --------- d-----w c:\program files\Electronic Arts 2009-01-12 10:43 --------- d-----w c:\program files\LucasArts 2009-01-11 21:55 6,414 ----a-w c:\windows\System32\ealregsnapshot1.reg 2009-01-08 15:58 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-07 18:31 --------- d-----w c:\users\Florian\AppData\Roaming\dvdcss 2008-12-16 11:47 --------- d-----w c:\program files\DivX 2008-12-16 11:47 --------- d-----w c:\program files\Common Files\PX Storage Engine 2008-12-14 12:33 --------- d-----w c:\program files\Java 2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-12-05 12:19 2,959,376 ----a-w c:\users\Florian\dotnetfx35setup.exe 2008-12-04 16:54 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-04 16:53 31,879,336 ----a-w c:\users\Florian\gfwlivesetupmin.exe 2008-12-04 15:56 --------- d-----w c:\program files\Rockstar Games 2008-12-02 17:06 --------- d-----w c:\programdata\Skype 2008-12-02 17:06 --------- d-----w c:\program files\Common Files\Skype 2008-12-02 17:06 --------- d-----r c:\program files\Skype 2008-12-01 12:22 --------- d-----w c:\programdata\2DBoy 2008-12-01 12:22 --------- d-----w c:\program files\WorldOfGoo 2008-11-26 19:57 --------- d-----w c:\programdata\Media Center Programs 2008-11-26 17:57 --------- d-----w c:\users\Florian\AppData\Roaming\Media Center Programs 2008-11-26 17:37 --------- d-----w c:\users\Florian\AppData\Roaming\InstallShield Installation Information 2008-11-24 10:11 --------- d-----w c:\program files\Nobilis 2008-11-24 10:08 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 10:08 --------- d-----w c:\program files\iTunes 2008-11-24 10:08 --------- d-----w c:\program files\iPod 2008-11-24 10:08 --------- d-----w c:\program files\Common Files\Apple 2008-11-24 10:06 --------- d-----w c:\program files\QuickTime 2008-11-23 20:46 --------- d-----w c:\users\Florian\AppData\Roaming\vlc 2008-11-23 20:45 --------- d-----w c:\program files\VideoLAN 2008-11-23 19:46 --------- d-----w c:\programdata\TrackMania 2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe 2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll 2008-11-21 21:47 129,784 ------w c:\windows\System32\PxAFS.DLL 2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe 2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll 2008-11-20 12:52 --------- d-----w c:\program files\yWorks 2008-11-19 17:48 --------- d-----w c:\program files\Common Files\DVDVIDEOSOFT 2008-11-19 17:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-19 17:45 --------- d-----w c:\program files\Magic Set Editor 2 2008-11-19 17:44 --------- d-----w c:\program files\Free FLV Converter 2008-11-19 17:43 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-11-19 17:42 --------- d-----w c:\program files\Common Files\AVSMedia 2008-11-19 06:56 --------- d-----w c:\programdata\Elaborate Bytes 2008-11-18 07:23 25,597,592 ----a-w c:\users\Florian\Sacred2-DE-2_10_0_0-2_12_0_0.exe 2008-11-17 12:02 --------- d-----w c:\users\Florian\AppData\Roaming\Apple Computer 2008-11-14 11:52 --------- d--h--w c:\program files\CanonBJ 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll 2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-10-14 16:45 46,084,744 ----a-w c:\users\Florian\48f4b81c_wop_sacred_Maps_RendermapBIG.zip 2008-10-03 18:57 478,493,848 ----a-w c:\users\Florian\Sacred2-DE-2_10_0_0.exe 2008-03-26 15:46 174 --sha-w c:\program files\desktop.ini 2007-08-27 14:25 9,690,219 ----a-w c:\users\Public\mws094f.exe 2007-08-18 16:45 0 ----a-w c:\users\Florian\AppData\Roaming\wklnhst.dat 2008-02-25 17:44 22 --sha-w c:\windows\SMINST\HPCD.