Trojaner Troj/ByteVer-G / Trojan.BHO |
||
|---|---|---|
| #0
| ||
|
22.04.2010, 09:48
Member
Beiträge: 14 |
||
 
|
|
|
|
22.04.2010, 11:22
Member
Beiträge: 3716 |
||
|
|
|
|
|
22.04.2010, 12:01
Member
Themenstarter Beiträge: 14 |
#3
combofix sagt, dass avira antivir bei mir noch im hintergrund laufen würde und ich es erst ausstellen solle, ehe ich mit dem scan fortfahre, dabei habe ich es aber ja gestern erst deinstalliert... (tauch ja auch gar nicht mehr in meinen programmen auf) woran liegt das und kann ich den scan mit combofix trotzdem gefahrlos durchführen?
|
|
|
|
|
|
|
22.04.2010, 13:48
Member
Themenstarter Beiträge: 14 |
#4
Habs jetzt trotzdem gemacht. Hier die Log-Datei:
ComboFix 10-04-21.01 - Eva 22.04.2010 13:03:53.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1982.1155 [GMT 2:00] ausgeführt von:: c:\users\Eva\Desktop\test.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - Windows: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2391245221-3007099198-1679671105-500 C:\install.exe c:\users\Eva\AppData\Roaming\AD ON Multimedia c:\users\Eva\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe c:\windows\sv.ini . ((((((((((((((((((((((( Dateien erstellt von 2010-03-22 bis 2010-04-22 )))))))))))))))))))))))))))))) . 2010-04-22 11:13 . 2010-04-22 11:14 -------- d-----w- c:\users\Eva\AppData\Local\temp 2010-04-22 11:13 . 2010-04-22 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-22 06:30 . 2010-04-22 06:30 -------- d-----w- c:\users\Eva\AppData\Roaming\Malwarebytes 2010-04-22 06:29 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-22 06:29 . 2010-04-22 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-22 06:29 . 2010-04-22 06:29 -------- d-----w- c:\programdata\Malwarebytes 2010-04-22 06:29 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 22:12 . 2010-04-21 22:12 -------- d-----w- c:\users\Eva\AppData\Local\Sophos 2010-04-21 22:10 . 2010-04-21 22:05 130104 ----a-w- c:\windows\system32\sdccoinstaller.dll 2010-04-21 22:09 . 2010-04-21 22:09 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-04-21 22:09 . 2010-04-21 22:05 23552 ----a-w- c:\windows\system32\sophosboottasks.exe 2010-04-21 22:09 . 2010-04-21 22:09 98304 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\persistance.dll 2010-04-21 22:09 . 2010-04-21 22:09 466944 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\virusdetection.dll 2010-04-21 22:09 . 2010-04-21 22:09 105512 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\rkdisk.dll 2010-04-21 22:09 . 2010-04-21 22:09 556072 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savprogress.exe 2010-04-21 22:09 . 2010-04-21 22:09 746496 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savshellextx64.dll 2010-04-21 22:07 . 2010-04-21 22:07 45608 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\backgroundscanclient.exe 2010-04-21 22:06 . 2010-04-21 22:06 51712 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\sdcdevconx64.exe 2010-04-21 22:05 . 2010-04-21 22:05 2010152 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savmain.exe 2010-04-21 22:04 . 2010-04-21 22:04 147456 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\systeminformation.dll 2010-04-21 22:04 . 2010-04-21 22:04 598016 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\threatmanagement.dll 2010-04-21 22:04 . 2010-04-21 22:04 94208 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\configuresav.exe 2010-04-21 22:04 . 2010-04-21 22:04 286720 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\configuration.dll 2010-04-21 22:04 . 2010-04-21 22:04 151552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savreseng.dll 2010-04-21 22:04 . 2010-04-21 22:04 2030632 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\veex.dll 2010-04-21 22:04 . 2010-04-21 22:04 151552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savreschs.dll 2010-04-21 22:04 . 2010-04-21 22:04 183336 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\osdp.dll 2010-04-21 22:04 . 2010-04-21 22:04 110848 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winxp_i386\savonaccesscontrol.sys 2010-04-21 22:02 . 2010-04-21 22:02 93192 ----a-w- c:\windows\system32\drivers\savonaccess.sys 2010-04-21 22:01 . 2010-04-21 22:09 -------- d-----w- c:\programdata\Sophos 2010-04-21 22:01 . 