Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Versteckte Viren, aber wo?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.06.2010, 15:54   #1
Burak92
 
Versteckte Viren, aber wo? - Icon27

Versteckte Viren, aber wo?



hallo Trojaner-Team,
ich habe seit längerem manche Probleme mit dem PC die auf Viren andeuten.

1. Jedesmal wenn ich mich in ICQ auf "Login" klicke, stürzt mein ICQ ab.
2. Beim Surfen öffnen sich Werbe-Fenster
3. In unregelmäßigen Abständen hängt mein PC für einige sekunden.

Ich habe lange versucht die Viren zu finden. Einige Trojaner, Würmer habe ich schon gelöscht. Ich habe mein komplette PC mit "Malewarebytes", "Superantispyware", "Panda online-scan" und mit mein Antir-Programm "AVG".
Auch in "abgesicherten Modus".

Hier Hijackthis-Logfile. Ich habe keine ahnung was bösartig sein könnte. ich kenn mich mit diesem Logfile garnicht aus.

Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:49:30, on 6/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Belgelerim\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe
Ich hoffe ihr könnt mir gegen mein Feind helfen !

LG Burak

Alt 23.06.2010, 16:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 23.06.2010, 18:12   #3
Burak92
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



Danke für die schnelle Antwort !

Als erstens poste ich mal die Malwarebytzes-Logfile.

Zitat:
6/18/2010 23:41:39
mbam-log-2010-06-18 (23-41-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 144636
Laufzeit: 23 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Documents and Settings\Administrator\Desktop\Yükleme\flaxp\FlashFXP v3.7.2 Build 1270\KeyGen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
Das ist 5 Tage alt, solltet ihr neues wollen, werde ich heute den Stand von heute hierhin posten. Mein neues Betriebssystem ist fast 1 Monat alt, und schon der Kampf gegen die Viren

Das OLT-Logfile folgt ....
__________________

Alt 23.06.2010, 18:19   #4
Burak92
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



OHL-Logfile part 1 !!

Zitat:
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.78 Gb Free Space | 84.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CONAXEDITION
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Belgelerim\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Belgelerim\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SearchAnonymizer) -- C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/19 14:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/19 10:37:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 20:03:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 10:10:13 | 000,000,000 | ---D | M]

[2010/05/02 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/22 19:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/05/24 18:09:17 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/06/16 15:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/22 23:27:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/19 10:52:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/16 16:01:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\icqplugin-1.xml
[2010/05/12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\icqplugin.xml
[2010/05/24 00:27:08 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\{072499D9-FD14-460A-8712-447BE28C6508}.xml
[2010/05/24 00:27:07 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\{2ADCAF4C-D1FA-416A-A3D0-82A7EA53418A}.xml
[2010/05/24 00:27:07 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0y8zzl9w.default\searchplugins\{651D4E95-8BAF-4A76-A383-CB9C9861A54F}.xml
[2010/06/22 09:55:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/24 00:27:07 | 000,000,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/05/24 00:27:07 | 000,000,729 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/05/24 00:27:07 | 000,000,716 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/05/24 00:27:07 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/05/24 00:27:07 | 000,000,703 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2001/11/22 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:1 (Geçerli Giriş Sayfam) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/04/30 16:53:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a689cdd9-77ee-11df-a824-0013d3b323b7}\Shell\AutoRun\command - "" = l61yyp.exe
O33 - MountPoints2\{a689cdd9-77ee-11df-a824-0013d3b323b7}\Shell\open\Command - "" = l61yyp.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 17:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\dwhelper
[2010/06/22 09:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2010/06/22 09:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\pdfforge
[2010/06/21 23:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/06/21 23:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2010/06/21 23:49:39 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010/06/21 23:49:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010/06/21 23:49:39 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010/06/21 23:49:37 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2010/06/21 23:49:37 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2010/06/21 23:49:37 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2010/06/21 23:49:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2010/06/21 23:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/06/21 22:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/06/21 21:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/21 21:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/06/21 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/21 21:39:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 21:39:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 21:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 15:24:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation ) -- C:\WINDOWS\IsUn0407.exe
[2010/06/21 15:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2010/06/19 11:07:56 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/06/19 10:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
[2010/06/19 10:37:50 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/19 10:37:49 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/19 10:37:41 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/19 10:37:40 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/19 10:37:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/19 10:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/19 02:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Belgelerim\Yeni Klasör
[2010/06/18 22:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/18 22:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/18 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/06/18 12:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/06/18 12:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/06/18 12:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/18 12:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/18 12:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/18 12:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2010/06/18 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/18 12:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/06/18 02:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\DreamBoxEdit
[2010/06/17 20:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Yükleme
[2010/06/17 16:00:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/16 15:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010/06/16 00:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/06/16 00:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\OpenCandy
[2010/06/16 00:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2010/06/16 00:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/06/15 22:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/15 22:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/14 22:56:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\Mp3
[2010/06/09 18:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Belgelerim\Dokumente
[2010/06/09 17:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/06/09 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/09 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/09 17:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Carambis
[2010/06/09 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/06/09 17:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/06/09 17:07:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SendTo
[2010/06/09 17:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\forms
[2010/06/09 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Messaging
[2010/06/09 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/09 16:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010/06/06 13:35:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/06/06 13:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/06/06 13:33:24 | 000,000,000 | ---D | C] -- C:\f09bdc3d600355b379
[2010/05/25 21:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2010/05/24 18:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\KodakGallery
[2010/05/24 18:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/23 18:09:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/23 17:54:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 17:54:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 17:53:58 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 17:27:34 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/23 17:27:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/23 17:23:55 | 061,357,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/23 01:03:24 | 003,236,224 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/21 22:43:41 | 000,049,152 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/06/21 22:43:09 | 000,000,866 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/21 22:43:01 | 000,008,178 | ---- | M] () -- C:\WINDOWS\extend.dat
[2010/06/21 15:21:43 | 000,002,736 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/06/19 12:24:47 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/19 12:24:45 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/19 10:37:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/19 10:37:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/19 10:37:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/18 12:23:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/18 12:22:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/18 11:49:41 | 000,000,157 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\.~lock.yeni serverler ay lar.doc#
[2010/06/18 07:35:43 | 000,120,872 | ---- | M] () -- C:\WINDOWS\System32\MSForms.TWD
[2010/06/16 01:11:03 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/06/16 00:15:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/06/14 15:33:03 | 000,000,140 | ---- | M] () -- C:\WINDOWS\SwLoader_OCTAGON_German-DE_Ver_1.012.INI
[2010/06/09 17:34:22 | 000,015,348 | ---- | M] () -- C:\WINDOWS\Administrator.acl
[2010/06/09 17:08:57 | 000,593,920 | -H-- | M] () -- C:\ffastun0.ffx
[2010/06/09 17:08:57 | 000,106,496 | -H-- | M] () -- C:\ffastun.ffl
[2010/06/09 17:08:57 | 000,053,248 | -H-- | M] () -- C:\ffastun.ffo
[2010/06/09 17:08:57 | 000,004,917 | -H-- | M] () -- C:\ffastun.ffa
[2010/06/09 17:07:28 | 000,005,691 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/09 17:07:20 | 000,000,022 | ---- | M] () -- C:\WINDOWS\exchng.ini
[2010/06/09 17:07:18 | 000,004,348 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/09 17:07:18 | 000,000,634 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 17:07:13 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\system.mdw
[2010/06/06 13:37:10 | 000,024,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/06 13:36:49 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/02 13:45:50 | 000,000,573 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/05/24 19:36:15 | 001,884,160 | R--- | M] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mbb
[2010/05/24 19:36:15 | 001,063,936 | R--- | M] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mb
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/22 23:16:02 | 502,845,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/21 23:49:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/06/21 22:43:01 | 000,008,178 | ---- | C] () -- C:\WINDOWS\extend.dat
[2010/06/21 15:21:43 | 000,002,736 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/06/19 19:19:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/19 10:37:40 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/19 10:37:31 | 061,357,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/18 12:23:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/18 12:22:18 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/18 11:49:41 | 000,000,157 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\.~lock.yeni serverler ay lar.doc#
[2010/06/18 07:35:43 | 000,120,872 | ---- | C] () -- C:\WINDOWS\System32\MSForms.TWD
[2010/06/16 00:15:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/06/16 00:14:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/06/14 15:33:03 | 000,000,140 | ---- | C] () -- C:\WINDOWS\SwLoader_OCTAGON_German-DE_Ver_1.012.INI
[2010/06/10 14:49:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\outlook.pst
[2010/06/09 17:34:22 | 000,015,348 | ---- | C] () -- C:\WINDOWS\Administrator.acl
[2010/06/09 17:08:57 | 000,593,920 | -H-- | C] () -- C:\ffastun0.ffx
[2010/06/09 17:08:57 | 000,053,248 | -H-- | C] () -- C:\ffastun.ffo
[2010/06/09 17:08:57 | 000,004,917 | -H-- | C] () -- C:\ffastun.ffa
[2010/06/09 17:07:41 | 000,106,496 | -H-- | C] () -- C:\ffastun.ffl
[2010/06/09 17:07:20 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2010/06/09 17:07:18 | 000,005,691 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/06/09 17:07:17 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 17:07:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\system.mdw
[2010/06/02 13:45:50 | 000,000,573 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/05/24 18:18:53 | 001,884,160 | R--- | C] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mbb
[2010/05/24 18:18:53 | 001,063,936 | R--- | C] () -- C:\Documents and Settings\All Users\Belgeler\ESBK.mb
[2010/05/07 10:17:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2010/04/30 19:38:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/04/30 16:54:16 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/30 16:48:44 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2008/05/05 11:48:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/03/25 13:05:24 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lang-1055.dll
[1996/12/14 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\VADE232.DLL
[1996/12/14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/12/14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
ist aber schon viel

