Log in or Sign up

Liebe Forumsgemeinde,

aufgrund der Bestimmungen, die sich aus der DSGVO ergeben, müssten umfangreiche Anpassungen am Forum vorgenommen werden, die sich für uns nicht wirtschaftlich abbilden lassen. Daher haben wir uns entschlossen, das Forum in seiner aktuellen Form zu archivieren und online bereit zu stellen, jedoch keine Neuanmeldungen oder neuen Kommentare mehr zuzulassen. So ist sichergestellt, dass das gesammelte Wissen nicht verloren geht, und wir die Seite dennoch DSGVO-konform zur Verfügung stellen können.
Dies wird in den nächsten Tagen umgesetzt.

Ich danke allen, die sich in den letzten Jahren für Hilfesuchende und auch für das Forum selbst engagiert haben. Ich bin weiterhin für euch erreichbar unter tti(bei)pcwelt.de.
Dismiss Notice

Virus?

Discussion in 'Sicherheit' started by eiscreme, Nov 26, 2009.

Thread Status:: Not open for further replies.

Page 1 of 2

eiscreme Byte

Kann jemand der Ahnung hat bei mir schauen, ob ich ein Virus oder unnütze Programme habe?
Computer gibt in unregelmäßigen Abstanden keine Rückmeldung.(Vermutung auf Virus)
Logfile of random's system information tool 1.06 (written by random/random)
Run by at 2009-11-26 18:24:52
Microsoft® Windows Vista Home Basic Service Pack 2
System drive C: has 49 GB (33%) free of 148 GB
Total RAM: 894 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:07, on 26.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Hassad\Desktop\RSIT.exe
C:\Program Files\trend micro\Hassad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.1und1.de/links/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie7_start.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/service/redir/ie7_start.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.1und1.de/suchbox/1und1suche?su=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von 1&1 Internet AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\System32\ieconfig_1und1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.0.1_(de)_(TL-FF)_(.NET_CLR_3.5.30729)" -"http://spiele.1001spiele.de/28e558b32e39335323eee34b913ed7b4/game.php?file=687474703a2f2f737069656c652e31303031737069656c652e64652f32386535353862333265333933333533323365656533346239313365643762342f313239342e646372&width=100%&height=100%&1001spieleDE=1&cr=1&ovrprldr=1"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.lokalisten.de/iup/ImageUploader4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O17 - HKLM\System\CS23\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O17 - HKLM\System\CS24\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O17 - HKLM\System\CS25\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O17 - HKLM\System\CS26\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O17 - HKLM\System\CS27\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O17 - HKLM\System\CS28\Services\Tcpip\..\{C67A2BEF-DD87-42A1-BCD5-5FF1A7836A95}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - mquadr.at softwareengineering und consulting gmbh - C:\WINDOWS\System32\ieconfig_1und1_svc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9774 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{820E6B84-9F61-4D03-ADE1-124D3930148D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-12 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-09 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1266336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}]
WEB.DE Browser Configuration by mquadr.at - C:\WINDOWS\System32\ieconfig_1und1.dll [2009-05-28 578952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-04-09 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1266336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-05-22 526880]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-30 68856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [2007-09-26 492912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
C:\Program Files\HP\DVDPlay\DPService.exe [2006-11-07 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Product Registrierungserinnerung]
C:\Windows\Temp\RegModule.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\hp\support\hpsysdrv.exe [2006-09-28 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]
C:\Program Files\Motorola\Software Update\mumservice.exe [2009-03-25 996608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2006-06-29 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2006-09-20 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2009-04-09 970240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-12 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2007-03-19 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4611234a-3d66-11de-9ad3-8699318a7f8e}]
shell\AutoRun\command - taqhptr.bat
shell\explore\command - taqhptr.bat
shell\open\command - taqhptr.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9213d3b-d24a-11db-93ed-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-18 21:28:24 ----D---- C:\Program Files\trend micro
2009-11-18 21:28:22 ----D---- C:\rsit
2009-11-14 01:47:28 ----A---- C:\Windows\system32\divx_xx16.dll
2009-11-14 01:47:28 ----A---- C:\Windows\system32\divx_xx11.dll
2009-11-14 01:47:28 ----A---- C:\Windows\system32\divx_xx0c.dll
2009-11-14 01:47:28 ----A---- C:\Windows\system32\divx_xx0a.dll
2009-11-14 01:47:28 ----A---- C:\Windows\system32\divx_xx07.dll
2009-11-14 01:47:28 ----A---- C:\Windows\system32\DivX.dll
2009-11-12 19:33:40 ----D---- C:\T-Online
2009-11-12 19:16:54 ----D---- C:\Program Files\Common Files\Skype
2009-11-12 19:16:48 ----RD---- C:\Program Files\Skype
2009-11-12 19:16:17 ----D---- C:\ProgramData\Real
2009-11-12 19:15:00 ----A---- C:\Windows\system32\rmoc3260.dll
2009-11-12 19:14:12 ----A---- C:\Windows\system32\pndx5032.dll
2009-11-12 19:14:12 ----A---- C:\Windows\system32\pndx5016.dll
2009-11-12 19:13:53 ----D---- C:\Program Files\Common Files\xing shared
2009-11-12 18:35:23 ----D---- C:\ProgramData\Alwil Software
2009-11-12 18:35:23 ----D---- C:\Program Files\Alwil Software
2009-11-11 13:34:14 ----D---- C:\Users\Hassad\AppData\Roaming\Any Video Converter
2009-11-11 13:34:11 ----D---- C:\Program Files\Any Video Converter
2009-11-08 13:43:17 ----D---- C:\Program Files\WOT
2009-11-04 13:54:49 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-04 13:54:49 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-04 13:54:49 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-04 13:54:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-04 13:54:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-04 13:54:48 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-04 13:54:48 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-04 13:54:48 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-04 13:54:48 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-04 13:54:47 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-04 13:54:46 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-04 13:54:46 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-04 13:54:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-04 13:54:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-11-04 13:54:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-11-04 13:54:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-11-04 13:54:44 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-11-04 13:54:44 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-11-04 13:54:44 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-11-04 13:54:44 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-11-04 13:54:44 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-11-04 13:54:44 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-11-04 13:54:43 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-11-04 13:54:43 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-11-04 13:54:43 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-11-04 13:54:43 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-11-04 13:54:42 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-11-04 13:54:42 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-11-04 13:54:41 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-11-04 13:54:41 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-11-04 13:54:40 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-11-04 13:54:40 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-11-04 13:54:40 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-11-04 13:54:39 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-11-04 13:54:39 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-11-04 13:54:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-11-04 13:54:38 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-11-04 13:54:38 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-11-04 13:54:38 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-11-04 13:54:38 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-11-04 13:54:38 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-11-04 13:54:37 ----A---- C:\Windows\system32\xinput1_3.dll
2009-11-04 13:54:37 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-11-04 13:54:37 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-11-04 13:54:37 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-11-04 13:54:36 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-11-04 13:54:36 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-11-04 13:54:36 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-11-04 13:54:36 ----A---- C:\Windows\system32\d3dx10.dll
2009-11-04 13:54:35 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-11-04 13:54:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-11-04 13:54:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-11-04 13:54:34 ----A---- C:\Windows\system32\xinput1_2.dll
2009-11-04 13:54:34 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-11-04 13:53:21 ----D---- C:\Windows\system32\AGEIA
2009-11-04 13:53:21 ----D---- C:\Program Files\AGEIA Technologies