2010-04-21 22:09 -------- d-----w- c:\program files\Sophos 2010-04-15 07:00 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 07:00 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 07:00 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 07:00 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 07:00 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 07:00 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 06:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 06:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-15 06:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 08:00 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 08:00 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-03-25 13:46 . 2010-03-25 13:46 16 ---h--w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\yttauwe.dll 2010-03-25 13:45 . 2010-03-25 13:45 -------- d-----w- c:\program files\Common Files\SPSS 2010-03-25 13:45 . 2010-03-25 13:45 -------- d-----w- c:\programdata\SPSS 2010-03-25 13:43 . 2010-03-25 13:43 -------- d-----w- c:\program files\SPSSInc . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-22 11:14 . 2010-02-07 21:27 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-22 09:53 . 2007-09-26 10:23 -------- d-----w- c:\users\Eva\AppData\Roaming\Skype 2010-04-22 07:55 . 2008-01-21 19:31 -------- d-----w- c:\users\Eva\AppData\Roaming\skypePM 2010-04-22 06:42 . 2008-02-27 17:00 -------- d-----w- c:\program files\ICQToolbar 2010-04-22 06:09 . 2007-09-25 15:23 42025 ----a-w- c:\users\Eva\AppData\Roaming\nvModes.dat 2010-04-22 00:30 . 2010-03-13 18:44 443912 ----a-w- c:\users\Eva\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-04-21 22:07 . 2010-04-21 22:07 782336 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\setup.dll 2010-04-21 22:06 . 2010-04-21 22:06 14976 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winxp_i386\sophosbootdriver.sys 2010-04-21 22:05 . 2010-04-21 22:05 110592 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\eeconsumer.dll 2010-04-21 22:03 . 2010-04-21 22:03 39552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\win2k\savonaccessfilter.sys 2010-04-21 22:03 . 2010-04-21 22:03 675840 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savadapter.dll 2010-04-21 22:03 . 2010-04-21 22:03 98304 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savservice.exe 2010-04-21 22:03 . 2010-04-21 22:03 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2010-04-21 22:03 . 2010-04-21 22:03 20288 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_i386\sophosbootdriver.sys 2010-04-21 22:03 . 2010-04-21 22:03 23360 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_amd64\sophosbootdriver.sys 2010-04-21 22:03 . 2010-04-21 22:03 59392 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winxp_ia64\sophosboottasks.exe 2010-04-21 22:03 . 2010-04-21 22:03 59392 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_ia64\sophosboottasks.exe 2010-04-21 22:03 . 2010-04-21 22:03 331776 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\desktopmessaging.dll 2010-04-21 22:03 . 2010-04-21 22:03 80936 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savadminservice.exe 2010-04-21 22:03 . 2010-04-21 22:03 110592 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\sophtaineradapter.dll 2010-04-21 22:03 . 2010-04-21 22:03 7168 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\categories.dll 2010-04-21 22:03 . 2010-04-21 22:03 111624 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_amd64\savonaccess.sys 2010-04-21 22:02 . 2010-04-21 22:02 93192 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_i386\savonaccess.sys 2010-04-21 22:02 . 2010-04-21 22:02 82432 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\sxs\msxml4r.dll 2010-04-21 22:02 . 2010-04-21 22:02 82432 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\system\msxml4r.dll 2010-04-21 22:02 . 2010-04-21 22:02 151552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savrescht.dll 2010-04-21 22:02 . 2010-04-21 22:02 163840 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savresdeu.dll 2010-04-21 22:02 . 2010-04-21 22:02 736296 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\savi.dll 2010-04-21 22:02 . 2010-04-21 22:02 1189888 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savshellextia64.dll 2010-04-21 22:02 . 2010-04-21 22:02 90112 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\componentmanager.dll 2010-04-21 22:02 . 2006-11-02 15:38 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-04-21 22:02 . 2006-11-02 15:38 122648 ----a-w- c:\windows\system32\perfc007.dat 2010-04-21 21:11 . 2008-07-13 11:04 -------- d-----w- c:\programdata\Google Updater 2010-04-19 21:41 . 2007-09-25 22:02 -------- d-----w- c:\users\Eva\AppData\Roaming\ICQ 2010-04-19 20:41 . 2009-10-23 17:09 -------- d-----w- c:\users\Eva\AppData\Roaming\vlc 2010-04-18 13:27 . 2009-11-24 11:20 1 ----a-w- c:\users\Eva\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-17 05:15 . 