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-11 1261336] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-29 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "VIDC.VP31"= vp31vfw.dll "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] FactoryMode [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] --a------ 2008-09-01 16:08 173304 c:\program files\ICQ6\ICQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-10-29 18:39 25798440 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --a------ 2008-07-02 16:15 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UACDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{92A336B1-4694-4F30-8FFE-971F781559E5}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{BAE5B54B-BF0E-4A21-93D8-C9EC187D3F83}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{4D2A5A35-4680-4239-8349-7B77EF47AF48}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{5E805145-4BFC-4F6F-BCCD-C5C8A4DBD38B}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{36F1BD77-CFBF-4043-AE92-E0133DCB506C}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{53FEBFED-9805-4A40-B13B-190F1575D5D3}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{738A7626-46AF-4228-A5CB-A96B8D33BF57}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{C2081A6F-76C9-46FF-95BF-F6F57C5B1AFE}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "TCP Query User{716493A7-A0EF-49B8-9AE5-F4B25597E036}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:LastFM "UDP Query User{97D3637A-74DB-4CFD-9442-FA8D62D64351}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:LastFM "TCP Query User{E484F5D1-6368-4E66-B982-82010BB2E199}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3 "UDP Query User{673F35FE-AB04-47FC-984F-F918D7B76EE0}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3 "{DEEBF98A-7A70-48C2-91D2-C24AEAF8AA59}"= UDP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm) "{D685377F-1707-403D-B17D-4EBEB60B6435}"= TCP:c:\program files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm) "TCP Query User{BCC1BC62-DD3B-4ABE-9DD8-11EA86A6264C}c:\\program files\\ascaron entertainment\\sacred underworld\\sacred.exe"= UDP:c:\program files\ascaron entertainment\sacred underworld\sacred.exe:Sacred "UDP Query User{88787CFC-B540-4F4A-841C-2FA0035C1A71}c:\\program files\\ascaron entertainment\\sacred underworld\\sacred.exe"= TCP:c:\program files\ascaron entertainment\sacred underworld\sacred.exe:Sacred "{B04139D6-EB94-4CEC-9B8B-ADFAA4E3673C}"= UDP:c:\programmer\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{3075B4C1-731F-46E4-938D-77D0B6FFAEB8}"= TCP:c:\programmer\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{A1D6EED8-881D-4179-89DC-2403C36EAACE}"= UDP:c:\program files\PC Wizard 2007\unins000.exe: PC Wizard 2007 entfernen "{D15C97F3-D311-4B34-AC98-CE864AA22C3E}"= TCP:c:\program files\PC Wizard 2007\unins000.exe: PC Wizard 2007 entfernen "{CC559A61-2969-489E-80F1-E1FB5A969BED}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire "{B76256E4-E23A-4E5C-B9F6-6AA9FEDE4DBA}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire "{ABDEFAA3-9ED4-4B6F-8964-446BCDC20FC3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{3F4A31FC-A808-40C6-8D62-09F6EDE04D57}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{04BEE453-67B3-4F67-A295-DCB7A2FBBDF6}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{331EEB38-F798-4BE9-941D-07EBBBB8297D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{768A3589-07FB-4097-BB52-30C214EA3E2E}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{94034C49-590A-43C6-98A8-1A0B5A5D9044}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{CD465A7A-901A-42DB-A572-F4AAD973AA8A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{E1AEB91E-041E-4A49-9B76-5FC103D1BE7D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{14B55A38-C504-4F59-8D46-7A479D738157}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{1C3A9C17-C82D-47B4-B0DA-E888F5CCE9DD}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{4B70A891-CC22-454A-95DA-BF339767781F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{705B4BE4-372F-4535-B219-F2196B341FFE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{8185AA8F-E727-42CB-9C23-F526F136660F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{0B845821-4EEA-4B15-9D38-6BAB089C6D5B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{18BB30E7-A679-4ECD-8D80-6A34B0D95C63}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{A31B598B-1EEF-483F-A653-2CC9F4CCB156}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{84A9EE30-9BAF-4F4E-BA7B-587A8AB9BF7D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{5CD02DC4-B849-4739-A213-F0D534764A44}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2 "{64A00C85-7F5C-402A-9266-337C6999CBE4}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2 "{489E841D-374E-4645-87A9-8C61D7BF3F1B}"= UDP:c:\program files\DNA\btdna.exeNA "{5FC84105-A63E-450F-B179-DDB6FD25C277}"= TCP:c:\program files\DNA\btdna.exeNA "TCP Query User{2868388A-2E93-4A37-9735-942155984751}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever "UDP Query User{C06580BC-3CB9-4593-9329-3ED4BA4A4F0A}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever "{8942DDEE-319E-4D2B-9CE7-A2D56F7ED57E}"= UDP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server "{4929367E-2765-484A-B51F-5D12F74AE0CD}"= TCP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server "{FA26B6C4-E707-4AA5-BE3A-97E6F5363476}"= UDP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2 "{E540C2ED-7BE8-4556-A5A7-2C98C8D56404}"= TCP:c:\program files\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2 "{D8A295C0-940E-40B9-A62D-588887DC535A}"= UDP:c:\users\Florian\Downloads\utorrent.exe:µTorrent (TCP-In) "{D03CD4DA-D42B-4455-84BF-525F28A77B5E}"= TCP:c:\users\Florian\Downloads\utorrent.exe:µTorrent (UDP-In) "{1032AEC1-FF51-4FE2-937F-3EB0B8983040}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{82271C20-C993-4DBC-9EB1-A4397F338BE6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "{AA5F7C0A-CD53-4D41-8F19-E9B8F6D6D919}"= UDP:9443:BitComet 9443 TCP "{4C7A5B05-7F9E-4275-8EFC-4DAC65EA8852}"= TCP:9443:BitComet 9443 UDP "{51A07612-36EF-4BD5-BE4B-3AF1B7A96BB5}"= UDP:9988:BitComet 9988 TCP "{44E32D41-F159-4332-AAC6-1F4D26CD0BEB}"= TCP:9988:BitComet 9988 UDP "{93D55583-0632-4F27-A8B3-652C319CAE51}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{A9C27A5A-4565-435D-B0D8-FB39935A2ACD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{360EB256-BDB7-4FA4-8229-C3B70E083A68}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{80E5EEBA-45BF-4AE0-BC60-3E3071EFE8D6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{04D679C1-3F8B-4938-97C8-C5AFA56ED7C1}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{C47DAF9C-EAED-4AF8-8A7B-AA52DD42E5EB}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{69528154-7E8E-4220-8828-3C3AF8740F02}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{540E5F28-BA81-41EC-BAA4-5A19BF8EA225}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{B28CC745-4BE3-4AB9-9977-4F3BC4F8BE4E}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{9E9CE910-FA55-4455-8AA5-8359A58A937B}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{3D283426-BD18-43D1-A7D9-C8574BD03B2C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8AE0AB4C-FD7A-4FF2-9CB5-3F202EB77347}"= Disabled:UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{DE43A53B-2E6D-4C48-9564-4471D37A29FF}"= Disabled:TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{EC09A17B-A7CA-47E6-A136-B01FDF8ACA4C}"= Disabled:UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{5197A353-20BE-4112-B927-D0402D3ABECC}"= Disabled:TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "TCP Query User{7C61C8DE-DC6C-423B-9B63-2049B0A253D4}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{A020A3B5-70C7-4629-8C07-24426866D802}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{E89FA497-ADAC-4BF4-9DF5-B3382F61AB89}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{110304AD-DA9F-43C4-9C74-B03E2E8B37E4}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{E3269B1D-2420-4F96-B0E7-0E0BC4885FC8}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "{35C13380-6CE5-45D6-86A2-F5B6FE1059C4}"= c:\program files\Skype\Phone\Skype.exe:Skype "{7C586C8D-9F51-4DEE-A8FC-9E3DACB0C44D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4060A923-F1D0-4CC8-B893-CA40E6170EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype "{87FF4524-EE83-40E1-97F6-8ECE9CDD5C10}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A45267BE-EC7F-4A3B-AB30-69612BCF9848}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{7C8F1E16-9A97-4303-99FB-67BDFEE12F89}c:\\program files\\ascaron entertainment\\sacred 2 - fallen angel\\system\\s2gs.exe"= UDP:c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server "UDP Query User{65580909-3343-4957-95F6-8F1180525B5B}c:\\program files\\ascaron entertainment\\sacred 2 - fallen angel\\system\\s2gs.exe"= TCP:c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server "{57B67BFF-1ECE-4DC3-8C0E-13FE1AC99976}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{577898A3-AA0C-43DF-85D2-2EE98555D153}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{4D6AC9FC-31C2-4C64-A656-E1B42C827748}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DisabledInterfaces"= {591BE64A-15BE-4D6B-A9AC-6CDD06E234D6} [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [2008-01-08 21728] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-11 97928] R1 SSHDRV79;SSHDRV79;c:\windows\System32\drivers\SSHDRV79.sys [2007-08-04 75264] R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2009-01-11 69128] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-11 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-11 231704] R4 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [2008-01-08 180224] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [2008-01-08 206336] S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] S4 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696] --- Other Services/Drivers In Memory --- *Deregistered* - sptd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL l:\resycled\boot.com l: \shell\Open\command - l:\resycled\boot.com l: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad612f9-8342-11dd-bd4f-9fbbabc68ec8}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL l:\resycled\boot.com l: \shell\Open\command - l:\resycled\boot.com l: . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyServer = socks= uInternet Settings,ProxyOverride = *.local LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\kcbqyd7d.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll ---- FIREFOX POLICIES ---- FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0 FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0 FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0 FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0 FF - user.js: network.proxy.socks_version - 5 FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0 c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 08:02:54 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(752) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(656) c:\windows\system32\avgrsstx.dll . Zeit der Fertigstellung: 2009-01-14 8:06:23 ComboFix-quarantined-files.txt 2009-01-14 07:06:11 Vor Suchlauf: 30 Verzeichnis(se), 131.926.269.952 Bytes frei Nach Suchlauf: 30 Verzeichnis(se), 133,271,068,672 Bytes frei 352 --- E O F --- 2009-01-13 17:03:56 Dieser Beitrag wurde am 14.01.2009 um 08:07 Uhr von floxyz editiert.
|
|
|
||
14.01.2009, 18:30
Moderator
Beiträge: 5694 |
#8
Vermutlich hast du einen infizierten Stick angeschlossen oder eine infizierte externe HD:
>> zuerst den Stick formatieren: * Die einfachste Methode benutzt das Kontextmenü des Windows Explorers: USB-Stick (Wechseldatenträger) markieren, rechte Maustaste drücken, "Formatieren" wählen. (Vollständig) >> wende Flash_Disinfector an - der Stick muss eingestöpselt sein - infizierten Stick mit FlashDis. "behandeln" http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe >> Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Du solltest jetzt auf dem Desktop diese Datei cfscript.txt finden. Zitat KILLALL::cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen wende combofix noch mal an >> Starte den Rechner neu gruss Swiss |
|
|
||
Scheinbar habe ich einen Trojaner und ich möchte nicht gleich mein system neu aufsetzten. Antivir und AVG können sich nicht mehr automatisch updaten und beim surfen tauchen werbepopups auf (das internet ist jedoch nicht langsamer). mit manuellem update hat antivir nichts gefunden.
ngLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:54, on 11.01.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116,85.255.112.80
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.116,85.255.112.80
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116,85.255.112.80
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8376 bytes
fallls ihr noch irgendwelche logs braucht meldet euch
danke im vorraus
flo