======List of files/folders modified in the last 1 months======

2009-11-26 18:24:50 ----D---- C:\Windows\Temp
2009-11-26 18:24:27 ----D---- C:\Program Files\Spyware Doctor
2009-11-26 18:05:48 ----AD---- C:\ProgramData\TEMP
2009-11-26 17:45:04 ----D---- C:\Windows\registration
2009-11-25 16:45:33 ----SHD---- C:\Windows\Installer
2009-11-22 21:56:06 ----D---- C:\Windows\System32
2009-11-22 21:56:06 ----D---- C:\Windows\inf
2009-11-22 21:56:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-21 13:08:12 ----D---- C:\Windows\system32\catroot2
2009-11-20 18:35:45 ----RD---- C:\Program Files
2009-11-20 18:33:24 ----D---- C:\Windows\system32\drivers
2009-11-18 13:40:46 ----D---- C:\Program Files\DivX
2009-11-18 13:39:19 ----D---- C:\Program Files\Common Files\DivX Shared
2009-11-14 17:03:10 ----D---- C:\Windows\Microsoft.NET
2009-11-14 16:47:37 ----RSD---- C:\Windows\assembly
2009-11-13 16:29:02 ----D---- C:\Windows\Tasks
2009-11-12 19:17:05 ----D---- C:\ProgramData\Google Updater
2009-11-12 19:16:54 ----D---- C:\ProgramData\Skype
2009-11-12 19:16:54 ----D---- C:\Program Files\Common Files
2009-11-12 19:16:17 ----HD---- C:\ProgramData
2009-11-12 19:16:12 ----D---- C:\Users\Hassad\AppData\Roaming\Real
2009-11-12 19:15:18 ----D---- C:\Program Files\Common Files\Real
2009-11-12 19:13:18 ----A---- C:\Windows\system32\pncrt.dll
2009-11-12 18:53:13 ----D---- C:\Program Files\Picasa2
2009-11-12 13:54:28 ----D---- C:\Users\Hassad\AppData\Roaming\DivX
2009-11-09 19:25:42 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-09 17:39:57 ----D---- C:\ProgramData\Symantec
2009-11-09 17:25:28 ----D---- C:\Program Files\Mozilla Firefox
2009-11-05 13:01:33 ----D---- C:\Program Files\EA GAMES
2009-11-04 13:54:50 ----D---- C:\Program Files\Electronic Arts
2009-11-04 13:53:34 ----D---- C:\WINDOWS
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-29 11:07:06 ----SHD---- C:\System Volume Information
2009-10-28 19:36:43 ----D---- C:\Program Files\NortonInstaller
2009-10-28 19:33:57 ----D---- C:\ProgramData\Norton
2009-10-28 19:33:26 ----D---- C:\Program Files\Symantec
2009-10-28 19:33:21 ----D---- C:\Windows\system32\catroot
2009-10-28 19:31:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-28 19:30:59 ----D---- C:\ProgramData\BVRP Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-11-03 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-11-03 81288]
R2 ACEDRV06;ACEDRV06; \??\C:\Windows\system32\drivers\ACEDRV06.sys [2008-02-17 99840]
R3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys [2007-03-02 17840]
R3 fsRamDsk;RamDisk Drive Service; C:\Windows\system32\DRIVERS\fsRamDsk.sys [2007-04-01 44056]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-09-10 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver; C:\Windows\System32\Drivers\dsltestSp5.sys [2007-09-12 26816]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS [2006-10-04 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 MQAC;@mqutil.dll,-6101; C:\Windows\system32\drivers\mqac.sys [2008-01-19 126976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
S3 PCANDIS5;PCANDIS5; \??\C:\PROGRA~1\T-Online\T-DSLT~1\PCANDIS5.SYS []
S3 SipIMNDI;T-Online Dialerschutz VoIP Service; C:\Windows\system32\DRIVERS\SipIMNDI.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\Windows\system32\DRIVERS\usbsermptxp.sys [2007-09-16 25600]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LPDSVC;TCP/IP-Druckserver; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
R2 WAS;Windows-Prozessaktivierungsdienst; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S2 simptcp;Einfache TCP/IP-Dienste; C:\Windows\System32\tcpsvcs.exe [2009-08-14 9728]
S3 NtmsSvc;Wechselmedien; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 serviceIEConfig;IEConfig 1und1/WEB.DE/GMX Edition; C:\WINDOWS\System32\ieconfig_1und1_svc.exe [2009-05-28 662416]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S4 AppHostSvc;Anwendungshost-Hilfsdienst; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
S4 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S4 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2008-01-19 11264]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2006-09-20 266338]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2006-09-20 118880]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [2006-09-20 1073152]
S4 getPlusHelper;getPlus(R) Helper; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-12 194032]
S4 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 13824]
S4 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S4 iprip;@%Systemroot%\system32\iprip.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S4 MSMQ;@mqutil.dll,-6102; C:\Windows\system32\mqsvc.exe [2006-11-02 8704]
S4 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst; C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe [2007-01-09 61440]
S4 NetMsmqActivator;Net.Msmq-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 NetPipeActivator;Net.Pipe-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 NetTcpActivator;Net.Tcp-Listeneradapter; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-04-11 47616]
S4 TlntSvr;Telnet; C:\Windows\System32\tlntsvr.exe [2009-04-11 71168]
S4 W3SVC;WWW-Publishingdienst; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

