|
Mozilla läuft im Hintergrund weiter Hi hab ein Problem mit mozilla. Wenn ich Mizilla beende und wieder starten möchte kommt einen fehlermeldung dass Mozilla noch nicht beendet wurde. in Task Manager läuft unter Prozesse firefox weiter. Ich muss dann immer den Prozess erst beenden. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:46, on 13.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6.5\ICQ.exe C:\dokumente und einstellungen\+++\lokale einstellungen\anwendungsdaten\mqkyw.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [mqkyw] "c:\dokumente und einstellungen\+++\lokale einstellungen\anwendungsdaten\mqkyw.exe" mqkyw O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: qxkbhp.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5761 bytes Würd mich freun wenn jemand was dazu sagt Gruß Christian |
Hallo und :hallo: 1.) Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen: Code: c:\dokumente und einstellungen\+++\lokale einstellungen\anwendungsdaten\mqkyw.exe2.) Lade beide Dateien gemäß dieser Anleitung (nur Punkt 2 der Anleitung) hoch. 3.) ZHPDiag von Nicolas Coolman http://pic.leech.it/i/5e532/9b50601zhpdiag.jpg
4.) Bitte lade Dir Navilog1 von IL-MAFIOSO herunter.
Hinweis: Navilog1.exe wir von einigen Antivirenprogrammen als bösartig erkannt. Dies ist ein Fehlalarm. Die Nachricht bitte ignorieren. ciao, andreas |
So soweit hat alles funtioniert. Datei mqkyw.exe empfangen 2009.04.13 18:39:21 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 1/40 (2.5%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.13 - AhnLab-V3 5.0.0.2 2009.04.13 - AntiVir 7.9.0.138 2009.04.13 - Antiy-AVL 2.0.3.1 2009.04.13 - Authentium 5.1.2.4 2009.04.13 - Avast 4.8.1335.0 2009.04.13 - AVG 8.5.0.285 2009.04.13 - BitDefender 7.2 2009.04.13 - CAT-QuickHeal 10.00 2009.04.13 - ClamAV 0.94.1 2009.04.13 - Comodo 1112 2009.04.13 - DrWeb 4.44.0.09170 2009.04.13 - eSafe 7.0.17.0 2009.04.13 - eTrust-Vet 31.6.6453 2009.04.13 - F-Prot 4.4.4.56 2009.04.13 - F-Secure 8.0.14470.0 2009.04.13 - Fortinet 3.117.0.0 2009.04.13 - GData 19 2009.04.13 - Ikarus T3.1.1.49.0 2009.04.13 - K7AntiVirus 7.10.700 2009.04.11 - Kaspersky 7.0.0.125 2009.04.13 - McAfee 5583 2009.04.13 - McAfee+Artemis 5583 2009.04.13 - McAfee-GW-Edition 6.7.6 2009.04.13 - Microsoft 1.4502 2009.04.13 - NOD32 4004 2009.04.13 - Norman 6.00.06 2009.04.13 - nProtect 2009.1.8.0 2009.04.13 - Panda 10.0.0.14 2009.04.13 - PCTools 4.4.2.0 2009.04.08 - Prevx1 V2 2009.04.13 Medium Risk Malware Rising 21.25.04.00 2009.04.13 - Sophos 4.40.0 2009.04.13 - Sunbelt 3.2.1858.2 2009.04.12 - Symantec 1.4.4.12 2009.04.13 - TheHacker 6.3.4.0.306 2009.04.12 - TrendMicro 8.700.0.1004 2009.04.13 - VBA32 3.12.10.2 2009.04.12 - ViRobot 2009.4.13.1690 2009.04.13 - VirusBuster 4.6.5.0 2009.04.12 - weitere Informationen File size: 303104 bytes MD5...: 4c97b140bba9572226d0249ecd61b74e Datei qagent.dll empfangen 2009.04.13 18:36:53 (CET) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/38 (0%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.04.13 - AhnLab-V3 5.0.0.2 2009.04.13 - AntiVir 7.9.0.138 2009.04.13 - Antiy-AVL 2.0.3.1 2009.04.13 - Authentium 5.1.2.4 2009.04.13 - Avast 4.8.1335.0 2009.04.13 - AVG 8.5.0.285 2009.04.13 - BitDefender 7.2 2009.04.13 - CAT-QuickHeal 10.00 2009.04.13 - ClamAV 0.94.1 2009.04.13 - Comodo 1112 2009.04.13 - DrWeb 4.44.0.09170 2009.04.13 - eSafe 7.0.17.0 2009.04.13 - eTrust-Vet 31.6.6453 2009.04.13 - F-Prot 4.4.4.56 2009.04.13 - Fortinet 3.117.0.0 2009.04.13 - GData 19 2009.04.13 - Ikarus T3.1.1.49.0 2009.04.13 - K7AntiVirus 7.10.700 2009.04.11 - Kaspersky 7.0.0.125 2009.04.13 - McAfee 5583 2009.04.13 - McAfee+Artemis 5583 2009.04.13 - McAfee-GW-Edition 6.7.6 2009.04.13 - Microsoft 1.4502 2009.04.13 - NOD32 4004 2009.04.13 - Norman 6.00.06 2009.04.13 - nProtect 2009.1.8.0 2009.04.13 - Panda 10.0.0.14 2009.04.13 - PCTools 4.4.2.0 2009.04.08 - Prevx1 V2 2009.04.13 - Rising 21.25.04.00 2009.04.13 - Sophos 4.40.0 2009.04.13 - Sunbelt 3.2.1858.2 2009.04.12 - Symantec 1.4.4.12 2009.04.13 - TheHacker 6.3.4.0.306 2009.04.12 - TrendMicro 8.700.0.1004 2009.04.13 - ViRobot 2009.4.13.1690 2009.04.13 - VirusBuster 4.6.5.0 2009.04.12 - weitere Informationen File size: 151040 bytes Search Navipromo version 3.7.6 began on 13.04.2009 at 18:43:09,51 !!! Warning, this report may include legitimate files/programs !!! !!! Post this report on the forum you are being helped !!! !!! Don't continue with removal unless instructed by an authorized helper !!! Fix running from C:\Programme\navilog1 Updated on 14.03.2009 at 18h00 by IL-MAFIOSO Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz ) BIOS : BIOS Date: 10/24/07 21:06:54 Ver: 5.13 USER : +++ ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.26 (Activated) C:\ (Local Disk) - NTFS - Total:58 Go (Free:30 Go) D:\ (Local Disk) - NTFS - Total:407 Go (Free:264 Go) E:\ (CD or DVD) F:\ (CD or DVD) H:\ (USB) I:\ (USB) J:\ (USB) K:\ (USB) Search done in normal mode *** Search folders in "C:\WINDOWS" *** *** Search folders in "C:\Programme" *** ...\Live-Player found ! *** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" *** *** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1" *** *** Search folders in "c:\dokume~1\alluse~1\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\+++\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\+++\startm~1\progra~1" *** *** Search with Catchme-rootkit/stealth malware detector by gmer *** for more info : h+++p://www.gmer.net *** Search with GenericNaviSearch *** !!! Possibility of legitimate files in the result !!! !!! Must always be checked before manually deleting !!! * Scan in "C:\WINDOWS\system32" * * Scan in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" * *** Search files *** *** Search specific Registry keys *** !! Following keys are not certainly all infected !