istealer 5.0 kann nicht entfernt werden

Dieses Thema im Forum "Viren, Trojaner & Malware" wurde erstellt von der-master, 1. Oktober 2009 .

Schlagworte:
  1. 1. Oktober 2009
    hallo leute ich habe vor einige wochen das ausm hacker-tools bereich installiert gehabt und das hat sich irgendwie bei mir festgefressen und will nicht weg, hab alles gelöscht aber das startet trotzdem wenn ich vista starte, habe auch die autostart einträge mittels msconfig und tuneup gelöscht aber kommt trotzdem. hijack habe ich durchgeführt und die als schädlich markierte mittel hijack gefixt aber trotzdem kommt es wieder
    #
    hier ist meine txt datei vom hijack

    edit: 5.10.09


    Spoiler
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:15:58, on 05.10.2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    D:\Download\utorrent-1.6(2).exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ICQ6.5\ICQ.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
    O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
    O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8685 bytes
    die schwart markierten einträge sind es aber ich komm nicht da rein wo die seien sollen.

    bitte um hilfe

    bw geht natürlich raus
     
    + Multi-Zitat Zitieren
  3. 2. Oktober 2009
    AW: istealer 5.0 kann nicht entfernt werden

    der gute alte ctfmon..... hab ihn auch immer wieder drauf.... ist bei uns im schulnetzwerk.... hab ihn zu hause mit kaspersky runterbekommen. hab vorher alles mögliche probiert und mit kaspersky hats dann letztendlich geklappt. kannste ja mal installieren und ausprobieren
     
    + Multi-Zitat Zitieren
  4. 2. Oktober 2009
    AW: istealer 5.0 kann nicht entfernt werden

    Stelle sicher, dass dir alle Dateien angezeigt werden klick klack

    http://www.ccleaner.de/ starten

    Starte Combofix http://virus-protect.org/artikel/tools/combofix.html

    Log posten.

    Anschliessend onlinescan durchführen.
     
    + Multi-Zitat Zitieren
  5. 4. Oktober 2009
    AW: istealer 5.0 kann nicht entfernt werden

    hier ist mein log vom combofix

    Spoiler
    ComboFix 09-10-01.05 - master 04.10.2009 14:14.2.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1899 [GMT 2:00]
    ausgeführt von:: c:\users\master\Desktop\ComboFix.exe
    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Im Speicher befindliches AV aktiv.

    .

    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\master\AppData\Roaming\inst.exe
    c:\windows\system32\ogacheckcontrol.dll
    c:\windows\system32\uuddc32.dll
    c:\windows\system32\zip32.dll

    .
    ((((((((((((((((((((((( Dateien erstellt von 2009-09-04 bis 2009-10-04 ))))))))))))))))))))))))))))))
    .