-----------------EOF-----------------
Vielen Dank im Voraus!

eiscreme, Nov 26, 2009

#1
X.MAN Moderator

Hier in der Virenabteilung besser aufgehoben....

X.MAN, Nov 26, 2009

#2
SaubererPC Byte

eiscreme said: ↑

Kann jemand der Ahnung hat bei mir schauen, ob ich ein Virus oder unnütze Programme habe?
Computer gibt in unregelmäßigen Abstanden keine Rückmeldung.(Vermutung auf Virus)

-----------------EOF-----------------
Vielen Dank im Voraus!
Click to expand...

Ja, Virus! Stelle dir gleich eine Massnahme Liste aus...

SaubererPC, Nov 26, 2009

#3
-humi- Joker

@Eiscreme:
einen 2. Thread zum gleichen Thema zu eröffnen ist gegen die Regeln, welche du langsam echt lesen solltest!
http://www.pcwelt.de/forum/faq.php

-humi-, Nov 26, 2009

#4
eiscreme Byte

Ja, Virus! Stelle dir gleich eine Massnahme Liste aus...
was heißt das?

eiscreme, Nov 26, 2009

#5
-humi- Joker

Dass du dich gedulden sollst, bis er dir weiterhilft, da so ein Log nicht in ein paar Sekunden/Minuten ausgewertet werden kann.....

-humi-, Nov 26, 2009

#6
eiscreme Byte

Sorry, kenn mich leider nicht aus

eiscreme, Nov 26, 2009

#7
SaubererPC Byte

SaubererPC said: ↑

Ja, Virus! Stelle dir gleich eine Massnahme Liste aus...
Click to expand...

Lade diese Dateien bei Virus Total hoch und lasse sie überprüfen.
http://www.virustotal.com/de/
Poste die gesamten Logs dann hier rein!

C:\WINDOWS\System32\ieconfig_1und1_svc.exe
C:\Program Files\Search Settings\kb128\SearchSettings.dll
Autorun.exe
taqhptr.bat

Nach den zwei letzten Dateien suche mit der "Windows Suche"
Stelle die Suche so ein, dass auch in versteckten Dateien und Systemdateien gesucht wird.

SP.

