Kea Skrevet 27. mars 2010 Del Skrevet 27. mars 2010 Nå har jeg altså fått keylogger på maskina. Jeg så gjennom Kaspersky-rapporten og så at et eller annet program hadde fått tilgang til passord og intern browserinformasjon (elns, har det på tysk). Jeg kjørte MBAM med en gang og skannet systemet, men jeg fikk opp meldingen "ingen mistenkelige filer funnet". Nå vet jeg ikke om keyloggere hører til malware da, men ihvertfall hadde det vært fint om noen kunne komme med forslag til hvordan jeg kan finne ut hvilket program som er årsaken slik at jeg kunne fjerne det... Og én ting til; for noen dager siden kom jeg til å åpne ei mappe som inneholdt en trojaner. Kaspersky sa fra, og prøvde først å desinfisere fila, for så å slette den. Problemet er at det ikke var mulig, fordi rett etter at jeg åpna mappa forsvant den. Men den ble ikke slettet. Så jeg var bare pent nødt til å ignorere trusselen, siden det ikke gikk an å gjøre noe med den. Kan slike filer flytte seg selv for å hindre at de blir funnet og slettet? Ihvertfall kjørte jeg MBAM da også, men der ble heller ingen infiserte filer funnet. Så jeg er 100% sikker på at jeg har en trojaner og en Keylogger på PCen, men ingen anelse hva jeg skal gjøre... 1 Lenke til kommentar
PerB Skrevet 27. mars 2010 Del Skrevet 27. mars 2010 ... men ingen anelse hva jeg skal gjøre... Øverst i dette forumet vil du finne en veledning: https://www.diskusjon.no/index.php?showtopic=691246 Følg den og post raportene du får. Lenke til kommentar
Ole3 Skrevet 27. mars 2010 Del Skrevet 27. mars 2010 Utfordringen din er antakelig at malwaren har tatt kontroll over sentrale funksjoner i operativsystemet ditt. Hvis du har mulighet til å gjøre et komplett skan med operativsystemet i "Safe mode" så vil du i mange tilfeller kunne fjerne malwaren. Hvis du kan gjøre et skan av disken fra en annen maskin vil dette nesten alltid virke. Reformattering og nyinstallering av "ren" programvare virker alltid Ole Lenke til kommentar
Kea Skrevet 27. mars 2010 Forfatter Del Skrevet 27. mars 2010 (endret) ... men ingen anelse hva jeg skal gjøre... Øverst i dette forumet vil du finne en veledning: https://www.diskusjon.no/index.php?showtopic=691246 Følg den og post raportene du får. Jeg prøvde det nå nettopp, og da jeg skulle til å kjøre ComboFix reagerte Kaspersky virkelig kraftig på det. Først fikk jeg opp melding om at ComboFix var et meget risikabelt program. Jeg valgte å tillate programmet, men hindre "farlige" operasjoner (ingen anelse om hva det kan være, menmen). Og da klikket plutselig hele Kaspersky vilt og begynte å spamme meldinger om at ComboFix prøvde å få tilgang til systemfilene eller noe i den duren... Dette er uansett MBAM-loggen. Jeg turte rett og slett ikke å fortsette med ComboFix, PCen er utsatt nok som den er. ------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3890 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 27.03.2010 11:26:28 mbam-log-2010-03-27 (11-26-28).txt Skanntype: Full Skann (C:\|) Objekter skannet: 224349 Tid tilbakelagt: 1 hour(s), 52 minute(s), 12 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ------------------------------------------------------------------------- Endret 27. mars 2010 av Therawyn 1 Lenke til kommentar
snippsat Skrevet 27. mars 2010 Del Skrevet 27. mars 2010 Dette er uansett MBAM-loggen. Jeg turte rett og slett ikke å fortsette med ComboFix, PCen er utsatt nok som den er. Combofix er ikke farlig,bare så det er sakt. Det er blitt postet veldig mange logger over flere år uten at noen har fått problemer. Du kan lage en annen logg,denne er rask og leser kun info ut. Last ned RSIT (Random's System Information Tool) til skrivebordet Start programmet ved å dobbeltklikke på RSIT.exe Klikk Continue Etter få strakser vil det lages en logg (log.txt). Den poster du. Lenke til kommentar
Kea Skrevet 27. mars 2010 Forfatter Del Skrevet 27. mars 2010 (endret) Hvis det ikke er farlig, hvorfor reagerte Kaspersky slik da? Jeg er generelt skeptisk til diverse gratisprogrammer, siden de som oftest inneholder malware/spyware. Hvordan starter man forresten operativsystemet i "Safe Mode"? Endret 27. mars 2010 av Therawyn 1 Lenke til kommentar
raWrz Skrevet 27. mars 2010 Del Skrevet 27. mars 2010 Combofix blir brukt overalt for og fjerne malware.. Fordi den reagerer er det vi kaller False Positive. Men vil du ikke bruke den så gjør du det SNIPPSAT skrev over. Safe Modus kommer du inn i ved og trykke F8 under oppstart slik at du får valge mellom forskjellige sikkerhets modus Lenke til kommentar