2007-07-05 10:18 -------- d-----w- c:\program files\Google 2010-04-16 06:21 . 2010-02-27 14:07 -------- d-----w- c:\programdata\Microsoft Help 2010-04-14 20:23 . 2010-03-25 13:46 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2010-03-25 19:54 . 2007-09-25 09:45 106208 ----a-w- c:\users\Eva\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-22 22:49 . 2010-02-07 23:28 -------- d-----w- c:\programdata\FLEXnet 2010-03-21 13:32 . 2010-03-21 13:31 21304816 ----a-w- c:\users\Eva\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold_de.exe 2010-03-14 19:28 . 2010-03-14 19:28 -------- d-----w- c:\program files\Trend Micro 2010-03-14 02:44 . 2010-03-14 02:44 118784 ----a-w- c:\users\Eva\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-03-01 09:36 . 2010-03-01 09:35 -------- d-----w- c:\program files\iTunes 2010-03-01 09:35 . 2010-03-01 09:35 -------- d-----w- c:\program files\iPod 2010-03-01 09:35 . 2008-01-11 18:57 -------- d-----w- c:\program files\Common Files\Apple 2010-03-01 09:27 . 2010-03-01 09:27 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-01 02:09 . 2010-02-27 14:16 -------- d-----w- c:\program files\Microsoft Works 2010-02-27 14:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild 2010-02-27 14:14 . 2010-02-27 14:14 -------- d-----w- c:\program files\Microsoft.NET 2010-02-27 14:09 . 2010-02-27 14:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-02-24 08:16 . 2009-10-03 06:40 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 07:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 07:38 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 07:38 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 07:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-22 15:46 . 2010-02-22 15:46 -------- d-----w- c:\program files\7-Zip 2010-02-12 10:32 . 2010-03-13 09:07 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-01-29 11:27 . 2010-01-29 11:27 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9DC8.tmp.exe 2010-01-23 09:26 . 2010-02-24 07:22 2048 ----a-w- c:\windows\system32\tzres.dll 2003-04-08 15:35 . 2007-09-25 17:00 119869 ----a-w- c:\program files\mackiec.cv2 2003-04-08 15:35 . 2007-09-25 17:00 23611 ----a-w- c:\program files\ezbus.cv2 2003-04-08 15:35 . 2007-09-25 17:00 17982 ----a-w- c:\program files\Redrover.cv2 2003-04-08 15:35 . 2007-09-25 17:00 12347 ----a-w- c:\program files\us428.cv2 2003-04-08 15:35 . 2007-09-25 17:00 11776 ----a-w- c:\program files\us224.cv2 2003-04-08 15:35 . 2007-09-25 16:53 36352 ----a-w- c:\program files\FHPopup.ocx 2002-04-06 08:49 . 2007-09-25 16:53 114750 ----a-w- c:\program files\Redrover.cdv 2002-04-06 08:49 . 2007-09-25 16:53 110651 ----a-w- c:\program files\us428.cdv 2009-12-15 18:31 . 2007-09-29 14:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-12-15 18:31 . 2007-09-29 14:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-12-15 18:31 . 2007-09-29 14:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-12-15 18:31 . 2007-09-29 14:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-12-15 18:31 . 2007-09-29 14:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-13 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-25 113664] AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(b):43,3f,a9,d9,21,8f,ca,01 R0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] R3 Eseudor;Eseudor; [x] R3 PAC7311;PC VGA Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024] R3 SASENUM;SASENUM;c:\users\Eva\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-04-21 20288] S1 SASDIFSV;SASDIFSV;c:\users\Eva\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\users\Eva\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-04-21 93192] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-15 537520] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-04-21 80936] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-04-21 98304] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners 2010-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-05 19:33] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:51] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:51] 2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{92E8275D-4FF2-406B-A4FC-418ADD6D0F14}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\18hnjma9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\18hnjma9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . - - - - Entfernte verwaiste Registrierungseinträge - - - - ShellExecuteHooks-{88485281-8b4b-4f8d-9ede-82e29a064277} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-22 13:14 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2010-04-22 13:18:17 ComboFix-quarantined-files.txt 2010-04-22 11:17 Vor Suchlauf: 10 Verzeichnis(se), 27.368.988.672 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 27.464.687.616 Bytes frei - - End Of File - - DF9D3E1C2A1DA961C8762337384F1FF5 |
|
|
|
|
|
|
22.04.2010, 19:07
Member
Beiträge: 3716 |
#5
start programme, zubehör, editor, kopiere rein:
Driver:: Eseudor Datei speichern unter, typ alle dateien, name cfscript.txt speicherort, dort wo combofix.exe gespeichert wurde ziehe cfscript auf combofix, programm startet, log posten. |
|
|
|
|
|
|
22.04.2010, 20:52
Member
Themenstarter Beiträge: 14 |
#6
ist wohl nicht normal, dass wenn combofix fertig ist und alles neugestartet ist, dass dann kein programm (zb internet explorer) mehr startbar ist? nach einem erneuten Neustart gings dann aber zum Glück wieder alles... Hier das Logfile:
ComboFix 10-04-21.01 - Eva 22.04.2010 19:56:38.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1982.1212 [GMT 2:00] ausgeführt von:: c:\users\Eva\Desktop\test.exe Benutzte Befehlsschalter :: c:\users\Eva\Desktop\cfscript.txt SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Eseudor ((((((((((((((((((((((( Dateien erstellt von 2010-03-22 bis 2010-04-22 )))))))))))))))))))))))))))))) . 2010-04-22 18:05 . 2010-04-22 18:09 -------- d-----w- c:\users\Eva\AppData\Local\temp 2010-04-22 18:05 . 2010-04-22 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-04-22 11:01 . 2010-04-22 11:18 -------- d-----w- C:\test 2010-04-22 06:30 . 2010-04-22 06:30 -------- d-----w- c:\users\Eva\AppData\Roaming\Malwarebytes 2010-04-22 06:29 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-22 06:29 . 2010-04-22 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-22 06:29 . 2010-04-22 06:29 -------- d-----w- c:\programdata\Malwarebytes 2010-04-22 06:29 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 22:12 . 2010-04-21 22:12 -------- d-----w- c:\users\Eva\AppData\Local\Sophos 2010-04-21 22:10 . 2010-04-21 22:05 130104 ----a-w- c:\windows\system32\sdccoinstaller.dll 2010-04-21 22:09 . 2010-04-21 22:09 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-04-21 22:09 . 2010-04-21 22:05 23552 ----a-w- c:\windows\system32\sophosboottasks.exe 2010-04-21 22:03 . 2010-04-21 22:03 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2010-04-21 22:02 . 2010-04-21 22:02 93192 ----a-w- c:\windows\system32\drivers\savonaccess.sys 2010-04-21 22:01 . 2010-04-21 22:09 -------- d-----w- c:\programdata\Sophos 2010-04-21 22:01 . 2010-04-21 22:09 -------- d-----w- c:\program files\Sophos 2010-04-15 07:00 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 07:00 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 07:00 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 07:00 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 07:00 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 07:00 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 06:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 06:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-15 06:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 08:00 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 08:00 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-03-25 13:45 . 2010-03-25 13:45 -------- d-----w- c:\program files\Common Files\SPSS 2010-03-25 13:45 . 2010-03-25 13:45 -------- d-----w- c:\programdata\SPSS 2010-03-25 13:43 . 2010-03-25 13:43 -------- d-----w- c:\program files\SPSSInc . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-22 18:09 . 2010-02-07 21:27 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-22 17:52 . 2007-09-26 10:23 -------- d-----w- c:\users\Eva\AppData\Roaming\Skype 2010-04-22 16:27 . 2008-01-21 19:31 -------- d-----w- c:\users\Eva\AppData\Roaming\skypePM 2010-04-22 16:13 . 2009-11-24 11:20 1 ----a-w- c:\users\Eva\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-22 06:42 . 2008-02-27 17:00 -------- d-----w- c:\program files\ICQToolbar 2010-04-22 06:09 . 2007-09-25 15:23 42025 ----a-w- c:\users\Eva\AppData\Roaming\nvModes.dat 2010-04-22 00:30 . 2010-03-13 18:44 443912 ----a-w- c:\users\Eva\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-04-21 22:09 . 2010-04-21 22:09 98304 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\persistance.dll 2010-04-21 22:09 . 2010-04-21 22:09 466944 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\virusdetection.dll 2010-04-21 22:09 . 2010-04-21 22:09 105512 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\rkdisk.dll 2010-04-21 22:09 . 2010-04-21 22:09 556072 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savprogress.exe 2010-04-21 22:09 . 