SaubererPC, Nov 26, 2009

#8
eiscreme Byte

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.43 2009.11.24 -
AhnLab-V3 5.0.0.2 2009.11.24 -
AntiVir 7.9.1.70 2009.11.24 -
Antiy-AVL 2.0.3.7 2009.11.24 -
Authentium 5.2.0.5 2009.11.24 -
Avast 4.8.1351.0 2009.11.24 -
AVG 8.5.0.425 2009.11.24 -
BitDefender 7.2 2009.11.25 -
CAT-QuickHeal 10.00 2009.11.24 -
ClamAV 0.94.1 2009.11.24 -
Comodo 3024 2009.11.24 -
DrWeb 5.0.0.12182 2009.11.24 -
eSafe 7.0.17.0 2009.11.24 -
eTrust-Vet 35.1.7140 2009.11.24 -
F-Prot 4.5.1.85 2009.11.24 -
F-Secure 9.0.15370.0 2009.11.24 -
Fortinet 4.0.14.0 2009.11.24 -
GData 19 2009.11.24 -
Ikarus T3.1.1.74.0 2009.11.24 -
Jiangmin 11.0.800 2009.11.24 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.25 -
McAfee 5812 2009.11.24 -
McAfee+Artemis 5812 2009.11.24 -
McAfee-GW-Edition 6.8.5 2009.11.24 -
Microsoft 1.5302 2009.11.24 -
NOD32 4634 2009.11.24 -
Norman 6.03.02 2009.11.24 -
nProtect 2009.1.8.0 2009.11.24 -
Panda 10.0.2.2 2009.11.24 -
PCTools 7.0.3.5 2009.11.25 -
Prevx 3.0 2009.11.25 -
Rising 22.23.01.09 2009.11.24 -
Sophos 4.47.0 2009.11.24 SearchSettings
Sunbelt 3.2.1858.2 2009.11.24 -
Symantec 1.4.4.12 2009.11.25 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.24 -
VBA32 3.12.12.0 2009.11.24 -
ViRobot 2009.11.24.2051 2009.11.24 -
VirusBuster 5.0.21.0 2009.11.24 -
weitere Informationen
File size: 1091584 bytes
MD5 : c0713f23f1e14d726dde41d911cf0e4c
SHA1 : 2ccdd4025cf1846a529041c1f47b257fa013aeb5
SHA256: 6c04ceb314abc9094800057a12858ac52906f2423c5fbf53338051fc6d42bd76
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8624F
timedatestamp.....: 0x49D0D371 (Mon Mar 30 16:13:05 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8D8A3 0x8DA00 6.04 e1bbc5b98394f2a9938554225fd39666
.rdata 0x8F000 0xEC3B 0xEE00 4.71 81818cd4c2265a8253e8fd6e622db806
.data 0x9E000 0x60430 0x5EE00 3.76 818dfac076c946b025dd542d543ce4ff
.rsrc 0xFF000 0x1A68 0x1C00 3.85 9abf8021cea7109e8798103e0c6c995b
.reloc 0x101000 0xD028 0xD200 6.42 6d9b372f5cf6a8b09a1ede8a3ccd212b

( 13 imports )

> advapi32.dll: GetLengthSid, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CopySid, IsValidSid, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, OpenProcessToken, OpenThreadToken, GetUserNameW, CheckTokenMembership, RegQueryValueExW, RegRestoreKeyW, GetSecurityDescriptorSacl
> gdi32.dll: CreateBitmap, GetStockObject, GetObjectW, CreateSolidBrush, DeleteObject, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps, CreateFontIndirectW, CreateDCW, GetDIBits, SetBkColor, CombineRgn, ExtCreateRegion, CreateDIBSection, MaskBlt, GetPixel, Rectangle, ExtTextOutW, SetTextColor
> kernel32.dll: lstrlenA, FreeLibrary, LoadResource, FindResourceW, GetLastError, LoadLibraryExW, MultiByteToWideChar, lstrcmpiW, lstrcpynW, GetPrivateProfileStringW, LoadLibraryW, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, GlobalUnlock, DeleteAtom, GlobalReAlloc, MulDiv, LocalLock, LocalUnlock, WaitForSingleObject, CreateThread, GetFileSize, EnumUILanguagesW, GlobalLock, GlobalAlloc, GetProcAddress, lstrcmpW, VirtualFree, InterlockedDecrement, InterlockedIncrement, lstrcatW, lstrcpyW, SizeofResource, lstrlenW, GetModuleFileNameW, GetModuleHandleW, GetShortPathNameW, VirtualAlloc, GetCurrentProcess, FlushInstructionCache, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, OpenMutexW, ReleaseMutex, CreateMutexW, SetErrorMode, ExpandEnvironmentStringsW, GlobalFree, IsDBCSLeadByteEx, CompareStringW, LocalAlloc, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, GetPriorityClass, GetCurrentThread, GetProcessHeap, HeapAlloc, HeapFree, GetExitCodeProcess, GetVersionExW, OpenProcess, TerminateProcess, CreateProcessW, WriteFile, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, RemoveDirectoryW, GetTempFileNameW, WideCharToMultiByte, DeleteFileW, CopyFileW, CreateFileW, SetFilePointer, GetTempPathW, ReadFile, CloseHandle, FindFirstFileW, FindNextFileW, FindClose, LocalFree, OutputDebugStringW, CreateDirectoryW, SetLastError, GetLocalTime, FormatMessageW, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentProcessId
> msimg32.dll: AlphaBlend
> msvcp60.dll: _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@G@Z, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@XZ, __Mstd@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, _compare@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEHPBG@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _length@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@G@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBG@Z, _reserve@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEXI@Z, _empty@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_NXZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, _close@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z, _seekg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z, _read@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADH@Z, __7ios_base@std@@QBE_NXZ, _open@_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXPBDH@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$allocator@D@1@@Z, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, _rfind@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGI@Z, __A_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAGI@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@PBG@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBG@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@D@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEABDI@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_NXZ, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, _find_first_not_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, _find_last_not_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIPBG@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBD@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIGI@Z, _end@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEPAGXZ, _begin@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEPAGXZ, _insert@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IPBG@Z, _compare@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEHABV12@@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@0@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBGABV10@@Z, __Ostd@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, _find_last_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGI@Z, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@XZ, _substr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_AV12@II@Z, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEPBGXZ, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBGABV_$allocator@G@1@@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@ABV01@@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGI@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, _length@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, _size@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV_$allocator@G@1@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV01@PBG@Z
> msvcrt.dll: iswdigit, tolower, isdigit, iswxdigit, strstr, _strupr, wcsncpy, towupper, _wcsupr, wcscpy, time, wcsncmp, strlen, localtime, _wcsicmp, _ltow, _wtol, _ultow, _itow, wcstok, swscanf, _wtoi, strncpy, _CxxThrowException, _except_handler3, _terminate@@YAXXZ, __dllonexit, _onexit, _initterm, _adjust_fdiv, __1type_info@@UAE@XZ, iswalnum, wcschr, wcslen, _vsnwprintf, _wstrdate, _wstrtime, _wopen, _write, _close, memcmp, wcsstr, _wcslwr, malloc, memset, realloc, free, __2@YAPAXI@Z, memcpy, _purecall, __CxxFrameHandler, wcscmp
> ole32.dll: StringFromCLSID, CLSIDFromString, CLSIDFromProgID, CoInitialize, CoUninitialize, CoCreateInstance, OleInitialize, CreateStreamOnHGlobal, CoCreateGuid, StringFromGUID2, OleUninitialize, CoTaskMemRealloc, CoTaskMemAlloc, OleLockRunning, CoTaskMemFree
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> olepro32.dll: -
> shell32.dll: SHFileOperationW, SHGetSpecialFolderPathW, SHGetFolderPathW, ShellExecuteExW, ShellExecuteW
> shlwapi.dll: PathRemoveFileSpecW
> user32.dll: GetDlgItem, SendMessageW, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, CreateAcceleratorTableW, LoadStringW, SetForegroundWindow, EnumChildWindows, CallWindowProcW, IsWindowVisible, GetWindowThreadProcessId, DrawFocusRect, ScreenToClient, GetWindowRect, InflateRect, SetDlgItemTextW, ModifyMenuW, IsMenu, LoadImageW, EnumWindows, LoadBitmapW, PostMessageW, ShowWindow, EndDialog, DialogBoxIndirectParamW, MessageBoxW, SystemParametersInfoW, GetWindowDC, SetRect, SetPropW, SetCursor, RemovePropW, GetPropW, PtInRect, MapDialogRect, GetDialogBaseUnits, GetParent, GetClassNameW, RedrawWindow, SetWindowPos, GetClientRect, BeginPaint, FillRect, EndPaint, GetDC, ReleaseDC, IsChild, GetFocus, SetFocus, GetSysColor, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, GetWindow, GetWindowLongW, DefWindowProcW, CharNextW, CreateWindowExW, SetWindowLongW, GetClassInfoExW, LoadCursorW, wsprintfW, RegisterClas***W, DestroyWindow, IsWindow, GetDesktopWindow, RegisterWindowMessageW, GetSystemMetrics
> wininet.dll: InternetQueryOptionW, InternetCloseHandle, InternetOpenW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, HttpQueryInfoW, InternetReadFile, InternetCrackUrlW, InternetCanonicalizeUrlW, InternetGetConnectedState, InternetSetOptionW