Alt 23.06.2010, 18:21   #5
Burak92
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



OHL-Logfile part 2

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/23/2010 18:14:22 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Documents and Settings\Administrator\Belgelerim\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: M/d/yyyy
 
479.00 Mb Total Physical Memory | 170.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.78 Gb Free Space | 84.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CONAXEDITION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- File not found
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- File not found
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe" = C:\Program Files\Rockstar Games\Midnight Club II Demo\mc2_demo.exe:*:Enabled:mc2_demo -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Documents and Settings\Administrator\Desktop\Hauptmenü\Controllcenter\AZ.exe" = C:\Documents and Settings\Administrator\Desktop\Hauptmenü\Controllcenter\AZ.exe:*:Enabled:Dreambox Control Center -- (BernyR)
"C:\Documents and Settings\Administrator\Desktop\Controllcenter\AZ.exe" = C:\Documents and Settings\Administrator\Desktop\Controllcenter\AZ.exe:*:Enabled:Dreambox Control Center -- File not found
"C:\Documents and Settings\Administrator\Desktop\Yükleme\DreamUP_1_3_3_5.exe" = C:\Documents and Settings\Administrator\Desktop\Yükleme\DreamUP_1_3_3_5.exe:*:Enabled:DreamUP_1_3_3_5 -- File not found
"C:\Documents and Settings\Administrator\Desktop\DreamUP_1_3_3_5.exe" = C:\Documents and Settings\Administrator\Desktop\DreamUP_1_3_3_5.exe:*:Enabled:DreamUP_1_3_3_5 -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Documents and Settings\Administrator\Desktop\DreamUP_1.3.3.5\DreamUP_1_3_3_5.exe" = C:\Documents and Settings\Administrator\Desktop\DreamUP_1.3.3.5\DreamUP_1_3_3_5.exe:*:Disabled:DreamUP_1_3_3_5 -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Administrator\Desktop\DreamUP_1_3_3_4\DreamUP_1_3_3_4\DreamUP.exe" = C:\Documents and Settings\Administrator\Desktop\DreamUP_1_3_3_4\DreamUP_1_3_3_4\DreamUP.exe:*:Enabled:DreamUP -- File not found
"C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.750\DCC_E2.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.750\DCC_E2.exe:*:Enabled:Dreambox Control Center -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{02BC140F-504C-4DB5-B581-FD2920BBE363}" = Midnight Club II Demo
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ICQToolbar" = ICQ Toolbar
"IsoBuster_is1" = IsoBuster 2.7
"MakeISO right click extensions" = MakeISO right click extensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Office8.0" = Microsoft Office 97, Professional Edition
"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood
"RocketDock_is1" = RocketDock 1.3.5
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 5" = TeamViewer 5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/30/2010 09:54:14 | Computer Name = CONAXEDITION | Source = PerfNet | ID = 2004
Description = Sunucu hizmeti açılamıyor. Suınucu performans  verileri döndürülemeyecek.
 Döndürülen hata kodu,  DWORD 0 verisinde.
 
Error - 5/7/2010 03:10:02 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
Error - 5/7/2010 03:11:26 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
Error - 5/7/2010 03:12:21 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
Error - 5/7/2010 03:13:19 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
Error - 5/7/2010 03:15:11 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
Error - 5/7/2010 03:16:02 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
Error - 5/7/2010 03:16:49 | Computer Name = CONAXEDITION | Source = MsiInstaller | ID = 11305
Description = Product: OmniPage SE -- Error 1305.Error reading from file C:\Program
 Files\ScanSoft\OmniPageSE2.0\Guide BRA.pdf.  Verify that the file exists and that
 you can access it.
 
[ System Events ]
Error - 6/13/2010 12:38:39 | Computer Name = CONAXEDITION | Source = SideBySide | ID = 16842811
Description = Generate Activation Context tarafından başarılamayan C:\Program Files\RocketDock\RocketDock.dll.
Başvuru
 hata iletisi: İşlem başarıyla tamamlandı.  .
 
Error - 6/16/2010 03:22:54 | Computer Name = CONAXEDITION | Source = Ntfs | ID = 262199
Description = Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.  C: birimindeki
 chkdsk yardımcı programını çalıştırın.
 
Error - 6/18/2010 16:15:43 | Computer Name = CONAXEDITION | Source = sptd | ID = 262148
Description = Sürücü,  için kullandığı veri yapılarında bir iç hata belirledi.
 
Error - 6/18/2010 16:15:53 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM EventSystem hizmetini "" değişkenleriyle başlatmaya çalışırken
 "%1084" hatasını aldı  ve sunucuyu çalıştıramadı:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/18/2010 16:15:56 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM netman hizmetini "" değişkenleriyle başlatmaya çalışırken "%1084"
 hatasını aldı  ve sunucuyu çalıştıramadı:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 6/18/2010 16:41:57 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM EventSystem hizmetini "" değişkenleriyle başlatmaya çalışırken
 "%1084" hatasını aldı  ve sunucuyu çalıştıramadı:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/22/2010 15:28:32 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM EventSystem hizmetini "" değişkenleriyle başlatmaya çalışırken
 "%1084" hatasını aldı  ve sunucuyu çalıştıramadı:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 6/22/2010 15:28:36 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM netman hizmetini "" değişkenleriyle başlatmaya çalışırken "%1084"
 hatasını aldı  ve sunucuyu çalıştıramadı:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 6/22/2010 15:29:38 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM StiSvc hizmetini "" değişkenleriyle başlatmaya çalışırken "%1084"
 hatasını aldı  ve sunucuyu çalıştıramadı:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 6/22/2010 16:15:01 | Computer Name = CONAXEDITION | Source = DCOM | ID = 10005
Description = DCOM EventSystem hizmetini "" değişkenleriyle başlatmaya çalışırken
 "%1084" hatasını aldı  ve sunucuyu çalıştıramadı:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
         
--- --- ---


Also ich habe hier kein überblick, hoffe ihr findet was verdächtiges !
Danke !


Alt 23.06.2010, 19:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



Zitat:
C:\Documents and Settings\Administrator\Desktop\Yükleme\flaxp\FlashFXP v3.7.2 Build 1270\KeyGen.exe
Sry aber Du musst formatieren.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
--> Versteckte Viren, aber wo?

Alt 23.06.2010, 20:04   #7
Burak92
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



Dieses Programm wurde schon langem gelöscht. Da mein Betriebssystem neu ist, habe ich bislang keine Passwörter gespeichert. Seiten wie ebay, facebook habe ich besucht, nur muss ich jedesmal mein PW-selber eingeben.

Ist es wirklich riskant ? Wegen diesem einen Programm?
Boah hät ich nicht gedacht. Aber trotzdem danke in einem Tag viel geholfen.

Alt 23.06.2010, 23:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



Zitat:
Ist es wirklich riskant ? Wegen diesem einen Programm?
Du hast mein Posting nicht gelesen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.06.2010, 11:46   #9
Burak92
 
Versteckte Viren, aber wo? - Standard

Versteckte Viren, aber wo?



Habe mein System jetzt neu aufgesetzt und alle Programm die ich benötige runtergeladen.
Hier ist der Logfile:

Zitat:
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Programme\AVG\AVG9\avgchsvx.exe
C:\Programme\AVG\AVG9\avgrsx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\AVG\AVG9\avgwdsvc.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINXP\system32\svchost.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\AVG\AVG9\avgemc.exe
C:\Programme\AVG\AVG9\avgnsx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ICQ7.2\ICQ.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Dokumente und Einstellungen\Cinar\Eigene Dateien\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
Sollte was verdächtiges sein, bitte hier posten.

Antwort

Themen zu Versteckte Viren, aber wo?
administrator, adobe, avg, avg free, avg security toolbar, bho, brauche hilfe, explorer, firefox, hijack, hkus\s-1-5-18, hängt, icq, internet, internet explorer, micro, microsoft, mozilla, pdfforge toolbar, rundll, rundll32, security, software, sp3, spigot, superantispyware, surfen, system, versteckte viren, viren, viren or trojanerverdacht, windows, windows xp



Ähnliche Themen: Versteckte Viren, aber wo?


  1. Versteckte Datei und verlorene Viren
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (14)
  2. Versteckte Viren/Trojaner?
    Log-Analyse und Auswertung - 20.01.2013 (11)
  3. Problem mit avira zeigt versteckte befallen objekte an aber kann sie nicht finden!
    Log-Analyse und Auswertung - 22.04.2012 (5)
  4. Merkwürdiges Verhalten aber keine Viren
    Log-Analyse und Auswertung - 28.07.2011 (29)
  5. Antivir 10 40 versteckte Objekte aber kein Virus gefunden...
    Antiviren-, Firewall- und andere Schutzprogramme - 12.04.2010 (1)
  6. Viren bekämpfen....aber wie?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2010 (1)
  7. System Security behoben, aber immernoch Viren x/
    Plagegeister aller Art und deren Bekämpfung - 13.07.2009 (3)
  8. Viren problem aber wodurch?
    Plagegeister aller Art und deren Bekämpfung - 14.10.2008 (12)
  9. 2 löschbare versteckte Dateien gefunden, aber Löschen nicht empfohlen!
    Plagegeister aller Art und deren Bekämpfung - 22.07.2008 (2)
  10. Löschbare versteckte Dateien löschbar, aber nicht empfehlenswert?!
    Mülltonne - 22.07.2008 (0)
  11. 9 viren gefunden...aber man kann sie nicht löschen ?!?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2008 (7)
  12. Versteckte Viren noch möglich?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.03.2008 (6)
  13. Avira findet 466 versteckte Dateien, Viren???
    Plagegeister aller Art und deren Bekämpfung - 08.03.2008 (4)
  14. 4 Viren in Dateien, aber System sauber?
    Log-Analyse und Auswertung - 29.01.2008 (16)
  15. Gefundene Viren: 6 - aber keine da ...
    Log-Analyse und Auswertung - 18.01.2008 (4)
  16. Habe Viren, kann sie aber nicht loswerden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2007 (20)
  17. War eine ganze Weile fei von Viren aber jetzt habe ich Viren Bursters !!!
    Log-Analyse und Auswertung - 17.12.2006 (1)

Zum Thema Versteckte Viren, aber wo? - hallo Trojaner-Team, ich habe seit längerem manche Probleme mit dem PC die auf Viren andeuten. 1. Jedesmal wenn ich mich in ICQ auf "Login" klicke, stürzt mein ICQ ab. 2. - Versteckte Viren, aber wo?...
Archiv
Du betrachtest: Versteckte Viren, aber wo? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.