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mqkyw"="\"c:\\dokumente und einstellungen\\+++\\lokale einstellungen\\anwendungsdaten\\mqkyw.exe\" mqkyw" *** Complementary Search *** (Search specific files) 1)Search new Instant Access files : 2)Heuristic Search : * In "C:\WINDOWS\system32" : * In "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" : mqkyw.exe found ! mqkyw.dat found ! mqkyw_nav.dat found ! mqkyw_navps.dat found ! 3)Certificates Search : Egroup certificate not found ! Electronic-Group certificate not found ! Montorgueil certificate not found ! OOO-Favorit certificate not found ! Sunny-Day-Design-Ltd certificate not found ! 4)Search others known folders and files : *** Search completed on 13.04.2009 at 18:45:01,64 *** |
Navilog gleich nocheinmal starten, diesmal mit Option 2. ciao, andreas |
Hi hab den 3. Punkt noch nicht gemacht soll ich dass noch machen ??? gruß Christian |
Ja. Erst 3 dann navilog mit option 2. ciao, andreas |
[CODE]Rapport de ZHPDiag v1.17 par Nicolas Coolman Enregistré le 13.04.2009 19:00:15 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v7.0.5730.13 MFIE: Mozilla Firefox (3.0.8) ---\\ Running Processes RTHDCPL.EXE ALCMTR.EXE C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe Logi_MwX.Exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe nwiz.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\services.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\spoolsv.exe ---\\ Internet Explorer Start Page (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank ---\\ Internet Explorer Search Page (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Browser Helper Objects (O2) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Auto loading programs from Registry (O4) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1" ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe,1040 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe,1040 ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com" ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll O20 - AppInit_DLLs:qxkbhp.dll ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Programme\Java\jre6\bin\jqs.exe -service -config C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe ---\\ ActiveSetup Installed Components (040) O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Browseranpassungen - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: Vektorgrafik-Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file) O40 - ASIC: LightScribe Control Panel - {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Adobe Shockwave Director 11.0 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file) O40 - ASIC: Adobe Shockwave Director 11.0 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file) O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll O40 - ASIC: Dynamic HTML-Datenbindung für Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file) O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file) O40 - ASIC: Erweitertes Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file) O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: Adressbuch 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install O40 - ASIC: Windows Desktop-Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file) O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file) O40 - ASIC: Taskplaner - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file) O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) ---\\ Drivers launched at startup (O41) O41 - Driver: Microsoft Kernel-Echounterdrückung (aec) - C:\WINDOWS\system32\drivers\aec.sys O41 - Driver: 1394-ARP-Clientprotokoll (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys O41 - Driver: Asynchroner RAS -Medientreiber (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys O41 - Driver: Protokoll für ATM ARP-Client (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys O41 - Driver: Audiostubtreiber (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys O41 - Driver: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys O41 - Driver: AVG Anti-Spyware Clean Driver (AvgAsCln) - C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys O41 - Driver: avgio (avgio) - C:\Programme\Avira\AntiVir Desktop\avgio.sys O41 - Driver: avgntflt (avgntflt) - C:\WINDOWS\system32\DRIVERS\avgntflt.sys O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys O41 - Driver: Treiber für die Verwaltung logischer Datenträger (dmio) - C:\WINDOWS\System32\drivers\dmio.sys O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys O41 - Driver: Microsoft Kernel-DLS-Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys O41 - Driver: Intel(R) PRO/1000 PCI Express Network Connection Driver (e1express) - C:\WINDOWS\system32\DRIVERS\e1e5132.sys O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys O41 - Driver: Standardpaketklassifizierung (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys O41 - Driver: Hamachi Network Interface (hamachi) - C:\WINDOWS\system32\DRIVERS\hamachi.sys O41 - Driver: Microsoft UAA-Bustreiber für High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys O41 - Driver: Microsoft HID Class-Treiber (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys O41 - Driver: i8042-Tastatur- und PS/2-Mausanschluss-Treiber (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys O41 - Driver: Intel-Prozessortreiber (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys O41 - Driver: IPv6-Windows-Firewalltreiber (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys O41 - Driver: Filtertreiber für IP-Verkehr (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys O41 - Driver: IP/IP-Tunneltreiber (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys O41 - Driver: IPSEC-Treiber (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: IR-Enumeratordienst (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys O41 - Driver: Tastatur-HID-Treiber (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys O41 - Driver: Microsoft Kernel-Waveaudiomixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys O41 - Driver: Logitech PS/2 Mouse Filter Driver (L8042PR2) - C:\WINDOWS\System32\Drivers\l8042pr2.sys O41 - Driver: Logitech HID/USB Mouse Filter Driver (LHidFlt2) - C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys O41 - Driver: Logitech USB Receiver device driver (LHidUsb) - C:\WINDOWS\System32\Drivers\LHidUsb.Sys O41 - Driver: Logitech Mouse Class Filter Driver (LMouFlt2) - C:\WINDOWS\System32\Drivers\LMouFlt2.sys O41 - Driver: Maus-HID-Treiber (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys O41 - Driver: Redirector für WebDav-Client (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys O41 - Driver: Microsoft-Systemverwaltungs-BIOS-Treiber (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys O41 - Driver: RAS-NDIS-TAPI-Treiber (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys O41 - Driver: NDIS-Benutzermodus-E/A-Protokoll (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys O41 - Driver: RAS-NDIS-WAN-Treiber (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys O41 - Driver: NetBIOS-Schnittstelle (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: NetBios über TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: 1394-Netzwerktreiber (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys O41 - Driver: Netzwerkmonitortreiber (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys O41 - Driver: Filtertreiber für IPX-Verkehr (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys O41 - Driver: Treiber für IPX-Verkehrsweiterleitung (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys O41 - Driver: NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll (NwlnkIpx) - C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys O41 - Driver: NWLink-NetBIOS (NwlnkNb) - C:\WINDOWS\system32\DRIVERS\nwlnknb.sys O41 - Driver: NWLink SPX/SPXII-Protokoll (NwlnkSpx) - C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys O41 - Driver: OHCI-konformer IEEE 1394-Hostcontroller (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys O41 - Driver: WAN-Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys O41 - Driver: QoS-Paketplaner (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys O41 - Driver: Treiber für direkte Parallelverbindung (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys O41 - Driver: Treiber für automatische RAS-Verbindung (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: WAN-Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys O41 - Driver: Remotezugriff-PPPOE-Treiber (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys O41 - Driver: Parallelanschluss (direkt) (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: Treiber für Terminalserver-Geräteumleitung (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys O41 - Driver: Filtertreiber für digitale CD-Audiowiedergabe (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys O41 - Driver: Sentinel (Sentinel) - C:\WINDOWS\System32\Drivers\SENTINEL.SYS O41 - Driver: Microsoft Kernel-Audiosplitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys O41 - Driver: Filtertreiber für Systemwiederherstellung (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: Software-Bus-Treiber (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys O41 - Driver: Microsoft Kernel GS Wavetablesynthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys O41 - Driver: Microsoft Kernel-Systemaudiogerät (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys O41 - Driver: TCP/IP-Protokolltreiber (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: Microcode Updatetreiber (Update) - C:\WINDOWS\system32\DRIVERS\update.sys O41 - Driver: Microsoft Standard-USB-Haupttreiber (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys O41 - Driver: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys O41 - Driver: Microsoft USB-Standardhubtreiber (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys O41 - Driver: Microsoft USB-Druckerklasse (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys O41 - Driver: USB-Scannertreiber (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys O41 - Driver: USB-Massenspeichertreiber (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS O41 - Driver: Miniporttreiber für universellen Microsoft USB-Hostcontroller (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys O41 - Driver: RAS-IP-ARP-Treiber (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys O41 - Driver: Treiber für Microsoft WINMM-WDM-Audiokompatibilität (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\system32\DRIVERS\wpdusb.sys O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys O41 - Driver: zlportio (zlportio) - C:\Programme\UltraStar Deluxe\zlportio.sys ---\\ Software installed (O42) O42 - Logiciel: 1&1 EasyLogin O42 - Logiciel: 7-Zip 4.57 O42 - Logiciel: Adobe Flash Player 10 ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin O42 - Logiciel: Adobe Shockwave Player 11 O42 - Logiciel: Agfa ScanWise 1.50 O42 - Logiciel: AIMP2 O42 - Logiciel: Avira AntiVir Personal - Free Antivirus O42 - Logiciel: HP Wireless Keyboard Driver V1.0 O42 - Logiciel: CCleaner (remove only) O42 - Logiciel: EVEREST Home Edition v2.20 O42 - Logiciel: Hamachi 1.0.1.5 O42 - Logiciel: HijackThis 2.0.2 O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs O42 - Logiciel: Windows Internet Explorer 7 O42 - Logiciel: Command & Conquer(TM) Generäle O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) O42 - Logiciel: Command and Conquer(TM) Generäle Die Stunde Null O42 - Logiciel: High Definition Audio Driver Package - KB888111 O42 - Logiciel: Update für Windows XP (KB898461) O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB936782) O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB938464) O42 - Logiciel: Hotfix für Windows Media Player 11 (KB939683) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB941569) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950762) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950974) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951066) O42 - Logiciel: Update für Windows XP (KB951072-v2) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951376-v2) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951698) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951748) O42 - Logiciel: Update für Windows XP (KB951978) O42 - Logiciel: Sicherheitsupdate für Windows Media Player (KB952069) O42 - Logiciel: Hotfix für Windows XP (KB952287) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB952954) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB953838) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB953839) O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB954154) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954211) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954459) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954600) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB955069) O42 - Logiciel: Update für Windows XP (KB955839) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956390) O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956391) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956802) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956803) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956841) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957095) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957097) O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958644) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958687) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958690) O42 - Logiciel: Wichtiges Update für Windows Media Player 11 (KB959772) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960225) O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960715) O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) O42 - Logiciel: Update für Windows XP (KB967715) O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366) O42 - Logiciel: Malwarebytes' Anti-Malware O42 - Logiciel: MediaMonkey 3.0 O42 - Logiciel: Microsoft .NET Framework 1.1 O42 - Logiciel: Mozilla Firefox (3.0.8) O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP O42 - Logiciel: Navilog1 3.7.6 O42 - Logiciel: Microsoft National Language Support Downlevel APIs O42 - Logiciel: NVIDIA Drivers O42 - Logiciel: ObjectDock O42 - Logiciel: OpenAL O42 - Logiciel: Die Siedler IV O42 - Logiciel: TeamSpeak 2 RC2 O42 - Logiciel: TmNationsForever O42 - Logiciel: VLC media player 0.9.6 O42 - Logiciel: Windows Media Format 11 runtime O42 - Logiciel: Windows Media Player 11 O42 - Logiciel: Windows XP Service Pack 3 O42 - Logiciel: WinRAR O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 O42 - Logiciel: Xilisoft DVD Creator O42 - Logiciel: Zattoo 3.3.3 Beta O42 - Logiciel: ANNO 1602 Königs-Edition O42 - Logiciel: Counter-Strike 1.6 O42 - Logiciel: Company of Heroes - FAKEMSI O42 - Logiciel: Google Earth O42 - Logiciel: Intel(R) Network Connections 13.0.42.0 O42 - Logiciel: Java(TM) 6 Update 11 O42 - Logiciel: MSXML 4.0 O42 - Logiciel: TuneUp Utilities 2008 O42 - Logiciel: GRID O42 - Logiciel: Skype™ 3.8 O42 - Logiciel: ICQ6.5 O42 - Logiciel: Stronghold Legends O42 - Logiciel: Apple Software Update O42 - Logiciel: Battlefield 1942 O42 - Logiciel: Windows Media Player Firefox Plugin O42 - Logiciel: Sentinel Protection Installer 7.2.2 O42 - Logiciel: Nero 7 Premium O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable O42 - Logiciel: MSXML 4.0 SP2 (KB954430) O42 - Logiciel: Garena O42 - Logiciel: Microsoft Silverlight O42 - Logiciel: NVIDIA PhysX O42 - Logiciel: LightScribe System Software O42 - Logiciel: QuickTime O42 - Logiciel: Google SketchUp 6 O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 O42 - Logiciel: Adobe Reader 8.1.4 O42 - Logiciel: Spybot - Search & Destroy O42 - Logiciel: Battlefield 1942: Secret Weapons of WWII O42 - Logiciel: MSXML 4.0 SP2 (KB936181) O42 - Logiciel: Power Manager O42 - Logiciel: OpenOffice.org 2.4 O42 - Logiciel: Battlefield 1942: The Road To Rome O42 - Logiciel: Realtek High Definition Audio Driver O42 - Logiciel: PDFPrintuMailSbe 0.8.0 |