( 1 exports )

> DW_DllRegisterServer, DW_DllUnregisterServer, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
ssdeep: 12288:f3Ef9TbWDqffshOJQDAe6cIRxS1nhDFvoKVEKfZchVtZeV98ce:M5bsjArHxS1nh5vtVEKBTH8ce
PEiD : Armadillo v1.xx - v2.xx
RDS : NSRL Reference Data Set
-

eiscreme, Nov 26, 2009

#9
eiscreme Byte

AhnLab-V3 5.0.0.2 2009.04.15 -
AntiVir 7.9.0.143 2009.04.15 HEUR/Malware
Antiy-AVL 2.0.3.1 2009.04.15 -
Authentium 5.1.2.4 2009.04.14 W32/Banload.E.gen!Eldorado
Avast 4.8.1335.0 2009.04.15 -
AVG 8.5.0.287 2009.04.15 -
BitDefender 7.2 2009.04.15 -
CAT-QuickHeal 10.00 2009.04.15 -
ClamAV 0.94.1 2009.04.15 -
Comodo 1113 2009.04.15 -
DrWeb 4.44.0.09170 2009.04.15 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.15 W32/Banload.E.gen!Eldorado
F-Secure 8.0.14470.0 2009.04.15 -
Fortinet 3.117.0.0 2009.04.15 PossibleThreat
GData 19 2009.04.15 -
Ikarus T3.1.1.49.0 2009.04.15 -
K7AntiVirus 7.10.704 2009.04.15 -
Kaspersky 7.0.0.125 2009.04.15 -
McAfee 5585 2009.04.15 -
McAfee+Artemis 5585 2009.04.15 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.04.15 Heuristic.Malware
Microsoft 1.4502 2009.04.15 -
NOD32 4011 2009.04.15 -
Norman 2009.04.15 -
nProtect 2009.1.8.0 2009.04.15 -
Panda 10.0.0.14 2009.04.14 -
PCTools 4.4.2.0 2009.04.15 -
Prevx1 V2 2009.04.15 -
Rising 21.25.24.00 2009.04.15 -
Sophos 4.40.0 2009.04.15 -
Sunbelt 3.2.1858.2 2009.04.15 -
Symantec 1.4.4.12 2009.04.15 -
TheHacker 6.3.4.0.309 2009.04.15 -
TrendMicro 8.700.0.1004 2009.04.15 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.15.1694 2009.04.15 -
VirusBuster 4.6.5.0 2009.04.15 -
weitere Informationen
File size: 662416 bytes
MD5 : 6f95c3fd988e7f9eed50b15c245d3f65
SHA1 : 8dab9d6147d6b69b6757822f8d7b94c3370c8327
SHA256: fbdd71a83ccd5ba3e4f00e4a584ab304888e1552c2cccf96e0bd7284fd2d4a5b
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x83BA4
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x82C28 0x82E00 6.53 ed3ee7691c26343d0087aef736e58fcb
DATA 0x84000 0x1E84 0x2000 4.51 6e37e17e355b66c6efc3bc5626c752f8
BSS 0x86000 0xFB5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x87000 0x27F6 0x2800 5.03 3fe25162faec29f10a9320bb97d64d7a
.tls 0x8A000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x8B000 0x18 0x200 0.20 64997716ea76ea30322b564a52aca588
.reloc 0x8C000 0x9878 0x9A00 6.66 c67c513726a2a572c6b30a5f12386140
.rsrc 0x96000 0xF000 0xF000 5.24 e51d3a521300e77e67557e308941059a

( 11 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, ReportEventA, RegisterEventSourceA, RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegFlushKey, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, DeregisterEventSource, AdjustTokenPrivileges, StartServiceA, StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, lstrlenA, lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, SetConsoleCtrlHandler, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsA, EnumCalendarInfoA, EnterCriticalSection, DuplicateHandle, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CreateDirectoryA, CompareStringA, CloseHandle, Sleep, GetVersionExA
> mpr.dll: WNetGetUniversalNameA
> ole32.dll: CoTaskMemFree, StringFromCLSID, CoCreateGuid, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit, CreateErrorInfo, GetErrorInfo, SetErrorInfo, GetActiveObject, SysFreeString
> shell32.dll: SHFileOperationA, SHGetSpecialFolderLocation, SHGetPathFromIDListA
> urlmon.dll: URLDownloadToFileA
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA, CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostThreadMessageA, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

( 0 exports )
TrID : File type identification
Win32 Executable Delphi generic (39.8%)
Win32 Executable Generic (23.1%)
Win32 Dynamic Link Library (generic) (20.5%)
Win16/32 Executable Delphi generic (5.6%)
Generic Win/DOS Executable (5.4%)
ssdeep: 12288:yDj5jGiHcWBPxPQ8tcvMsuGabv1FJoHubhFhYCGq+:yDjxG+PQ8tefudpFuob+
PEiD : -
RDS : NSRL Reference Data Set
-

eiscreme, Nov 26, 2009

#10
SaubererPC Byte

welche datei hast du hier hochgeladen?!

Bitte das GESAMTE LOG mit "Kopf" abkopieren!

log 1 ist welche Datei?
log 2 ist welche Datei?

SaubererPC, Nov 26, 2009

#11
eiscreme Byte

log1 ist C:\Program Files\Search Settings\kb128\SearchSettings.dll
log 2 das da drüber
Wie mache ich es mit nummer 3 und 4, finde windows suche nicht
Ps bin schon jetzt dankbar

eiscreme, Nov 26, 2009

#12
SaubererPC Byte

eiscreme said: ↑

log1 ist C:\Program Files\Search Settings\kb128\SearchSettings.dll
log 2 das da drüber
Wie mache ich es mit nummer 3 und 4, finde windows suche nicht
Ps bin schon jetzt dankbar
Click to expand...

Siehe Antwort auf deine private Nachricht.

Diese bei VirusTotal ebenfalls hochladen und log posten:

C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe

SaubererPC, Nov 26, 2009

#13
eiscreme Byte

Datei SwHelper_1150596.exe empfangen 2009.11.13 19:02:23 (UTC)
Status: Beendet
Ergebnis: 0/41 (0.00%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2943 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7119 2009.11.13 -
F-Prot 4.5.1.85 2009.11.13 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5800 2009.11.12 -
McAfee+Artemis 5800 2009.11.12 -
McAfee-GW-Edition 6.8.5 2009.11.13 -
Microsoft 1.5202 2009.11.13 -
NOD32 4604 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.067 2009.11.12 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2035 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.13 -
weitere Informationen
File size: 468408 bytes
MD5 : 3686788f2ff7992b1a13e23586ca897b
SHA1 : 419b2fe2a4244c80c1d46f975892863718353206
SHA256: e8994c0de7e3e6f963c29cf347c823eabc05f0bde5337719065a9d94b9feb717
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2B3AE
timedatestamp.....: 0x49F6D9A0 (Tue Apr 28 12:25:36 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3C196 0x3D000 6.58 a5d804e5fd2f3e6abe669a1faab489ac
.rdata 0x3E000 0x10B70 0x11000 5.01 0a0080b2f7c17849689a7c1c1478cedb
.data 0x4F000 0x18A98 0x4000 4.68 54cc420fff538d709bfa5bb85d122706
.rsrc 0x68000 0x1D858 0x1E000 5.33 b435558e0973b8a9df794b932b4477ad

( 12 imports )