2010-04-21 22:09 746496 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savshellextx64.dll 2010-04-21 22:07 . 2010-04-21 22:07 45608 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\backgroundscanclient.exe 2010-04-21 22:06 . 2010-04-21 22:06 51712 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\sdcdevconx64.exe 2010-04-21 22:05 . 2010-04-21 22:05 2010152 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savmain.exe 2010-04-21 22:04 . 2010-04-21 22:04 147456 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\systeminformation.dll 2010-04-21 22:04 . 2010-04-21 22:04 598016 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\threatmanagement.dll 2010-04-21 22:04 . 2010-04-21 22:04 94208 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\configuresav.exe 2010-04-21 22:04 . 2010-04-21 22:04 286720 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\configuration.dll 2010-04-21 22:04 . 2010-04-21 22:04 151552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savreseng.dll 2010-04-21 22:04 . 2010-04-21 22:04 2030632 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\veex.dll 2010-04-21 22:04 . 2010-04-21 22:04 151552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savreschs.dll 2010-04-21 22:04 . 2010-04-21 22:04 183336 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\osdp.dll 2010-04-21 22:04 . 2010-04-21 22:04 110848 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winxp_i386\savonaccesscontrol.sys 2010-04-21 22:03 . 2010-04-21 22:03 39552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\win2k\savonaccessfilter.sys 2010-04-21 22:03 . 2010-04-21 22:03 675840 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\savadapter.dll 2010-04-21 22:03 . 2010-04-21 22:03 98304 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savservice.exe 2010-04-21 22:03 . 2010-04-21 22:03 20288 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_i386\sophosbootdriver.sys 2010-04-21 22:03 . 2010-04-21 22:03 23360 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_amd64\sophosbootdriver.sys 2010-04-21 22:03 . 2010-04-21 22:03 59392 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winxp_ia64\sophosboottasks.exe 2010-04-21 22:03 . 2010-04-21 22:03 59392 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_ia64\sophosboottasks.exe 2010-04-21 22:03 . 2010-04-21 22:03 331776 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\desktopmessaging.dll 2010-04-21 22:03 . 2010-04-21 22:03 80936 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savadminservice.exe 2010-04-21 22:03 . 2010-04-21 22:03 110592 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\sophtaineradapter.dll 2010-04-21 22:03 . 2010-04-21 22:03 7168 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\categories.dll 2010-04-21 22:03 . 2010-04-21 22:03 111624 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_amd64\savonaccess.sys 2010-04-21 22:02 . 2010-04-21 22:02 93192 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\winlh_i386\savonaccess.sys 2010-04-21 22:02 . 2010-04-21 22:02 82432 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\sxs\msxml4r.dll 2010-04-21 22:02 . 2010-04-21 22:02 82432 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\system\msxml4r.dll 2010-04-21 22:02 . 2010-04-21 22:02 151552 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savrescht.dll 2010-04-21 22:02 . 2010-04-21 22:02 163840 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savresdeu.dll 2010-04-21 22:02 . 2010-04-21 22:02 736296 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\savi.dll 2010-04-21 22:02 . 2010-04-21 22:02 1189888 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savshellextia64.dll 2010-04-21 22:02 . 2010-04-21 22:02 90112 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\componentmanager.dll 2010-04-21 22:02 . 2006-11-02 15:38 618442 ----a-w- c:\windows\system32\perfh007.dat 2010-04-21 22:02 . 2006-11-02 15:38 122648 ----a-w- c:\windows\system32\perfc007.dat 2010-04-21 21:11 . 2008-07-13 11:04 -------- d-----w- c:\programdata\Google Updater 2010-04-19 21:41 . 2007-09-25 22:02 -------- d-----w- c:\users\Eva\AppData\Roaming\ICQ 2010-04-19 20:41 . 2009-10-23 17:09 -------- d-----w- c:\users\Eva\AppData\Roaming\vlc 2010-04-17 05:15 . 2007-07-05 10:18 -------- d-----w- c:\program files\Google 2010-04-16 06:21 . 2010-02-27 14:07 -------- d-----w- c:\programdata\Microsoft Help 2010-04-14 20:23 . 2010-03-25 13:46 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2010-03-25 19:54 . 2007-09-25 09:45 106208 ----a-w- c:\users\Eva\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-22 22:49 . 2010-02-07 23:28 -------- d-----w- c:\programdata\FLEXnet 2010-03-21 13:32 . 2010-03-21 13:31 21304816 ----a-w- c:\users\Eva\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold_de.exe 2010-03-14 19:28 . 2010-03-14 19:28 -------- d-----w- c:\program files\Trend Micro 2010-03-14 02:44 . 2010-03-14 02:44 118784 ----a-w- c:\users\Eva\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-03-01 09:36 . 2010-03-01 09:35 -------- d-----w- c:\program files\iTunes 2010-03-01 09:35 . 2010-03-01 09:35 -------- d-----w- c:\program files\iPod 2010-03-01 09:35 . 2008-01-11 18:57 -------- d-----w- c:\program files\Common Files\Apple 2010-03-01 09:27 . 2010-03-01 09:27 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-01 02:09 . 2010-02-27 14:16 -------- d-----w- c:\program files\Microsoft Works 2010-02-27 14:16 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild 2010-02-27 14:14 . 2010-02-27 14:14 -------- d-----w- c:\program files\Microsoft.NET 2010-02-27 14:09 . 2010-02-27 14:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-02-24 08:16 . 2009-10-03 06:40 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 07:38 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 07:38 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 07:38 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 07:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-22 15:46 . 2010-02-22 15:46 -------- d-----w- c:\program files\7-Zip 2010-02-12 10:32 . 2010-03-13 09:07 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-01-29 11:27 . 2010-01-29 11:27 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9DC8.tmp.exe 2010-01-23 09:26 . 2010-02-24 07:22 2048 ----a-w- c:\windows\system32\tzres.dll 2003-04-08 15:35 . 2007-09-25 17:00 119869 ----a-w- c:\program files\mackiec.cv2 2003-04-08 15:35 . 2007-09-25 17:00 23611 ----a-w- c:\program files\ezbus.cv2 2003-04-08 15:35 . 2007-09-25 17:00 17982 ----a-w- c:\program files\Redrover.cv2 2003-04-08 15:35 . 2007-09-25 17:00 12347 ----a-w- c:\program files\us428.cv2 2003-04-08 15:35 . 2007-09-25 17:00 11776 ----a-w- c:\program files\us224.cv2 2003-04-08 15:35 . 2007-09-25 16:53 36352 ----a-w- c:\program files\FHPopup.ocx 2002-04-06 08:49 . 2007-09-25 16:53 114750 ----a-w- c:\program files\Redrover.cdv 2002-04-06 08:49 . 2007-09-25 16:53 110651 ----a-w- c:\program files\us428.cdv 2009-12-15 18:31 . 2007-09-29 14:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-12-15 18:31 . 2007-09-29 14:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-12-15 18:31 . 2007-09-29 14:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-12-15 18:31 . 2007-09-29 14:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-12-15 18:31 . 2007-09-29 14:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-13 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-25 113664] AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(b):43,3f,a9,d9,21,8f,ca,01 R0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [x] R1 SASDIFSV;SASDIFSV;c:\users\Eva\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\Eva\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] R3 PAC7311;PC VGA Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 449024] R3 SASENUM;SASENUM;c:\users\Eva\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-04-21 20288] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-04-21 93192] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-15 537520] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-04-21 80936] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-04-21 98304] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11-Drahtlosgerätetreiber;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners 2010-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-05 19:33] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:51] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 22:51] 2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{92E8275D-4FF2-406B-A4FC-418ADD6D0F14}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\18hnjma9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\18hnjma9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-22 20:13 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-04-22 20:20:19 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-22 18:20 ComboFix2.txt 2010-04-22 11:18 Vor Suchlauf: 13 Verzeichnis(se), 27.330.981.888 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 27.222.962.176 Bytes frei - - End Of File - - C67EF75F4C48CE1CB1CAB74A14C9E892 |
|
|
|
|
|
|
22.04.2010, 21:07
Member
Beiträge: 3716 |
#7
vllt gabs ein problem.