Kea Skrevet 27. mars 2010 Forfatter Del Skrevet 27. mars 2010 (endret) Ok, her er loggen. Og takker for hjelpen så langt, skal se om jeg kan få fjernet malwaren i safe mode senere. Håper bare ikke jeg må formatere dataen for å få fjernet det. : Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2010-03-27 14:58:07 Microsoft Windows XP Professional Service Pack 2 System drive C: has 81 GB (34%) free of 238 GB Total RAM: 2047 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:58:19, on 27.03.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe C:\Programme\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Startmenü\Programme\Autostart\desktopComic.exe C:\Programme\AskBarDis\bar\bin\AskService.exe C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Desktop\Downloads from FF\RSIT.exe C:\Programme\trend micro\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goolge.de/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CurseClientStartup.ccip O4 - Startup: desktopComic.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Kaspersky Security Suite CBE 09 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7325 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-261903793-839522115-500Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-261903793-839522115-500UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll [2009-04-30 64016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-02-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-12 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-12 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe [2010-02-03 208616] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2002-12-31 15360] "Google Update"=C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2010-02-28 135664] C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Startmenü\Programme\Autostart CurseClientStartup.ccip desktopComic.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-04-30 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "E:\Programme\World of Warcraft\Launcher.exe"="E:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "E:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="E:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"="C:\Programme\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0" "C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Programme\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\start.exe /checksection [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f708bfd1-c961-11de-98ab-806d6172696f}] shell\AutoRun\command - D:\Autorun.exe ======List of files/folders created in the last 1 months====== 2010-03-27 14:58:08 ----D---- C:\Programme\trend micro 2010-03-27 14:58:07 ----D---- C:\rsit 2010-03-27 11:29:34 ----D---- C:\Qoobox 2010-03-23 07:52:33 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\UseNeXT 2010-03-23 07:52:27 ----D---- C:\Programme\UseNeXT 2010-03-21 18:46:06 ----A---- C:\WINDOWS\sbwin.ini 2010-03-21 11:10:22 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\Malwarebytes 2010-03-21 11:10:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-03-21 11:10:06 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-03-21 09:00:39 ----D---- C:\Programme\uTorrent 2010-03-21 08:58:32 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\uTorrent 2010-03-19 18:26:36 ----D---- C:\419659acde3b6c79a139 2010-03-17 13:40:56 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\WeGame 2010-03-15 05:49:53 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-03-14 10:08:44 ----D---- C:\WoW PTR 2010-03-11 18:42:45 ----D---- C:\WINDOWS\ie7updates 2010-03-11 18:40:58 ----D---- C:\WINDOWS\WBEM 2010-03-11 18:40:47 ----D---- C:\WINDOWS\system32\de-de 2010-03-11 18:38:12 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2010-03-11 18:36:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2010-03-11 18:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2010-03-11 18:35:07 ----N---- C:\WINDOWS\system32\xmllite.dll 2010-03-11 18:32:41 ----D---- C:\WINDOWS\network diagnostic 2010-03-11 18:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$ 2010-03-11 18:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-09 01:44:18 ----A---- C:\SimCitySocieties.exe 2010-03-08 09:30:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SimCity Societies 2010-03-08 09:29:43 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2010-03-08 06:36:54 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2010-03-08 06:36:50 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2010-03-08 06:36:48 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2010-03-08 06:36:48 