> advapi32.dll: RegOpenKeyExW, RegDeleteKeyW, RegQueryValueExW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegSetValueExA, RegQueryValueExA, RegDeleteKeyA, RegOpenKeyW, RegOpenKeyExA, RegCreateKeyExA, RegSetValueW, RegDeleteValueW
> crypt32.dll: CertFreeCertificateContext, CertFindCertificateInStore, CertVerifySubjectCertificateContext, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
> gdi32.dll: SetTextColor, CreateFontIndirectW, GetTextMetricsW, GetTextFaceW, CreateSolidBrush, GetObjectW, CreateFontIndirectA, GetObjectA, GetStockObject, CreatePalette, RealizePalette, UnrealizeObject, SelectPalette, DeleteObject, DeleteDC, BitBlt, SelectObject, CreateCompatibleDC, GetDeviceCaps, CreateCompatibleBitmap
> kernel32.dll: SetLastError, lstrcpyW, MulDiv, GlobalUnlock, GlobalLock, lstrlenW, lstrcmpW, GetModuleFileNameW, GlobalHandle, CreateThread, FreeLibrary, lstrcpynW, lstrcatW, GetProcAddress, LoadLibraryW, InterlockedDecrement, SetEvent, CreateEventW, InterlockedIncrement, LoadLibraryExW, GetCommandLineW, GetUserDefaultLCID, ReadFile, LoadLibraryA, lstrlenA, CreateFileA, RemoveDirectoryW, CreateDirectoryW, ExitThread, GetVersionExA, SetCurrentDirectoryW, SetCurrentDirectoryA, GetCurrentDirectoryW, CreateMutexA, ReleaseMutex, FindResourceExW, FindClose, FindNextFileW, FindFirstFileW, GetShortPathNameA, GetSystemDirectoryW, DeleteFileA, GetTempFileNameA, CopyFileA, MoveFileA, GetFileAttributesW, GetSystemDefaultLangID, GetSystemInfo, GetModuleHandleA, FindFirstFileA, FindNextFileA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetTickCount, SetEndOfFile, IsBadCodePtr, IsBadReadPtr, FlushFileBuffers, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, SetStdHandle, GetCurrentDirectoryA, GetFullPathNameA, GetCurrentProcessId, LCMapStringW, LCMapStringA, SetUnhandledExceptionFilter, HeapSize, SetFilePointer, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsGetValue, TlsSetValue, TlsFree, TlsAlloc, GetCPInfo, GetOEMCP, GetTimeZoneInformation, IsBadWritePtr, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoW, SystemTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, VirtualQuery, VirtualAlloc, VirtualProtect, RtlUnwind, TerminateProcess, ExitProcess, GetSystemTimeAsFileTime, HeapReAlloc, GetModuleHandleW, GetTempPathW, GetTempFileNameW, CreateFileW, lstrcmpiW, GlobalFree, Sleep, WriteFile, CloseHandle, GetLastError, WaitForSingleObject, DeleteFileW, FindResourceW, GlobalAlloc, HeapAlloc, GetProcessHeap, HeapFree, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, lstrcmpiA, WideCharToMultiByte, MultiByteToWideChar, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GlobalMemoryStatus, LoadResource, SizeofResource, LockResource, FreeResource, WinExec, GetModuleFileNameA, GetFileAttributesA, GetCurrentThreadId, IsDBCSLeadByte
> ole32.dll: StringFromGUID2, CoTaskMemAlloc, CreateBindCtx, CoCreateGuid, CoInitialize, CoUninitialize, CoTaskMemRealloc, CoTaskMemFree, CoRegisterClassObject, CoRevokeClassObject, OleUninitialize, OleInitialize, CoCreateInstance, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CreateStreamOnHGlobal, OleLockRunning
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: SHFileOperationW, Shell_NotifyIconW, ShellExecuteExW
> shlwapi.dll: StrStrIW, PathFindExtensionW
> urlmon.dll: CreateURLMoniker, RegisterBindStatusCallback
> user32.dll: GetDlgCtrlID, LoadImageA, DefWindowProcA, BeginPaint, GetMessageW, DispatchMessageW, PostThreadMessageW, GetActiveWindow, SendDlgItemMessageW, MapDialogRect, GetClientRect, RegisterWindowMessageW, GetWindowTextLengthW, GetWindowTextW, SetWindowTextW, RegisterClas***W, GetClassInfoExW, LoadCursorW, CreateWindowExW, CreateAcceleratorTableW, CharNextW, RegisterClassA, PostMessageA, SetWindowTextA, GetWindowTextA, EndPaint, OffsetRect, GetWindowRect, AdjustWindowRectEx, EqualRect, SetWindowPos, GetWindowLongA, SetWindowLongA, GetDC, InvalidateRect, ReleaseDC, GetKeyState, SendMessageA, GetWindow, LoadStringW, PostQuitMessage, LoadIconW, GetWindowDC, DialogBoxParamW, SetWindowContextHelpId, GetClassNameA, CallNextHookEx, IsDialogMessageA, IsChild, SetWindowsHookExA, DialogBoxIndirectParamW, CreateDialogParamA, UnregisterClassA, UnhookWindowsHookEx, DestroyWindow, GetDlgItem, GetParent, GetClassNameW, RedrawWindow, IsWindow, DestroyAcceleratorTable, GetFocus, CallWindowProcW, GetDesktopWindow, InvalidateRgn, FillRect, SetCapture, ReleaseCapture, GetSysColor, DefWindowProcW, EndDialog, wsprintfW, SetDlgItemTextW, SendMessageW, GetWindowLongW, SetWindowLongW, UnregisterClassW, LoadStringA, GetSystemMetrics, MoveWindow, EnumChildWindows, SetTimer, EnableWindow, ShowWindow, KillTimer, SetFocus
> version.dll: VerQueryValueA, GetFileVersionInfoA, GetFileVersionInfoSizeA
> wininet.dll: HttpSendRequestW, HttpQueryInfoW, InternetReadFile, InternetCloseHandle, HttpOpenRequestW, InternetOpenW, InternetConnectW

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=3686788f2ff7992b1a13e23586ca897b
ssdeep: 6144:rL9noJhmbDnezGsneLFQIXtdSj3hQr6r/5TTw6KQOV+199kM0:9OhyDezGsnmltdSLh24eQOV+199k
PEiD : -
RDS : NSRL Reference Data Set
-
Bei den anderen Beiden konnte die Datei nicht gefunden werden

eiscreme, Nov 26, 2009

#14
SaubererPC Byte

eiscreme said: ↑

Datei SwHelper_1150596.exe empfangen 2009.11.13 19:02:23 (UTC)

-
Bei den anderen Beiden konnte die Datei nicht gefunden werden
Click to expand...

Gut, der Analyse Vorgang geht weiter:

Lade dir Malwarebytes von hier runter: http://www.malwarebytes.org/
Installieren, updaten und mache einen "fast scan"
Poste das Log dann hier rein.

Ich muss mich jetzt leider verabschieden. :-)
Deoroller oder phonix werden den Fall sicherlich übernehmen.

Soweit ich das nach den bisherigen Logs beurteilen kann, ist dein System infiziert mit "autorun würmern" und anderen "Bösewichten".
Der Scan von Malwarebytes wird interessant sein. Poste das log vollständig hier rein.

Viel Glück!

SP.

Last edited: Nov 26, 2009

SaubererPC, Nov 26, 2009

#15
eiscreme Byte

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3238
Windows 6.0.6002 Service Pack 2

26.11.2009 20:29:27
mbam-log-2009-11-26 (20-29-16).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 98493
Laufzeit: 37 minute(s), 1 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-1601025086-2104277401-3593270979-1000\$RYXUH2Q.exe (Trojan.Downloader) -> No action taken.

hab versucht es über maleware zu reparieren, musste es neu starten und malwareprogramm wurde von autostart geblockt. ist das normal?

Last edited: Nov 26, 2009

eiscreme, Nov 26, 2009

#16
eiscreme Byte

Kann mir jemand bitte helfen?

Last edited: Nov 27, 2009

eiscreme, Nov 27, 2009

#17
deoroller Wandelndes Forum

Du kannst den PC mit einer Avira Rettungs CD untersuchen lassen.
Die ist aktuell.
http://virus-protect.org/artikel/tools/avirarescue.html
Dabei dann auch eine Logdatei auf USB-Stick (FAT-formatiert) abspeichern lassen.

Hinweis für mögliche Leidensgenossen die auf die Rettung mittels AntiVir Rescue CD hoffen:
1.) Unter "Sonstiges" lassen sich die beim Start gefundenen Laufwerke (inklisiv USB Stick) einsehen. Bei meiner individuellen Konstellation war "/mnt/sda1" mein USB-Stick.
2.) In der Konsole unter "Sonstiges" konnte ich mit dem Linux-Konsolenbefehl "ls" (für List) verifizieren, dass sda1 tatsächlich mein USB-Stick ist (ich habe die Ordnerstruktur auf dem USB-Stick erkannt). Mit dem gleichen Befehl "ls /mnt/sda1" konnte ich zum Schluss bestätigen, dass der Kopiervorgang tatsächlich die Logdatei auf den USB-Stick geschrieben hat.
3.) Mit cp (für copy) habe ich - wie bereits von den rettenden Engeln beschrieben - die Logdatei auf den USB-Stick kopiert. Bei meiner individuellen Konfiguration war das "cp /var/log/antivirlog.txt /mnt/sda1/antivirlog.txt"
4.) Nicht verzweifeln ... immer schön die Leerzeichen beachten und Tippfehler kontinuierlich korrigieren !
5.) USB-Stick nicht zwischendurch abziehen ... bei mir klappte es erst, als ich die Rescue CD mit eingestecktem USB-Stick bootete und bis nach dem reboot mit Windows auch stecken ließ.
Click to expand...

http://forum.avira.com/wbb/index.php?page=Thread&postID=774510

Die Logdatei dann posten.
Das System kann beschädigt werden, wenn Avira eine wichtige Systemdatei entfernt, deshalb zuerst mal überprüfen, was gefunden wurde.

deoroller, Nov 27, 2009

#18
poro Ganzes Gigabyte

Das Rumgespiele bringt nix. Dauert zu lange. Neuinstallation, bzw. Backup zurückspielen.

poro, Nov 27, 2009

#19
deoroller Wandelndes Forum

Das ist immer die beste Lösung. Aber wenn man nur das bisschen Adware auf dem PC hat, ist es eigentlich unnötig.

Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-1601025086-2104277401-3593270979-1000\$RYXUH2Q.exe (Trojan.Downloader) -> No action taken.

Da deaktivierst du die Systemwiederherstellung vorübergehend und den Abfalleimer leeren, um es weg zu kriegen.

Last edited: Nov 27, 2009

deoroller, Nov 27, 2009

#20

(You must log in or sign up to reply here.)

Page 1 of 2

Thread Status:: Not open for further replies.

Share This Page