---\\ Last modified or created files under System32 (O44) O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->12.03.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\GdiPlus.dll -->28.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\keystone.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mfc70.dll -->28.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->25.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->16.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\msvcp70.dll -->28.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nv4_disp.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapi.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvappbar.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapps.nvb -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapps.xml -->13.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcod.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcodins.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcolor.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcpl.cpl -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcpl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcplui.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcpluir.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcuda.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdisp.nvu -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdisps.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdispsr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdspsch.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvgames.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvgamesr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nview.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccs.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccsrs.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccss.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccssr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmctray.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmobls.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmoblsr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvModes.dat -->11.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvoglnt.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\NvPVEnc.ax -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsar.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrscs.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsda.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsde.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsel.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrseng.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrses.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsesm.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsfi.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsfr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrshe.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrshu.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsit.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsja.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsko.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsnl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsno.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrspl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrspt.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsptb.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsru.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrssk.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrssl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrssv.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsth.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrstr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrszhc.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrszht.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvshell.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvsvc32.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvtuicpl.cpl -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvudisp.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvvitvs.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvvitvsr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwddi.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwdmcpl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwimg.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsar.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrscs.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsda.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsde.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsel.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrseng.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrses.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsesm.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsfi.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsfr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrshe.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrshu.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsit.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsja.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsko.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsnl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsno.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrspl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrspt.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsptb.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsru.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrssk.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrssl.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrssv.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsth.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrstr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrszhc.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrszht.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwss.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwssr.dll -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nwiz.exe -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\OpenAL32.dll -->22.03.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc007.dat -->02.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->02.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh007.dat -->02.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->02.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->02.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\TUKernel.exe -->13.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13.04.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\wrap_oal.dll -->22.03.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntdd.sys -->13.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntflt.sys -->13.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntmgr.sys -->13.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avipbb.sys -->13.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\hamachi.sys -->16.02.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\nv4_mini.sys -->15.01.2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ssmdrv.sys -->13.02.2009 ---\\ Last files created in Windows Prefetcher (O45) O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\7ZG.EXE-189F3F41.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AIMP2.EXE-14097106.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-1D2DB8A2.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGNT.EXE-39CD89BF.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-31D7686A.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVSCAN.EXE-25724B6E.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-24612965.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-3AC95876.pf -->19.03.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CATCHME.EXE-0B06868A.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCLEANER.EXE-065E2F3F.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHKNTFS.EXE-31921D64.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FROZEN THRONE.EXE-04CB1895.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GARENA.EXE-1A7DE003.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GETPATHS.EXE-10B311CA.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GNC.EXE-0546FBD8.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GNC.EXE-298006C5.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->09.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-39024128.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INTEGRATOR.EXE-328E2F5A.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IS-2EVT8.TMP-38E43101.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IS-BTV21.TMP-097EDAC7.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IW3MP.EXE-0220B50C.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\KOPIE VON GRID.EXE-09CE7A61.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MEMOPTIMIZER.EXE-36FE2832.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NAVILOG1.EXE-12D4D873.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OBJECTDOCK.EXE-200AFFC9.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OEM2ANSI.EXE-04B221CA.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSV.EXE-2688F3F3.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PROCESSMANAGER.EXE-2A611132.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-1EA4C8B2.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGISTRYCLEANER.EXE-2E8CD085.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1619A94E.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1857459C.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2BF3472E.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3029594F.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->11.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SHUTDOWN.EXE-12DAD820.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1D495A65.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\STARTUPMANAGER.EXE-336AE2DE.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYSTEMOPTIMIZER.EXE-15555041.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-3398FCD6.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WAR3.EXE-1423285C.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->13.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOO.EXE-0C7AC94E.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOO1.EXE-2EA1ADA4.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOOD.EXE-1AC5C517.pf -->12.04.2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZHPDIAG.EXE-00214859.pf -->13.04.2009 ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export authorized application key (O47) O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export - "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" O47 - AAKE:Key Export - "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" O47 - AAKE:Key Export - "D:\Spiele\Race Driver GRID\GRID.exe"="D:\Spiele\Race Driver GRID\GRID.exe:*:Enabled:GRID" O47 - AAKE:Key Export - "D:\Spiele\C o D 4\iw3mp.exe"="D:\Spiele\C o D 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nm.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys ---\\ Image File Execution Options (IFEO) (O50) O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d End of the scan: [/CODE] |