downloade bitte prevx: http://info.prevx.com/download.asp?grab=edgebeta instaliere das programm, internetverbindung ist benötigt. es wird ein "learn scan" starten, laufen lassen. klicke dann auf konfiguration, heuristik, alles auf maximum, scan starten. du kannst nichts löschen, ich benötige nur das log. das findest du, in dem du auf das prevx im tray (infobereich) klickst und zwar mit rechts, dann auf tools, safe log. speichern und als datei deiner nächsten antwort anhängen. programm kannst du schon deinstalieren oder erst mal drauf lassen. |
|
|
|
|
|
|
22.04.2010, 21:27
Member
Beiträge: 3716 |
#8
noch ne kleinigkeit vergessen
bei age/ Popularity wähle before. wenn du schon gescant hast, einfach noch mal. |
|
|
|
|
|
|
23.04.2010, 12:42
Member
Themenstarter Beiträge: 14 |
||
|
|
|
|
|
23.04.2010, 12:55
Member
Beiträge: 3716 |
#10
hast du das super antispyware log noch?
kannst du mal schauen ob sophos ein logfile angelegt hat? mich würde der fund ort interessieren. möchtest du sophos weiterhin nutzen? |
|
|
|
|
|
|
23.04.2010, 13:15
Member
Themenstarter Beiträge: 14 |
#11
Also laut sophos war der Fundort von Byte Ver-G in C:\Users\Eva\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35
Die Datei ist btw bei mir immer noch in Quarantäne, löschen wär wohl angesagt, oder? Ein Logfile hab ich jetzt nicht gefunden... soll ich nochmal genauer gucken, brauchst du noch eins? Super Antispyware Log habe ich glaube ich auch nicht mehr, wobei ich mir gar nicht sicher bin ob ich eins gespeichert habe und wenn ja wo... :-/ Sophos: weiß nicht, wenn du mir einen besseren Schutz empfehlen kannst, nehm ich da auch gern was anderes. Mit Avira hatte ich ja die Probleme, daher das wohl eher nicht mehr. Sophos hatte ich dann einfach nur genommen, weil wir das von unserer Uni kriegen können und ich dachte dass es ganz gut wäre, aber laut Testberichten ist das ja gar nicht so toll... |
|
|
|
|
|
|
23.04.2010, 13:39
Member
Beiträge: 3716 |
#12
ne genauer schauen brauchst du nicht.
java chache leeren: http://www.java.com/de/download/help/plugin_cache.xml nutze mal den CCleaner bereinige damit, berichte wie der pc läuft. also ich persönlich nutze prevx, muss man aber bezahlen, mein pc läuft damit aber sehr schnell und malware hatte ich auch noch keine :d Das programm gibts natürlich auch in deutsch. An kostenlosen scannern könnte ich dir avast 5 anbieten, ist auch nicht schlecht. |
|
|
|
|
|
|
23.04.2010, 14:25
Member
Themenstarter Beiträge: 14 |
#13
Cache geleert und Cleaner genutzt. :-) Soweit läuft alles gut, kann keine Probleme feststellen... Heißt das der PC ist wieder in Ordnung?