    2009-10-04 12:21 . 2009-10-04 12:21 -------- d-----w- c:\users\master\AppData\Local\temp
    2009-10-04 12:21 . 2009-10-04 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-10-04 11:34 . 2009-10-04 11:34 -------- d-----w- c:\program files\Common Files\Mediafour
    2009-10-04 11:34 . 2009-10-04 11:34 -------- d-----w- c:\programdata\Mediafour
    2009-10-03 13:28 . 2009-10-04 11:33 -------- d-----w- c:\program files\Mediafour
    2009-10-03 09:28 . 2009-10-03 09:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-10-03 09:09 . 2009-10-03 09:09 -------- d-----w- c:\programdata\Office Genuine Advantage
    2009-10-03 09:09 . 2009-10-03 09:09 -------- d-----w- c:\users\master\Office Genuine Advantage
    2009-10-03 02:31 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
    2009-10-03 02:31 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2009-10-03 02:31 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2009-10-03 02:31 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2009-10-03 02:31 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
    2009-10-03 02:31 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
    2009-10-03 02:31 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
    2009-10-03 02:31 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2009-10-03 02:31 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
    2009-10-03 00:16 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-02 09:44 . 2009-10-02 09:44 -------- d-----w- c:\program files\CCleaner
    2009-10-01 20:38 . 2009-10-01 20:38 31170 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2009-10-01 20:38 . 2009-10-01 20:38 22528 ----a-w- c:\windows\system32\Partizan.exe
    2009-10-01 20:38 . 2009-10-01 20:38 2 --shatr- c:\windows\winstart.bat
    2009-10-01 20:38 . 2005-04-03 13:02 8944 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2009-10-01 20:38 . 2009-10-01 20:39 -------- d-----w- c:\program files\UnHackMe
    2009-09-30 20:26 . 2009-09-30 20:26 -------- d-----w- c:\program files\Trend Micro
    2009-09-30 13:46 . 2009-09-30 13:46 -------- d-----w- c:\program files\mkv2vob
    2009-09-30 13:45 . 2009-09-30 13:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-09-29 11:27 . 2009-09-29 11:27 -------- d-----w- c:\program files\EBgoSniper
    2009-09-27 18:42 . 2009-09-27 18:52 -------- d-----w- c:\program files\Auction Auto Bidder
    2009-09-27 16:29 . 2009-09-27 16:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2009-09-26 23:12 . 2009-09-26 23:12 2105008 ----a-w- c:\windows\TeamViewer_Setup_de.exe
    2009-09-22 21:32 . 2009-09-22 23:10 -------- d-----w- c:\users\master\AppData\Local\XenonMKV_Team
    2009-09-22 21:12 . 2009-09-22 21:12 -------- d-----w- c:\programdata\Azureus
    2009-09-22 21:12 . 2009-10-02 08:50 -------- d-----w- c:\users\master\AppData\Roaming\Azureus
    2009-09-19 21:39 . 2009-10-02 09:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-09-19 21:39 . 2009-09-19 21:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-19 21:12 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-09-19 21:12 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-09-19 21:12 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-09-19 21:12 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-09-19 21:12 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-09-19 21:12 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-09-19 21:12 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-09-19 21:12 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
    2009-09-19 21:12 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-09-19 21:12 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2009-09-19 21:12 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-09-19 21:11 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
    2009-09-19 21:11 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
    2009-09-19 21:11 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
    2009-09-19 21:11 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
    2009-09-19 21:11 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
    2009-09-19 21:11 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
    2009-09-05 11:21 . 2009-09-05 11:21 -------- d-----w- c:\temp\Windows 7 Professional (x86) - DVD (English)
    2009-09-04 18:54 . 2009-09-04 18:54 -------- d-----w- c:\temp\Windows 7 Language Pack (x86) - DVD (Multiple Languages)
    2009-09-04 17:03 . 2009-09-05 11:24 -------- d-----w- C:\Temp

    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-04 12:13 . 2008-01-21 07:15 621952 ----a-w- c:\windows\system32\perfh007.dat
    2009-10-04 12:13 . 2008-01-21 07:15 123852 ----a-w- c:\windows\system32\perfc007.dat
    2009-10-04 12:08 . 2009-07-13 17:16 80206 ----a-w- c:\programdata\nvModes.dat
    2009-10-04 12:01 . 2009-06-16 00:18 -------- d-----w- c:\users\master\AppData\Roaming\uTorrent
    2009-10-04 09:50 . 2009-06-15 22:42 9282 ----a-w- c:\windows\bthservsdp.dat
    2009-10-03 09:28 . 2009-06-16 00:02 -------- d-----w- c:\program files\Microsoft
    2009-09-27 01:06 . 2009-07-05 19:08 -------- d-----r- c:\program files\Skype
    2009-09-26 23:12 . 2009-09-26 23:12 2105008 ----a-w- c:\users\master\AppData\Roaming\10855079.tmp
    2009-09-22 20:44 . 2009-06-28 12:11 -------- d-----w- c:\users\master\AppData\Roaming\ImgBurn
    2009-09-21 22:39 . 2009-06-30 17:51 -------- d-----w- c:\programdata\Yahoo! Companion
    2009-09-20 21:49 . 2009-08-23 00:28 -------- d-----w- c:\users\master\AppData\Roaming\vlc
    2009-09-19 22:14 . 2009-06-16 00:50 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-09-19 21:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-09-19 21:24 . 2009-06-16 00:18 -------- d-----w- c:\programdata\Microsoft Help
    2009-09-04 15:14 . 2009-06-16 00:30 -------- d-----w- c:\program files\ESET
    2009-09-03 04:48 . 2009-09-03 04:48 -------- d-----w- c:\programdata\TomTom
    2009-09-03 04:47 . 2009-09-03 04:47 -------- d-----w- c:\users\master\AppData\Roaming\TomTom
    2009-09-03 04:47 . 2009-09-03 04:47 -------- d-----w- c:\program files\TomTom International B.V
    2009-09-03 04:47 . 2009-09-03 04:47 -------- d-----w- c:\program files\TomTom HOME 2
    2009-09-03 04:46 . 2009-09-03 04:46 -------- d-----w- c:\program files\TomTom DesktopSuite
    2009-09-01 18:58 . 2009-07-29 13:52 -------- d-----w- c:\program files\Java
    2009-08-30 15:59 . 2009-08-30 15:59 -------- d-----w- c:\program files\iPhone Explorer
    2009-08-30 06:04 . 2009-06-16 00:24 -------- d-----w- c:\users\master\AppData\Roaming\Dropbox
    2009-08-29 00:27 . 2009-09-02 22:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-29 00:14 . 2009-09-02 22:37 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 14:34 . 2009-08-25 17:55 -------- d-----w- c:\program files\Google
    2009-08-25 11:27 . 2009-08-25 11:27 -------- d-----w- c:\program files\Silabs
    2009-08-25 11:24 . 2009-08-25 11:24 -------- d-----w- c:\program files\LogTool
    2009-08-25 09:33 . 2009-07-20 10:15 -------- d-----w- c:\users\master\AppData\Roaming\Apple Computer
    2009-08-25 09:11 . 2009-07-20 10:14 -------- d-----w- c:\program files\iTunes
    2009-08-25 09:11 . 2009-08-25 09:11 -------- d-----w- c:\program files\iPod
    2009-08-25 09:11 . 2009-08-25 09:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\program files\Bonjour
    2009-08-25 09:10 . 2009-07-20 10:13 -------- d-----w- c:\program files\QuickTime
    2009-08-25 09:09 . 2009-07-20 10:13 -------- d-----w- c:\programdata\Apple Computer
    2009-08-25 09:09 . 2009-08-25 09:09 -------- d-----w- c:\program files\Apple Software Update
    2009-08-25 09:07 . 2009-07-20 10:12 -------- d-----w- c:\programdata\Apple
    2009-08-16 16:06 . 2009-08-16 16:06 -------- d-----w- c:\program files\BayGenie
    2009-08-16 12:01 . 2009-08-16 12:01 -------- d-----w- c:\users\master\AppData\Roaming\IrfanView
    2009-08-16 12:01 . 2009-08-16 12:01 -------- d-----w- c:\program files\IrfanView
    2009-08-13 17:24 . 2009-08-13 17:24 -------- d-----w- c:\program files\QS
    2009-08-09 11:33 . 2009-08-09 10:42 388 ----a-w- c:\windows\system32\dmlg.dat
    2009-08-08 17:07 . 2009-08-08 17:07 -------- d-----w- c:\programdata\SlySoft
    2009-08-08 17:07 . 2009-08-08 17:07 -------- d-----w- c:\program files\SlySoft
    2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
    2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
    2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    2009-07-25 03:23 . 2009-07-29 13:52 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-21 21:52 . 2009-07-29 02:23 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-29 02:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-29 02:23 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-29 02:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 13:54 . 2009-08-12 12:31 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-15 12:40 . 2009-08-12 12:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-15 12:39 . 2009-08-12 12:30 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-15 12:39 . 2009-08-12 12:30 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-15 12:39 . 2009-08-12 12:30 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-15 12:26 . 2009-07-15 12:26 49152 ----a-r- c:\windows\system32\inetwh32.dll
    2009-07-15 12:26 . 2009-07-15 12:26 1044480 ----a-r- c:\windows\system32\roboex32.dll
    2009-07-13 17:05 . 2009-06-15 22:48 680 ----a-w- c:\users\master\AppData\Local\d3d9caps.dat
    2009-07-13 17:05 . 2009-06-15 22:48 83600 ----a-w- c:\users\master\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-09 10:16 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-07-09 10:16 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    .

    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-06-27 03:02 77824 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-06-27 03:02 77824 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-06-27 03:02 77824 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2007-04-20 228352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
    "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-16 949376]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2008-09-23 201304]
    "Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-09-02 141312]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Users^master^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^master^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Real Desktop.lnk]
    path=c:\users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk
    backup=c:\windows\pss\Real Desktop.lnk.Startup
    backupExtension=.Startup

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):0f,93,ac,71,74,ee,c9,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{E8DC4E68-0E2C-45A5-BC5B-3457D432B65C}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
    "UDP Query User{FD9D4067-4B08-4266-BD45-DCEE7CC4F5AC}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
    "{99C563DD-452A-4A60-902C-A14009A3FC19}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{1AAC3BB1-ECBB-433C-B5BA-6559E2D3AA6B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{29F11AB7-4318-4232-BE9C-1D9597E0C9FB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "TCP Query User{1DC80443-2823-482D-98C5-B017FFD83499}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
    "UDP Query User{5C856250-979F-4302-B9C2-DFE02BB71B16}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
    "TCP Query User{A7347C82-4743-4D6E-BE9F-EA89F50670D9}c:\\program files\\sft-loader_2008_rc4\\leecher.exe"= UDP:c:\program files\sft-loader_2008_rc4\leecher.exe:SFT Loader
    "UDP Query User{0578C03F-DFFA-479D-8A54-8353FD5DC0F6}c:\\program files\\sft-loader_2008_rc4\\leecher.exe"= TCP:c:\program files\sft-loader_2008_rc4\leecher.exe:SFT Loader
    "TCP Query User{A6E198BF-DA0A-4A9A-A34F-7BD2D600A1D9}c:\\program files\\sft-loader_2008_rc4\\leecher.exe"= UDP:c:\program files\sft-loader_2008_rc4\leecher.exe:SFT Loader
    "UDP Query User{8C4EC32B-B6C3-45E3-B1A7-CD66EAFB0825}c:\\program files\\sft-loader_2008_rc4\\leecher.exe"= TCP:c:\program files\sft-loader_2008_rc4\leecher.exe:SFT Loader
    "TCP Query User{C939BFD3-975E-435D-AEB3-234302B308A1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
    "UDP Query User{D1FBBFDA-DB90-4845-A903-3CB399A5F0F4}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
    "{BC47532B-755D-4903-A46E-E26867C36410}"= UDP:5353:Adobe CSI CS4
    "{DC28713C-19D4-4A46-B175-ADAB99F41154}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{8F1051B5-5CA3-4F09-9309-956B9C7BD732}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{FE41926A-4EEA-4A7C-829C-9B1B6F88A45B}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{70EAEC02-6119-4138-A4E2-4B70068A05A3}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
    "{6C276F8B-700E-4F1F-A59E-629891430748}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
    "TCP Query User{1D4D1941-9C75-4216-9ADB-31BA947F076E}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
    "UDP Query User{7E6DFE0C-3232-493F-999C-A0B7A91DCD4A}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
    "{5B2625C2-E55D-4654-BA8E-5716D6CC52AE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{1B265624-F282-44EF-A899-FC7F580F17F9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{424DCB44-4BC7-42D2-85F8-A3E6DFF9660B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{EE575E64-9079-443D-B6F1-387343E3DEA7}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{7CCF9FDB-0331-43CB-9891-17BF3EA451ED}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "TCP Query User{EF48DF9D-8795-48CB-A3FB-71C59B8E1085}d:\\download\\sft-loader_2009_rc2\\leecher.exe"= UDP:d:\download\sft-loader_2009_rc2\leecher.exe:SFT Loader
    "UDP Query User{EA6D80ED-6ABD-457D-B0AD-CE154B6C61FF}d:\\download\\sft-loader_2009_rc2\\leecher.exe"= TCP:d:\download\sft-loader_2009_rc2\leecher.exe:SFT Loader
    "TCP Query User{83A1E60B-C839-4779-8C1E-D1367BD8BD79}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{85843858-1961-4CB2-9ACC-3E19E5578187}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "TCP Query User{BE6440FC-966D-4654-9976-9941AF1B0167}d:\\download\\sft-loader_2009_rc2\\leecher.exe"= UDP:d:\download\sft-loader_2009_rc2\leecher.exe:SFT Loader
    "UDP Query User{E3A2E751-6814-4A4D-B593-0B9C9CD3F9C9}d:\\download\\sft-loader_2009_rc2\\leecher.exe"= TCP:d:\download\sft-loader_2009_rc2\leecher.exe:SFT Loader
    "TCP Query User{DBDC02DE-A168-4B80-AF3A-6C8CB277EF75}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{B8764E72-9BB8-499D-A00B-0504D66C5F61}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
    "{54A0661F-D3D4-455A-AD1F-9B2860C7C047}"= UDP:d:\download\utorrent-1.6(2).exe:µTorrent
    "{E8E74C9F-6940-4A14-A571-9DFC3843DDD7}"= TCP:d:\download\utorrent-1.6(2).exe:µTorrent
    "TCP Query User{DC903C09-6879-4838-978C-2CB6650BCC08}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
    "UDP Query User{9FF5DBA3-E662-4383-8C1A-5206AB4A1C31}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows-Sidebar
    "TCP Query User{0DD91E1B-E2B2-4EDC-9BCC-73F728218CC6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{0DA2C43C-D23A-43FF-BA49-1DC8A0D7C151}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{83BAFF1F-5D55-4BB8-B0CF-497BF7E744C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{5FC1C87F-9E27-4F6D-93EC-A483AB3DFED3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{12BC0D97-5501-4242-B000-B3A2F99B8053}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{823B45C5-5FBF-407A-8259-EE3FE0492498}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{AC802C98-2B74-465C-AE8B-B1EF8215C995}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{AFDACED1-D16C-4282-B6AF-ADD0079F71D5}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "{EFE8CA98-3635-4270-9F9E-CA08E6F6A303}"= UDP:12985:BitComet 12985 TCP
    "{62E50FA6-1FA9-4687-BE07-ED65094F1EB5}"= TCP:12985:BitComet 12985 UDP
    "TCP Query User{C003B2A5-437D-4ECA-B80F-31DBA48E5167}c:\\users\\default\\appdata\\local\\temp\\bmas5y9cmd\\azureus.exe"= UDP:c:\users\default\appdata\local\temp\bmas5y9cmd\azureus.exe:Azureus
    "UDP Query User{64F1136A-FB12-4CDB-93CC-79F0656F47D6}c:\\users\\default\\appdata\\local\\temp\\bmas5y9cmd\\azureus.exe"= TCP:c:\users\default\appdata\local\temp\bmas5y9cmd\azureus.exe:Azureus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
    "c:\\Users\\master\\AppData\\Local\\Tempp.update.exe"= c:\users\master\AppData\Local\Tempp.update.exe:*:Enabled .update

    R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04.02.2009 11:14 284160]
    R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04.02.2009 11:22 19456]
    R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [16.06.2009 02:30 15424]
    R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [16.06.2009 01:03 13312]
    R2 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26.11.2008 09:23 150528]
    R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [16.06.2009 00:58 31248]
    R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [16.06.2009 10:48 185640]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [17.06.2009 16:46 603904]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [25.09.2008 07:37 3666432]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26.06.2009 22:55 66080]
    R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [16.06.2009 00:58 1363088]
    S0 Partizan;Partizan;c:\windows\System32\drivers\Partizan.sys [01.10.2009 22:38 31170]
    S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 16:28 1533808]
    S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [21.06.2009 17:07 221184]
    S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.08.2009 17:05 92008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43DCA353-D225-223D-F6B0-A681C9E27ED7}]
    c:\windows\system32:srdts.exe
    .
    Inhalt des "geplante Tasks" Ordners

    2009-10-04 c:\windows\Tasks\1-Klick-Wartung.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-13 10:03]

    2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{73337E7B-0AE7-4829-BF21-3B2D04698EE5}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\imon.dll
    FF - ProfilePath - c:\users\master\AppData\Roaming\Mozilla\Firefox\Profiles\5t3ls78h.default\
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX Richtlinien ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - Entfernte verwaiste Registrierungseinträge - - - -

    ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-10-04 14:21
    Windows 6.0.6002 Service Pack 2 NTFS

    Scanne versteckte Prozesse...

    Scanne versteckte Autostarteinträge...

    Scanne versteckte Dateien...

    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0

    **************************************************************************
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Zeit der Fertigstellung: 2009-10-04 14:24
    ComboFix-quarantined-files.txt 2009-10-04 12:23

    Vor Suchlauf: 10 Verzeichnis(se), 14.304.120.832 Bytes frei
    Nach Suchlauf: 14 Verzeichnis(se), 14.208.409.600 Bytes frei

    340 --- E O F --- 2009-10-03 09:07
     
    + Multi-Zitat Zitieren
  6. 5. Oktober 2009
    AW: istealer 5.0 kann nicht entfernt werden

    Dein Log ist nun sauber, bist ihn durch Combofix losgeworden

    Folgendes kannste jetzt noch bei deinem aktuellen HJT Log fixen:
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    Sollten noch mal Probleme entstehen, einfach hier wieder rein posten.

    Gruß R0cka
     
    + Multi-Zitat Zitieren
  8. 8. Oktober 2009
    AW: istealer 5.0 kann nicht entfernt werden

    Und Dieses Combofix bringt echt was?
    Hab iwie noch nie davon gehört und die Beschreibung hört sich auch komisch an ^^

    Hört sich mehr an wie so ne brain.exe verarsche ^^
     
    + Multi-Zitat Zitieren
  9. 17. Oktober 2009
    AW: istealer 5.0 kann nicht entfernt werden

    Ist kein "Fake". Das wüsstest du auch wenn du googlen könntest.
    Das mit den Antiviren Programmen schließen erklärt sich dadurch, dass diese Combofix ggf. den Zugriff auf eine infizierte Datei verweigern können und es deswegen abschmiert.

    Hier ist das auch nochmal erklärt, wie es arbeitet.
    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
     
    + Multi-Zitat Zitieren
  10. Video Script

    Videos zum Themenbereich

    * gefundene Videos auf YouTube, anhand der Überschrift.

Auf dieses Thema antworten