so Navipromo Removal version 3.7.6 started on 13.04.2009 at 19:10:16,28 Fix running from C:\Programme\navilog1 Updated on 14.03.2009 at 18h00 by IL-MAFIOSO Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz ) BIOS : BIOS Date: 10/24/07 21:06:54 Ver: 5.13 USER : +++ ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.26 (Activated) C:\ (Local Disk) - NTFS - Total:58 Go (Free:30 Go) D:\ (Local Disk) - NTFS - Total:407 Go (Free:264 Go) E:\ (CD or DVD) F:\ (CD or DVD) H:\ (USB) I:\ (USB) J:\ (USB) K:\ (USB) Automatic removal with Catchme and GNS results Cleanning stage done on Reboot *** fsbl1.txt not found *** (Check that Catchme found nothing in Search Mode) *** Deleting with Backups GenericNaviSearch results *** * Deletion in "C:\WINDOWS\System32" * * Deletion in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" * *** Deleting folders in "C:\WINDOWS" *** *** Deleting folders in "C:\Programme" *** *** Deleting folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" *** *** Deleting folders in "C:\Dokumente und Einstellungen\All Users\startm~1" *** *** Deleting folders in "c:\dokume~1\alluse~1\anwend~1" *** *** Deleting folders in "C:\Dokumente und Einstellungen\+++\anwend~1" *** *** Deleting folders in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" *** *** Deleting folders in "C:\Dokumente und Einstellungen\+++\startm~1\progra~1" *** *** Deleting files *** *** Deleting temporary files *** Cleaning of C:\WINDOWS\Temp done ! Cleaning of C:\Dokumente und Einstellungen\+++\lokale~1\Temp done ! *** Complementary Search *** (Search specific files) 1)Deletion with backups new Instant Access files: 2)Heuristic search and deletion with backups : * In "C:\WINDOWS\system32" * * In "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" * *** Copy Registry to Safebackup folder *** Backing up Registry done ! *** Cleaning Registry *** Registry cleaned *** Certificates *** Egroup Certificate not found ! Electronic-Group Certificate not found ! Montorgueil Certificate not found ! OOO-Favorit Certificate not found ! Sunny-Day-Design-Ltd Certificate not found ! *** Search others known folders and files *** *** Cleaning stage complete on 13.04.2009 at 19:12:10,54 *** gruß Christian |
:confused: Kann es sein, dass du navilog zweimal mit option 2 gestartet hast? Poste bitte ein neues HJT-Log. ciao, andreas |
ja hab ich vor das mit den punkt 3 und dann danach nochmal Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:22:48, on 13.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6.5\ICQ.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: qxkbhp.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5490 bytes gruß christian |
Firefox sollte wieder funktionieren. :) 1.) Deinstalliere: Spybot (Schrott) 2.) Starte HJT => Do a system scan only => Markiere: Code: O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"3.) http://www.trojaner-board.de/51187-a...i-malware.html 4.) http://www.trojaner-board.de/51871-a...tispyware.html (Nur Punkt 1-3) ciao, andreas |
so SUPERAntiSpyware Scan Log h+++p://w++w.superantispyware.com Generated 04/13/2009 at 08:20 PM Application Version : 4.26.1000 Core Rules Database Version : 3841 Trace Rules Database Version: 1796 Scan type : Complete Scan Total Scan Time : 00:33:52 Memory items scanned : 533 Memory threats detected : 0 Registry items scanned : 5091 Registry threats detected : 30 File items scanned : 15838 File threats detected : 5 Adware.Tracking Cookie C:\Dokumente und Einstellungen\+++\Cookies\laubi@doubleclick[1].txt C:\Dokumente und Einstellungen\+++\Cookies\laubi@adserver.71i[1].txt C:\Dokumente und Einstellungen\+++\Cookies\laubi@statse.webtrendslive[2].txt C:\Dokumente und Einstellungen\+++\Cookies\laubi@atwola[1].txt Trojan.DNSChanger-Codec HKU\S-1-5-21-1343024091-1592454029-839522115-1003\Software\uninstall Rogue.Component/Trace HKLM\Software\Microsoft\BC8387C8 HKLM\Software\Microsoft\BC8387C8#bc8387c8 HKLM\Software\Microsoft\BC8387C8#Version HKLM\Software\Microsoft\BC8387C8#bc832a48 HKLM\Software\Microsoft\BC8387C8#bc8343ad HKU\S-1-5-21-1343024091-1592454029-839522115-1003\Software\Microsoft\CS41275 HKU\S-1-5-21-1343024091-1592454029-839522115-1003\Software\Microsoft\FIAS4018 Rootkit.TDSServ HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#start HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#type HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#imagepath HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#group HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSserv HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSl HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssservers HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssmain HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsslog HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssadw HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssinit HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssurls HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsspanels HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsserrors HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSproc HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#INITSTARTFAILED Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\TDSSWGQE.DAT Malwarebytes' Anti-Malware 1.30 Datenbank Version: 1439 Windows 5.1.2600 Service Pack 3 13.04.2009 20:33:50 mbam-log-2009-04-13 (20-33-50).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 94897 Laufzeit: 14 minute(s), 24 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) gruß Christian |
Eieiei, das TDSSdingens. Wie geht es dem Rechner? Er sollte spürbar schneller sein. Poste ein letztes HJT-Log. ciao, andreas |
so Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:48:50, on 13.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\ICQ6.5\ICQ.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5211 bytes Von der schnelligkeit merkt man keinen unterschied war vorher schon so schnell wie immer.. gruß christian |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:53 Uhr. |
Copyright ©2000-2025, Trojaner-Board