|
|
|
|
|
|
|
23.04.2010, 14:28
Member
Beiträge: 3716 |
#14
downloade otcleanit:
http://oldtimer.geekstogo.com/OTM.exe klicke cleanit! programme löscht removal tools+ sich selbst. starte neu, endere alle passwörter. |
|
|
|
|
|
|
23.04.2010, 14:58
Member
Themenstarter Beiträge: 14 |
#15
gemacht, danach wurde neugestartet und ich wollte auch prevf noch löschen, aber in dem Moment als ich es deinstallieren will, zeigt es mir an, dass prefx eine Infizierung gefunden hätte. dann habe ich also nochmal gescannt und da hat es aber keine Bedrohungen gefunden...?
Ich häng das neue Prefx Log nochmal dran.. Anhang: prefx2.txt
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
- » Trojan-Clicker.Win32.Spyre.b/Troj/AdWare.FindSpy->spoolsrv32.exe
- » Qhosts.apd Trojaner+Troj/Dumaru-AQ (winldra.exe)
- » Virus BDS/Agent.BC.7 -Troj/Spyre-A ->Trojaner->Hintergrundbild
- » 3 trojaner! Trojan.Servu.AZ / Trojan.Runas.A / Backdoor.Iroffer.14b2.B
- » Trojaner Trojan.Clicker.Delf.R + Trojan.PWS.Briss.A unter W2K
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich musste gestern feststellen, dass sich auf meinem Rechner irgendwelche Trojaner/ Viren etc tummeln, nachdem mein PC abgestürzt ist (bzw eigentlich war mein Bildschirm auf einmal nur noch grau-weiß) und ich mit dem hier empfohlenenen SuperAntiSpyware Online Sacanner auch 175 Bedrohungen gefunden habe... danach habe ich Sophos installiert und drüberlaufen lassen und auch das hat noch einen "Troj/ByteVer-G" gefunden. (eigentlich hatte ich bis gestern Avira AntiVir als meinen Standard drauf, aber der hat in den letzten Wochen immer was angezeigt von wegen "das Programm verfügt über bekannte Komptabilitätsprobleme", und daher denke ich nicht, dass das richtig funktionsfähig war)
Wär schön wenn mir jemand helfen könnte und sagen, ob mein System immer noch befallen ist, und wenn ja wie ich das ändern kann, da ich mich damit absolut gar nicht auskenne.
Log von Malwarebytes:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4020
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
22.04.2010 08:42:10
mbam-log-2010-04-22 (08-42-10).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 105728
Laufzeit: 9 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
Gmer-Report wollte ich erstellen, hat sich aber in der Mitte irgendwie aufgehängt, da eine Fehlermeldung angezeigt wurde. Dann hab ich, weil ich ja Vista habe, versucht nochmal als Administrator zu starten, und da ist mein PC komplett abgestürzt. Weiß jetzt nicht ob (und wie) ich es nochmal versuchen soll...?
Hijackthis-Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20:47, on 22.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PixArt\PAC7311\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/34.03/uploader2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227712821
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.fantasy.de/AxisCamControl.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
--
End of file - 10749 bytes
Uninstall-Liste:
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.3 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v7.07.09
Agere Systems HDA Modem
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent 3.4.2
Bonjour
CDBurnerXP
Choice Guard
Citavi 2.5
Compatibility Pack für 2007 Office System
Connect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DVD Shrink 3.2
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPL Ghostscript 8.70
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6.5
IHMC CmapTools v4.12
iTunes
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 17
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 5.6.1 (Full)
kuler
Lexmark Z500-Z600 Series
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mIRC
MobileMe Control Panel
Mozilla Firefox (2.0.0.20)
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
NVIDIA Drivers
odf-converter-integrator
OpenOffice.org 3.1
PC VGA Camera
PDF Blender
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PSPad editor
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SigmaTel Audio
Skype™ 4.1
Sophos Anti-Virus
Sophos AutoUpdate
Spelling Dictionaries Support For Adobe Reader 8
SPSS Statistics 17.0
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update Manager
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.2
WebEye
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool