twext.exe Trojaner - Computer fährt sich selbst runter, Verursacher NT Autorität |
||
---|---|---|
#0
| ||
29.06.2009, 20:08
Member
Beiträge: 34 |
||
|
||
29.06.2009, 20:16
Moderator
Beiträge: 7805 |
#2
Lass bitte noch Combofix laufen und poste dann, zu dem Cf Report, ein aktuelles Hijackthis log
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
29.06.2009, 20:28
Member
Themenstarter Beiträge: 34 |
#3
Hallo raman,
würd Dir gerne ein cf-Log zur Verfügung stellen, aber schaff ich nicht :-) Not all files could be created, plz close all apps und restart... Sagt er sinngemäß. Hab alle Programme beendet, neu gestartet, aber wenn ich dann CF neu starte, passiert nix. Na, wo ich mein Benutzer-Fehler? :-) Oder doch kein Benutzerfehler? Kann machen, was ich will, alles schließen, im abgesicherten Modus, was auch immer, kann es nicht öffnen. Hab aber ein paar Prozesse laufen, die komisch aussehen. sed.cfexe und cmd.execf Verhindern die vll das Ausführen von CF? Dieser Beitrag wurde am 29.06.2009 um 20:54 Uhr von nenny editiert.
|
|
|
||
29.06.2009, 21:09
Moderator
Beiträge: 7805 |
#4
diese cfexe Prozesse gehoeren, wie der Name vermuten laesst zu (c)ombo(f)ix, deinstalliere bitte combofix via start/ausfuehren, indem du dort
combofix /u eingibst und enter drueckst. Dann hol dir eine neue version, speichere diese in einen Ordner unter dem Namen combo-fix.exe und starte diese.... Im Zweifelsfalle starte es im abgesicherten Modus __________ MfG Ralf SEO-Spam Hunter |
|
|
||
30.06.2009, 17:12
Member
Themenstarter Beiträge: 34 |
#5
So, hier einmal CF
ComboFix 09-06-29.04 - admin 30.06.2009 17:01.2 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2046.1752 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {851035C4-FFA4-0102-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8520ADDC-FFA4-00FA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8532551C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {853B68BC-FFA4-00F1-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85419644-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863B2DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {851CC664-FFA4-00F1-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852404C4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8524CDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85278C2C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852927B4-FFA4-00F1-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852E1A5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852E84C4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852E9DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852F6B64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852F6BBC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852F6C44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852F848C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852FCDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {852FFC1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853016DC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85301DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8530537C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853058B4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85308C44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853092F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8530C6FC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8530D6E4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8530E82C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8530EB64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853114B4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853117A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85314444-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85315054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85315634-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85315C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85316A24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853179C4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853188FC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85318C24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531ADDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531B6F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531BA1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531D78C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531D87C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531DA64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8531EB64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85320054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85320DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532789C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85329A5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532A70C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532B5F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532BA6C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532C934-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532CA6C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532CDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532D054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532E054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8532F8FC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85330054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853307B4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85330C44-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85331D4C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533351C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85334B64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853357F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85335C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533651C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85337A7C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533A6E4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533C444-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533D7FC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533DC1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8533EC8C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853415A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85343794-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534689C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85346AAC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534764C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85347A5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85348A7C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85348C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534B44C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534B89C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534BDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534D2A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534D89C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534D8E4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534DB1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534EA64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8534EA74-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85353334-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85354A5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85356DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85357A44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85359DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8535BCDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8535E554-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8535F8BC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8535FB64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8536089C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85361304-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85362634-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8536351C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85367054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8536B8BC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8536C53C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8536C61C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85377054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85377A2C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85379054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8537C48C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8539FDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853A1524-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853A489C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853B031C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853B49AC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853B6624-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853B797C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853BADDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853BDDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853BE054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853BEA6C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853BF6FC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853C0A6C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853C351C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853C3DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853CA054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853CB364-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853CDC44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853CE6D4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853CE6DC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853CFA64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D052C-FFA4-0111-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D119C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D1A9C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D2A74-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D2C24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D2DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D6B64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D789C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853D7DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DA9A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DD76C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DD99C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DDC1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DE52C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DFA7C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853DFDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E1054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E18A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E29B4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E3054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E3A5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E47E4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E4A64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853E6C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EADDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EBC44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EBDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853ECAA4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853ED644-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853ED7E4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EEDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853EF5DC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F2A9C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F36EC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F4C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F5404-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F58AC-FFA4-00F1-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F58BC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F5DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F653C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F6794-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F762C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F9A5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853F9CA4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853FAA7C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853FB414-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853FBDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853FD444-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {853FF8CC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85401C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85402B44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85402B64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540368C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854036E4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854046DC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85405DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85407D44-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85408054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85408DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85409054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85409A8C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85409B64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540A51C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540B7F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540CC24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540CDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540D79C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540DDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540E8CC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8540FDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541044C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85411BC4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85412DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854146EC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541551C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85416C3C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85417A64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541A69C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541A824-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541A8A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541CA5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8541DDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85422A7C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854253EC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85425C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85425DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8542686C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854277BC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85427804-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8542F334-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8542F51C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85432794-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8543535C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85435A2C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8543D35C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8543D874-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8543EA5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85441054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85443054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854438A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85443C34-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85449C2C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8544AA5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8544ADDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8544EDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85451554-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85451DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854522BC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85453C24-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854548A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85454A64-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85454DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854569A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85458C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8545936C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85459DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8545A8C4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8545AC3C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8545BC1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8545DA6C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8546951C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8546B9A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8547566C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85478DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8547D51C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85483C3C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85485DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {854866F4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8548A47C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8548E054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8549788C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8549935C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8549B054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8549CDDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8549DA5C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8549F35C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C5F054-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86555DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86569DDC-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8660C2A4-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86627524-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86719C1C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8674C51C-FFA4-00EF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {EBD17C84-FFA4-00EF-0D24-347CA8A3377C} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\programme\WinPCap\daemon_mgm.exe c:\programme\WinPCap\npf_mgm.exe c:\programme\WinPCap\rpcapd.exe c:\windows\jestertb.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\dumphive.exe c:\windows\system32\muzapp.exe c:\windows\system32\Packet.dll c:\windows\system32\Process.exe c:\windows\system32\pthreadVC.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((( Dateien erstellt von 2009-05-28 bis 2009-06-30 )))))))))))))))))))))))))))))) . 2009-06-29 17:46 . 2009-06-29 17:46 -------- d-----w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Malwarebytes 2009-06-29 17:46 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-29 17:46 . 2009-06-29 17:46 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-06-29 17:46 . 2009-06-29 17:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-06-29 17:46 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-29 17:42 . 2009-06-29 17:42 -------- d-----w- C:\spoolerlogs 2009-06-29 14:42 . 2009-06-29 14:42 -------- d-----w- c:\programme\TeaTimer (Spybot - Search & Destroy) 2009-06-29 14:42 . 2009-06-29 14:42 -------- d-----w- c:\programme\File Scanner Library (Spybot - Search & Destroy) 2009-06-29 14:42 . 2009-06-29 14:42 -------- d-----w- c:\programme\Misc. Support Library (Spybot - Search & Destroy) 2009-06-29 14:42 . 2009-06-29 14:42 -------- d-----w- c:\programme\SDHelper (Spybot - Search & Destroy) 2009-06-29 14:37 . 2009-06-29 14:37 -------- d-----w- c:\programme\ESET 2009-06-21 08:27 . 2001-11-14 18:19 16384 ----a-w- c:\windows\system32\FileOps.exe 2009-06-21 08:27 . 2009-06-21 08:27 -------- d-----w- c:\windows\system32\Adobe 2009-06-19 18:58 . 2009-06-20 17:13 457 ---ha-w- C:\os466477.bin 2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\windows\PreviewSoft 2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\programme\Ulead Systems 2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\windows\Noslip 2009-06-07 08:14 . 2009-06-07 08:14 -------- d-----w- c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\BVRP Software 2009-06-07 07:57 . 2009-06-07 08:15 -------- d-----w- c:\programme\Avanquest update 2009-06-07 07:57 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys 2009-06-07 07:57 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys 2009-06-07 07:55 . 2009-06-07 08:34 -------- d-----w- c:\programme\Motorola Phone Tools 2009-06-07 07:55 . 2009-06-07 07:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\BVRP Software 2009-06-07 07:54 . 2009-06-07 08:28 9232 ----a-w- c:\dokumente und einstellungen\admin\mqdmmdfl.sys 2009-06-07 07:54 . 2009-06-07 08:28 92064 ----a-w- c:\dokumente und einstellungen\admin\mqdmmdm.sys 2009-06-07 07:54 . 2009-06-07 08:28 79328 ----a-w- c:\dokumente und einstellungen\admin\mqdmserd.sys 2009-06-07 07:54 . 2009-06-07 08:28 5936 ----a-w- c:\dokumente und einstellungen\admin\mqdmwhnt.sys 2009-06-07 07:54 . 2009-06-07 08:28 66656 ----a-w- c:\dokumente und einstellungen\admin\mqdmbus.sys 2009-06-07 07:54 . 2009-06-07 08:28 6208 ----a-w- c:\dokumente und einstellungen\admin\mqdmcmnt.sys 2009-06-07 07:54 . 2009-06-07 08:28 4048 ----a-w- c:\dokumente und einstellungen\admin\mqdmcr.sys 2009-06-07 07:54 . 2009-06-07 08:28 25600 ----a-w- c:\windows\system32\drivers\usbsermptxp.sys 2009-06-07 07:54 . 2009-06-07 08:28 25600 ----a-w- c:\dokumente und einstellungen\admin\usbsermptxp.sys 2009-06-07 07:54 . 2009-06-07 08:28 22768 ----a-w- c:\dokumente und einstellungen\admin\usbsermpt.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-30 15:00 . 2006-04-27 22:13 75868 ----a-w- c:\windows\system32\perfc007.dat 2009-06-30 15:00 . 2006-04-27 22:13 416982 ----a-w- c:\windows\system32\perfh007.dat 2009-06-30 14:50 . 2006-09-21 17:48 -------- d-----w- c:\programme\Mozilla Thunderbird 2009-06-29 20:30 . 2007-04-27 20:51 -------- d-----w- c:\programme\Trillian 2009-06-29 17:13 . 2006-12-15 21:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-06-29 17:03 . 2006-12-15 21:29 -------- d-----w- c:\programme\Spybot - Search & Destroy 2009-06-26 19:14 . 2007-02-14 18:01 -------- d-----w- c:\programme\mIRC 2009-06-21 08:40 . 2006-04-27 21:55 -------- d--h--w- c:\programme\InstallShield Installation Information 2009-06-21 08:27 . 2006-04-27 22:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe 2009-06-20 18:01 . 2006-09-19 10:33 71944 ----a-w- c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-05-20 16:05 . 2009-01-30 14:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Messenger Plus! 2009-04-29 07:16 . 2009-04-05 17:55 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-29 07:16 . 2009-04-05 17:55 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-04-22 17:23 . 2009-04-23 09:50 2797468 ----a-w- c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\pyuo62p1.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll 2009-04-15 08:01 . 2009-03-25 15:57 14 ----a-w- c:\windows\popcinfo.dat 2007-04-11 17:43 . 2007-04-11 17:43 5 -csha-w- c:\windows\system32\feeefc6_g.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-11-30 225280] "ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 160768] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-02-27 16005120] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-03-16 88204] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^admin^Startmenü^Programme^Autostart^Adobe Gamma.lnk] path=c:\dokumente und einstellungen\admin\Startmenü\Programme\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acer Empowering Technology.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk] backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_NORD_FotoSuite_Download HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "xmlprov"=3 (0x3) "UMWdf"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SharedAccess"=2 (0x2) "SENS"=2 (0x2) "seclogon"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RDSessMgr"=3 (0x3) "RasAuto"=3 (0x3) "mnmsrvc"=3 (0x3) "helpsvc"=2 (0x2) "Fax"=2 (0x2) "gusvc"=3 (0x3) "RichVideo"=2 (0x2) "Adobe LM Service"=3 (0x3) "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "BlueSoleil Hid Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\mIRC\\mirc.exe"= "c:\\Programme\\BitTornado\\btdownloadgui.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [06.08.2007 21:50 11264] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [05.04.2009 19:55 108289] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?] S3 cpuz128;cpuz128;\??\c:\dokume~1\admin\LOKALE~1\Temp\cpuz_x32.sys --> c:\dokume~1\admin\LOKALE~1\Temp\cpuz_x32.sys [?] S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30.11.2005 20:28 1088896] S4 Start BT in service;Start BT in service;c:\programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27.12.2007 15:39 51816] . Inhalt des "geplante Tasks" Ordners 2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34] 2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{3AA9F171-5598-45CB-BDEC-872F210C45DC}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 10:58] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: in/mit BitSpirit runterladen - c:\programme\BitSpirit\bsurl.htm TCP: {758EE6A0-35CA-4FF3-B524-DE60AC2D84FF} = 192.168.2.1 FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\pyuo62p1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\pyuo62p1.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-30 17:04 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:60,43,a5,f3,d3,d3,90,f8,34,62,dc,0c,4c,09,9e,00,64,d7,4d,3c,41, bf,7c,42,6e,f6,0a,90,57,0c,7a,cb,a9,db,6d,f1,7d,1f,c2,0e,2a,bd,cb,4d,d8,e9,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="F2908D174A94431E6E57488A .... [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:fc,c8,cd,67,bc,3b,65,bf,54,1c,63,5f,07,ef,95,64,7d,83,b7,f8,92, e6,4e,4e,05,5a,24,5a,67,05,7e,f3,c4,c8,e0,32,29,2a,06,a1,fd,6a,6c,7f,9a,64,\ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(700) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1504) c:\windows\system32\msi.dll . Zeit der Fertigstellung: 2009-06-30 17:06 ComboFix-quarantined-files.txt 2009-06-30 15:06 Vor Suchlauf: 19 Verzeichnis(se), 10.026.404.864 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 10.000.230.912 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 510 _______________________________________________ Hijack nach CF: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:48, on 30.06.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: in/mit BitSpirit runterladen - C:\Programme\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245957440406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245957398375 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{758EE6A0-35CA-4FF3-B524-DE60AC2D84FF}: NameServer = 192.168.2.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 7233 bytes ____________________________ Danke fürs Helfen! |
|
|
||
30.06.2009, 17:52
Moderator
Beiträge: 7805 |
#6
Hake in Hijackthis folgendes an und druecke fix checked:
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Danach deinstalliere Combofix und aktualisiere dein Windows via www.windowsupdate.com. Installiere dir alle wichtigen Updates, die dir angeboten werden. Sollten dir Hardwareupdates angeboten werden, kannst du diese auch installieren, oder schaust auf der Seite des entsprechenden Herstellers nach, dieser bietet meistens aktuellere Treiber.... __________ MfG Ralf SEO-Spam Hunter |
|
|
||
30.06.2009, 19:09
Member
Themenstarter Beiträge: 34 |
#7
Hab das Windows Update brav laufen lassen....
Wenn ich nun den Lappi starte öffen sich noch 2 cmd.exe Fenster... Muß mir das Angst machen? Jedenfalls fährt er zumindest die letzten 20 Minuten nicht mehr runter :-) |
|
|
||
30.06.2009, 19:37
Moderator
Beiträge: 7805 |
#8
Nein, du brauchst dir keine Sorgen machen. Sollte das mit den "CMD" Fenstern jedoch bei einem neustart nach den ganzen Updates noch auftauchen, erstelle ein neues Hijackthis log...
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
mein PC fährt sich gerne gelegentlich mal selbst runter.
NT-Autorität/System ist der Auslöser.
Weiß nun leider nicht, wie ich das wegbekomm.
Hab im abgesicherten Modus Virenscanner und Co laufen lassen, aber eine twext.ext lief sich nicht entfernen.
Hier mein Hijack-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:33, on 29.06.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: in/mit BitSpirit runterladen - C:\Programme\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245957440406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245957398375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{758EE6A0-35CA-4FF3-B524-DE60AC2D84FF}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8637 bytes
____________
Malewarebyte Anti-Maleware hab ich dieses Log hier:
Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2351
Windows 5.1.2600 Service Pack 2
29.06.2009 19:57:27
mbam-log-2009-06-29 (19-57-22).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 90765
Laufzeit: 7 minute(s), 25 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{eb323211-e962-3bb5-a35b-3d414dce560e} (Backdoor.Bifrose) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (Userinit.exe) -> No action taken.
Infizierte Verzeichnisse:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
Infizierte Dateien:
c:\3.exe (Trojan.Agent) -> No action taken.
C:\Update.exe (Trojan.Agent) -> No action taken.
_________________
Ihr könnt mir doch bestimmt helfen, oder?
Vielen Dank