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2010-03-08 06:36:45 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2010-03-08 06:36:44 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2010-03-08 06:36:44 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2010-03-08 06:36:44 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2010-03-08 06:36:43 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2010-03-08 06:36:43 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2010-03-08 06:36:43 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2010-03-08 06:36:43 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2010-03-08 06:36:43 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2010-03-08 06:36:42 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2010-03-08 06:36:42 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2010-03-08 06:36:42 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2010-03-08 06:36:35 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2010-03-08 06:36:35 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2010-03-08 06:36:35 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2010-03-08 06:36:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2010-03-08 06:36:34 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2010-03-08 06:36:34 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2010-03-08 06:36:33 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2010-03-08 06:36:31 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2010-03-08 00:43:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Playrix Entertainment 2010-03-08 00:26:09 ----D---- C:\Programme\4 Elements 2010-03-08 00:25:59 ----A---- C:\setup.exe 2010-03-07 22:48:14 ----D---- C:\Neuer Ordner 2010-03-07 22:28:50 ----D---- C:\Programme\Playboy - The Mansion 2010-03-07 22:03:21 ----A---- C:\WINDOWS\mgxoschk.ini 2010-03-07 22:03:20 ----A---- C:\WINDOWS\system32\mgxoschk.dll 2010-03-07 07:16:06 ----SHD---- C:\WINDOWS\CSC 2010-03-06 21:00:32 ----D---- C:\WINDOWS\system32\URTTEMP 2010-03-06 20:58:17 ----D---- C:\WINDOWS\Downloaded Installations 2010-03-06 19:35:42 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\Micrografx 2010-03-06 19:34:36 ----D---- C:\Programme\Micrografx 2010-03-05 12:42:17 ----HD---- C:\WINDOWS\PIF 2010-03-04 17:33:56 ----A---- C:\WINDOWS\system32\rmctrl.exe 2010-03-04 17:33:56 ----A---- C:\WINDOWS\system32\ctrldll.dll 2010-03-04 09:50:25 ----D---- C:\Power Dvd 4.0 Deluxe 2010-03-04 09:31:56 ----D---- C:\Incoming 2010-03-04 09:25:07 ----D---- C:\2002 2010-03-04 09:24:12 ----D---- C:\DJ Stone Cold - Happy 2010-03-04 09:22:42 ----D---- C:\DJ Stone Cold - 2003 ======List of files/folders modified in the last 1 months====== 2010-03-27 14:58:08 ----RD---- C:\Programme 2010-03-27 14:58:08 ----D---- C:\WINDOWS\Temp 2010-03-27 11:29:38 ----D---- C:\WINDOWS\Prefetch 2010-03-27 06:57:05 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-27 06:42:37 ----D---- C:\WINDOWS\system32 2010-03-27 06:42:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2010-03-27 06:42:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-27 05:40:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-27 04:58:39 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\vlc 2010-03-27 04:56:29 ----D---- C:\WINDOWS 2010-03-26 20:46:59 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\Azureus 2010-03-26 13:06:49 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\dvdcss 2010-03-26 00:00:06 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-24 16:23:59 ----HD---- C:\WINDOWS\inf 2010-03-24 08:16:19 ----D---- C:\World of Warcraft 2010-03-23 16:27:12 ----D---- C:\Programme\Mozilla Firefox 2010-03-23 10:13:04 ----SD---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\Microsoft 2010-03-22 20:21:41 ----D---- C:\Dokumente und Einstellungen\Administrator.TOWENIK-9702428\Anwendungsdaten\Creative 2010-03-22 16:57:12 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-21 11:10:09 ----D---- C:\WINDOWS\system32\drivers 2010-03-21 08:56:52 ----D---- C:\WINDOWS\system32\CatRoot_bak 2010-03-21 08:37:54 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-21 07:22:56 ----SHD---- C:\WINDOWS\Installer 2010-03-21 07:22:53 ----D---- C:\WINDOWS\WinSxS 2010-03-20 07:44:07 ----D---- C:\WINDOWS\Microsoft.NET 2010-03-19 18:27:57 ----D---- C:\WINDOWS\system32\XPSViewer 2010-03-19 18:27:56 ----RSD---- C:\WINDOWS\Fonts 2010-03-19 18:25:07 ----RSD---- C:\WINDOWS\assembly 2010-03-19 18:18:35 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-03-19 17:27:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-03-19 17:27:02 ----D---- C:\Programme\Microsoft Visual Studio 9.0 2010-03-19 17:27:02 ----D---- C:\Programme\Gemeinsame Dateien 2010-03-19 17:26:59 ----D---- C:\WINDOWS\system32\1033 2010-03-19 17:20:22 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2010-03-15 12:36:55 ----D---- C:\WINDOWS\Help 2010-03-15 12:36:55 ----D---- C:\Programme\Internet Explorer 2010-03-15 06:28:59 ----D---- C:\WINDOWS\Media 2010-03-12 22:35:04 ----A---- C:\WINDOWS\imsins.BAK 2010-03-12 22:34:57 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-12 19:19:39 ----D---- C:\MP3 2010-03-11 18:41:21 ----D---- C:\WINDOWS\system32\config 2010-03-11 18:22:55 ----D---- C:\Programme\Movie Maker 2010-03-11 18:20:58 ----D---- C:\WINDOWS\Debug 2010-03-09 12:10:22 ----D---- C:\Programme\TeamSpeak 3 Client 2010-03-09 01:49:06 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2010-03-09 01:48:35 ----D---- C:\Programme\DVDVideoSoft 2010-03-09 01:46:16 ----D---- C:\Programme\Warcraft III 2010-03-08 06:36:54 ----D---- C:\WINDOWS\system32\DirectX 2010-03-08 00:22:44 ----D---- C:\WINDOWS\Minidump 2010-03-07 23:49:03 ----D---- C:\Program Files 2010-03-06 21:01:13 ----D---- C:\WINDOWS\Registration 2010-03-06 19:34:47 ----D---- C:\WINDOWS\system 2010-03-06 19:33:22 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2010-03-04 17:33:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink 2010-03-04 17:33:52 ----D---- C:\Programme\CyberLink 2010-03-04 17:33:49 ----HD---- C:\Programme\InstallShield Installation Information 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe 2010-02-28 09:49:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2010-02-28 01:37:53 ----SD---- C:\WINDOWS\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-11-15 227344] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/08 22:33:04]; \??\C:\Programme\CyberLink\PowerDVD9\000.fcl [] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 ksaud;Creative USB Audio Driver; C:\WINDOWS\system32\drivers\ksaud.sys [2008-12-11 768768] R3 ksaudfl;ksaudfl; C:\WINDOWS\system32\drivers\ksaudfl.sys [2008-10-24 1830912] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240] R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560] R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2002-12-31 31616] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2002-12-31 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2002-12-31 57600] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2002-12-31 17024] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ASKService;ASKService; C:\Programme\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] R2 ASKUpgrade;ASKUpgrade; C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] R2 AVP;Kaspersky Security Suite CBE 09; C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe [2010-02-03 208616] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 CTAudSvcService;Creative Audio Service; C:\Programme\Creative\Shared Files\CTAudSvc.exe [2008-12-29 307200] R2 ForcewareWebInterface;Forceware Web Interface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2002-12-31 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-02-12 153376] R2 LVPrcSrv;Process Monitor; c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 nSvcIp;ForceWare IP service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131] R2 nSvcLog;ForceWare user log service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2002-12-31 14336] S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-05 79360] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-06 182768] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2002-12-31 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Endret 27. mars 2010 av Therawyn 1 Lenke til kommentar
snippsat Skrevet 27. mars 2010 Del Skrevet 27. mars 2010 (endret) Loggen din er er ren. Du har igen keylogger som kjører. Jeg så gjennom Kaspersky-rapporten og så at et eller annet program hadde fått tilgang til passord og intern browserinformasjon (elns, har det på tysk). Når det er i loggen har Kaspersky-rapporten funnet det og da blir det problemet tatt seg av Kaspersky. Når man leser sånne rapporter kan det alltid være at noe finnes,dette betyr ikke alltid at det er noe problem. Men den ble ikke slettet. Så jeg var bare pent nødt til å ignorere trusselen, siden det ikke gikk an å gjøre noe med den. Kan slike filer flytte seg selv for å hindre at de blir funnet og slettet? Finner Kaspersky noe flytter den det til karantene mappen. Da er problemet ikke noe fare lengere Endret 27. mars 2010 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå