Habe Cyber Security auf dem PC was nun? HILFE Hallo, habe mir gestern irgendwie dieses Cyber Security eingefangen und bekomme es nicht deinstalliert. Wie bekomme ich es weg, kann mir jemand helfen? Habe Win Vista Bitte bitte |
Hallo mandy010388, Lässt sich die Software deinstalieren? Arbeite folgende Programm Liste nach der Reihe ab und Poste die Logs. 1. CCleaner 2. Malwarebytes Anti-Malware 3. HiJackThis Gruß Black_Light |
Hallo, danke das du mir hilfst. Nein er lässt sich leider nicht deinstallieren. Muss auch noch dazu sagen das ich in der Systemsteuerung, dieses Cyber Security gelöscht habe (den Namen) aber der rest ist immer noch drauf. Hier einmal der Block von CCleaner ABBYY FineReader 5.0 Sprint ABBYY Software House 26.12.2007 225,1MB ABBYY FineReader 6.0 Professional ABBYY Software House 26.12.2007 54,5MB ABBYY FineReader OCR Engine 26.12.2007 93,6MB Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 19.08.2007 13,5MB Adobe Flash Player 10 Plugin Adobe Systems Incorporated 11.08.2009 Adobe Flash Player ActiveX Adobe Systems Incorporated 20.07.2008 Adobe Photoshop 7.0 Adobe Systems, Inc. 21.02.2008 144,8MB Adobe Reader 8.1.4 Adobe Systems Incorporated 18.03.2009 85,0MB ALPS Touch Pad Driver 19.08.2007 Apple Software Update Apple Inc. 27.01.2009 2,16MB Ashampoo ClipFinder 1.55 ashampoo GmbH & Co. KG 02.05.2009 9,51MB ASUS Data Security Manager ASUS 18.08.2007 4,95MB ASUS InstantFun ASUS 18.08.2007 14,6MB ASUS Live Update ASUS 19.08.2007 0,45MB ASUS Splendid Video Enhancement Technology ASUSTeK 18.08.2007 16,3MB Asus_Camera_ScreenSaver ASUS 19.08.2007 Atheros Driver Installation Program Atheros 18.08.2007 4,00KB ATI Catalyst Install Manager ATI Technologies, Inc. 15.12.2007 13,8MB ATK Generic Function Service ATK 18.08.2007 0,45MB ATK Hotkey ATK 18.08.2007 5,08MB ATK Media 19.08.2007 0,63MB ATKOSD2 ATK 18.08.2007 7,35MB Avira AntiVir Personal - Free Antivirus Avira GmbH 18.03.2009 63,1MB Bluetooth Stack for Windows by Toshiba 28.04.2009 56,1MB CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 08.02.2009 46,2MB Canon Internet Library for ZoomBrowser EX Canon Inc. 08.02.2009 46,2MB Canon RAW Image Task for ZoomBrowser EX Canon Inc. 08.02.2009 19,1MB Canon Utilities CameraWindow Canon Inc. 08.02.2009 2,27MB Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 08.02.2009 18,4MB Canon Utilities Digital Photo Professional 3.4 Canon Inc. 08.02.2009 60,2MB Canon Utilities EOS Utility Canon Inc. 08.02.2009 42,1MB Canon Utilities MyCamera Canon Inc. 08.02.2009 15,5MB Canon Utilities Original Data Security Tools Canon Inc. 08.02.2009 6,89MB Canon Utilities PhotoStitch Canon Inc. 08.02.2009 6,15MB Canon Utilities Picture Style Editor Canon Inc. 08.02.2009 61,7MB Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 08.02.2009 16,3MB Canon Utilities WFT-E1/E2/E3 Utility Canon Inc. 08.02.2009 2,27MB Canon Utilities ZoomBrowser EX Canon Inc. 08.02.2009 46,2MB Canon ZoomBrowser EX Memory Card Utility Canon Inc. 08.02.2009 19,7MB capella reader 6.0 capella software GmbH 18.01.2009 7,44MB CCleaner (remove only) Piriform 07.10.2009 2,71MB DHTML Editing Component Microsoft Corporation 31.12.2007 0,45MB DivX Codec DivX, Inc. 01.12.2008 22,2MB DivX Player 25.05.2008 51,3MB DivX Web Player DivX,Inc. 25.05.2008 51,3MB eMule.de 0.48a v18 eMule.de 18.02.2008 7,92MB EOS USB WIA Driver Canon Inc. 08.02.2009 1,28MB Google Earth Google 15.05.2009 32,2MB Haufe iDesk-Browser Haufe 17.12.2008 18,7MB Haufe iDesk-Service Haufe 17.12.2008 44,9MB HP Customer Participation Program 11.0 HP 02.05.2009 141,9MB HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 HP 02.05.2009 14,7MB HP Imaging Device Functions 11.0 HP 02.05.2009 2,41MB HP Photosmart Essential 3.0 HP 02.05.2009 2,40MB HP Smart Web Printing HP 02.05.2009 8,51MB HP Solution Center 11.0 HP 02.05.2009 2,39MB HP Update Hewlett-Packard 09.05.2009 3,71MB ICQ6.5 ICQ 03.12.2008 40,5MB Infineon USB driver 1.0.0.6 Infineon 13.08.2009 1,46MB Isabell Werth - Reitsport 1.2 19.02.2008 290,5MB iTunes Apple Inc. 23.08.2008 83,2MB Java(TM) 6 Update 11 Sun Microsystems, Inc. 17.12.2008 94,4MB Java(TM) 6 Update 3 Sun Microsystems, Inc. 18.01.2008 133,2MB Java(TM) 6 Update 5 Sun Microsystems, Inc. 18.03.2008 136,2MB Java(TM) 6 Update 7 Sun Microsystems, Inc. 18.07.2008 136,2MB Lexware Info Service Lexware GmbH & Co. KG 17.12.2008 10,4MB LG Bluetooth Drivers LG Electronics 13.08.2009 0,69MB LG MC USB U330 driver LG Electronics 13.08.2009 1,47MB LG PC Suite III deinstallieren LG Electronics 13.08.2009 108,2MB LG USB Modem Drivers LG Electronics 13.08.2009 1,06MB LifeFrame2 ASUS 18.08.2007 9,87MB Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 24.09.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.07.2009 27,8MB Microsoft Office Enterprise 2007 Microsoft Corporation 05.07.2009 663,3MB Microsoft Office Project Professional 2007 Microsoft Corporation 05.07.2009 1.187,4MB Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.12.2008 0,41MB Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.03.2009 0,58MB Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 06.02.2008 0,13MB Motorola SM56 Speakerphone Modem 19.08.2007 1,91MB Mozilla Firefox (2.0.0.20) Mozilla 02.05.2009 24,1MB MSXML 4.0 SP2 (KB927978) Microsoft Corporation 17.04.2007 1,24MB MSXML 4.0 SP2 (KB936181) Microsoft Corporation 15.12.2007 1,27MB MSXML 4.0 SP2 (KB941833) Microsoft Corporation 24.12.2007 1,27MB MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.11.2008 1,28MB NB Probe 19.08.2007 2,74MB Nero 8 Demo Nero AG 17.01.2008 1.743,4MB Norton Security Scan Symantec Corporation 25.01.2008 6,25MB Opera 9.60 Opera Software ASA 19.10.2008 15,7MB PIF DESIGNER2.1 24.12.2007 1,09MB Power4Gear eXtreme ATK 18.08.2007 4,75MB PowerForPhone PowerForPhone 18.08.2007 0,75MB QuickTime Apple Inc. 27.01.2009 74,4MB Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 18.08.2007 0,63MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.08.2007 15,3MB RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 19.08.2007 1,93MB ScanToWeb 24.12.2007 0,37MB ScanWizard 5 26.12.2007 3,83MB Shop for HP Supplies HP 02.05.2009 141,9MB Skype™ 3.8 Skype Technologies S.A. 25.12.2008 32,7MB Spyware Doctor 5.5 PC Tools 02.04.2008 40,0MB Steuer 2008 Lexware 17.12.2008 80,4MB Steuer Hilfesammlung Haufe Mediengruppe 17.12.2008 114,8MB Tinypic 3.12 E. Fiedler 24.02.2008 1,13MB TorisWin32 12.03.2008 TuneUp Utilities 2008 TuneUp Software 17.01.2008 40,9MB Turbo Lister 2 eBay 31.12.2007 27,8MB USB 2.0 1.3M UVC WebCam 19.08.2007 VC_MergeModuleToMSI Default Company Name 08.09.2008 1,85MB VistaFeaturePack CSR 18.08.2007 Windows Media Player Firefox Plugin Microsoft Corp 27.07.2008 0,29MB Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) Infineon Technologies 13.08.2009 1,46MB WinFlash 19.08.2007 1,36MB WinRAR Archivierer 13.03.2008 3,40MB Wireless Console 2 ATK 18.08.2007 1,59MB HiJackThis Block Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:32, on 08.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CS\tsc.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: &IE Help - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\Windows\System32\iehelpmod.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: Google Update Service (gupdate1c9a5a5badcef30) (gupdate1c9a5a5badcef30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 9248 bytes Mit dem anderen Programm komme ich leider nicht so klar, bzw. es öffnet sich nicht, weis auch nicht wieso |
Hallo zurück, Fixe mit HiJackThis folgende Einträge. Zitat:
Lade folgende Datei bei Virustotal hoch und lass sie Analysieren. Wenn die Datei bereits Analysiert wurde, trotzdem Analysieren! Zitat:
Benenne die Malwarebytes.exe um, in mw.com (keine Endung.exe). Besserung ist sicht? Hast du mit Ccleaner die Registry gesäubert? Gruß Black_Light |
habe leider nicht so die ahnung, aber durch das com geht es. danke Wie machen ich das mit dem fixen und dem anderen? Sorry |
ja gecleant habe ich |
Zuerst folgende Software deinstalieren: Zitat:
Die Antwort auf das wie bekommst du hier:daumenhoc HTML-Code: http://www.trojaner-board.de/51130-anleitung-hijackthis.html HTML-Code: http://www.virustotal.com/de/ Die Datei iehelpmod.dll Lädst du bitte hoch und Postest das ergebniss hier:) Solltes du die Datei nicht finde, meldest du dich wieder. Alle Fragen beantwortet? Gruß, Black_light |
Ok super die Datein deinstalliere ich Habe das mit VIrustotal hinbekommen hier der bericht Datei iehelpmod.dll empfangen 2009.10.08 15:26:54 (UTC) Status: Beendet Ergebnis: 7/41 (17.08%) Filter Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.08 - AhnLab-V3 5.0.0.2 2009.10.08 - AntiVir 7.9.1.35 2009.10.08 - Antiy-AVL 2.0.3.7 2009.10.05 - Authentium 5.1.2.4 2009.10.08 - Avast 4.8.1351.0 2009.10.07 - AVG 8.5.0.420 2009.10.04 - BitDefender 7.2 2009.10.08 - CAT-QuickHeal 10.00 2009.10.08 - ClamAV 0.94.1 2009.10.08 - Comodo 2537 2009.10.08 - DrWeb 5.0.0.12182 2009.10.08 - eSafe 7.0.17.0 2009.10.06 - eTrust-Vet 35.1.7057 2009.10.08 - F-Prot 4.5.1.85 2009.10.07 - F-Secure 8.0.14470.0 2009.10.08 Packed.Win32.Krap.ae Fortinet 3.120.0.0 2009.10.08 - GData 19 2009.10.08 - Ikarus T3.1.1.72.0 2009.10.08 - Jiangmin 11.0.800 2009.10.08 - K7AntiVirus 7.10.865 2009.10.08 - Kaspersky 7.0.0.125 2009.10.08 Packed.Win32.Krap.ae McAfee 5765 2009.10.08 - McAfee+Artemis 5765 2009.10.08 Artemis!9F45B7DEA3CC McAfee-GW-Edition 6.8.5 2009.10.08 Heuristic.LooksLike.Win32.NewMalware.I Microsoft 1.5101 2009.10.08 Trojan:Win32/Yektel.A NOD32 4490 2009.10.08 - Norman 6.01.09 2009.10.08 - nProtect 2009.1.8.0 2009.10.08 - Panda 10.0.2.2 2009.10.07 Suspicious file PCTools 4.4.2.0 2009.10.08 - Prevx 3.0 2009.10.08 - Rising 21.49.22.00 2009.09.30 - Sophos 4.45.0 2009.10.08 - Sunbelt 3.2.1858.2 2009.10.07 CyberSecurity Symantec 1.4.4.12 2009.10.08 - TheHacker 6.5.0.2.033 2009.10.07 - TrendMicro 8.950.0.1094 2009.10.08 - VBA32 3.12.10.11 2009.10.08 - ViRobot 2009.10.8.1976 2009.10.08 - VirusBuster 4.6.5.0 2009.10.08 - weitere Informationen File size: 340992 bytes MD5...: 9f45b7dea3cc5b92f84fd7003ceb0b9b SHA1..: 1a50828e76d403fa58c1029c92320ae6c78e972d SHA256: d17d013743358d75f980be813628a3bb768f57ff1592b7dbae85fce5a6af65e4 ssdeep: 6144:/8alYexogw6ALsr4HJsuUTL8Y8V9/JE3dx8nIFPSoq4cnAvaDGo1rSHIqs0 9WQ1:0EloUH4HiL8ZzJWqIFPy4cnAva1riYE PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x13ec timedatestamp.....: 0x4621346d (Sat Apr 14 20:07:09 2007) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6ffe 0x7000 4.69 02c6521d1abbd18ab8d290a6e4919666 CODE 0x8000 0x12ca 0x1400 0.00 32ca18808933aa12e979375d07048a11 .edata 0xa000 0x2726 0x2800 2.82 ae963e248d6fd4f27b9fce93d4c422e1 .init 0xd000 0x45ef62 0x46000 7.75 b0f8279c23f03eb6977d9fdf58cc6e2c .idata 0x46c000 0xf0f 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .1tls 0x46d000 0xc97 0xe00 0.00 b4202f7fe985b9648b4676e6f70832bd .data 0x46e000 0x366 0x400 0.00 0f343b0931126a20f133d67c2b018a3b ( 0 imports ) ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Clipper DOS Executable (33.3%) Generic Win/DOS Executable (33.0%) DOS Executable Generic (33.0%) VXD Driver (0.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned |
Fixe mit HiJackThis diese Datei: Zitat:
Sunbelt 3.2.1858.2 2009.10.07 CyberSecurity Mal sehn was Malwarebytes zu melden hat. KOmmst du mit dem Fixen zurecht? |
ja danke klappt alles supi! Habe die Anderen sachen deinstalliert |
habe das nur nicht wie verstanden was ich hier machen soll Anschliessend müssen auch die Malware Dateien entfernt werden, denn sonst hat die ganze Prozedur keinen Sinn. Fixen alleine beseitigt die Dateien nicht! Ich ich kann hijachthis nicht mehr starten??? |
Das ist super!! Nun darfst du einen zwischen HiJackThis Logfile Posten:). Malwarebytes läuft und ist nach Anweisung eingestellt wurden? Ich lese mich gerade noch durch deine Software Liste... |
Das heißt das Hijackthis alleine nicht ausreicht. Malwarebytes ist ja noch am Scannen. Deinstaliere HiJackThis und Instaliere es anschließend neu. |
ja der komplettscan läuft kann hijackthis immernoch nicht starten es kommt immer Hijackthis is already running |
deinstallieren geht auch nicht kommt der gleiche spruch |
Okay. Kannst du im Task-Manager sehn ob HijackThis noch läuft? Hast du das Programm überhaupt geschlossen? Ansonsten musst du warten bis Malwarebytes fertig ist danach solltest du den PC Neustarten. Nicht vergessen den Logfile Posten und die Pfunde entfernen. |
er sagt immer das der task-manager durch den Administrator deaktivirt wurde ??? |
Uih da weiß ich im Moment nicht weiter. Warten wir bis Malwarebytes durchgelaufen ist. Wie läuft dein PC allgemein? Langsamer als sonst vor dem befall? Sonst würde ich dein System "Tunien". |
ich wurde sagen es läuft ein bisschen langsamer |
Versuchs nach der Virenentfernung damit:daumenhoc Zitat:
|
ok mache ich fand tuneup immer ganz gut, aber wenn du sagst es ist schrott dann mache ich es weg |
So bin wieder zurück. Scannt Malwarebytes immer noch? |
so Malwarebytes ist endlich fertig hier der bericht Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2775 Windows 6.0.6002 Service Pack 2 08.10.2009 19:30:08 mbam-log-2009-10-08 (19-30-08).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 282120 Laufzeit: 2 hour(s), 11 minute(s), 31 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Windows\System32\iehelpmod.dll (Trojan.FakeAlert) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Program Files\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\iehelpmod.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. und hier hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:32, on 08.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CS\tsc.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: &IE Help - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\Windows\System32\iehelpmod.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: Google Update Service (gupdate1c9a5a5badcef30) (gupdate1c9a5a5badcef30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 9248 bytes Ist mir noch zu helfen?? |
Alle Funde von Malwarebytes Löschen! Darfst nun den Pc neu starten. Bin gerade beim Auswerten des Logs. Bis nachher |
@Black_Light: Wieviel Erfahrung hast Du wirklich mit dem Bereinigen der Rechner? @Mandy: Eigentlich sollten alle Hilfebesuchenden vor dem Erstellen eines neuen Strangs diese Liste beachten - hast Du fast alles gemacht, nur RSIT fehlt noch. |
@ cosinus hast recht:rolleyes:, überlass es dir jetz. Black_light |
hier der info.txt info.txt logfile of random's system information tool 1.06 2009-10-08 20:37:01 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA} ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} ABBYY FineReader 6.0-->MsiExec.exe /I{AF600F7B-67A7-48D9-BA3B-0FF97F35F970} ABBYY FineReader OCR Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe" Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ashampoo ClipFinder 1.55-->"C:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe" ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757} ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe" Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe" -l0x9 -removeonly ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9 ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini" Canon Utilities Digital Photo Professional 3.4-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini" Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini" |
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini" Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini" Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities WFT-E1/E2/E3 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini" Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini" capella reader 6.0-->MsiExec.exe /I{0513E822-B785-4E9C-B8C0-4861F5A04D9F} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EOS USB WIA Driver-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS USB WIA Driver\Uninst.ini" Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Haufe iDesk-Browser-->MsiExec.exe /X{F48AAE0F-52F4-11DD-B1F7-0050560400B1} Haufe iDesk-Service-->MsiExec.exe /X{D5C8E140-6E6F-11DD-9AA9-0050560400B1} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 11.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Infineon USB driver 1.0.0.6-->"C:\Program Files\infineon\FlashUtility\drivers\Infineon USB driver\V1.0.0.6\unins000.exe" Isabell Werth - Reitsport 1.2-->"C:\Program Files\Dancing Dots\Isabell Werth - Reitsport\unins000.exe" iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Lexware Info Service-->MsiExec.exe /X{69496452-FAF3-43BC-9907-BA9CEC65FC10} LG Bluetooth Drivers-->MsiExec.exe /X{F59A3B93-6C1C-4C3E-BCC4-4897490E2963} LG MC USB U330 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}\setup.exe" -l0x7 -removeonly LG PC Suite III deinstallieren-->"C:\Program Files\LG Electronics\LG PC Suite III\unins000.exe" LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C} LG USB Modem Drivers-->MsiExec.exe /X{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4} LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {9E73617F-2F38-4864-BD61-BB2DDFE43323} Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00B4-0407-0000-0000000FF1CE} /uninstall {16809599-3C53-4A9A-A7E2-74A6D0D2C007} Microsoft Office Project MUI (German) 2007-->MsiExec.exe /X{90120000-00B4-0407-0000-0000000FF1CE} Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 Nero 8 Demo-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51031} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76} PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x7 anything Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\SETUP.exe -runfromtemp -l0x0009 -removeonly PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG ScanWizard 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe" Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} |
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Steuer 2008-->C:\Program Files\InstallShield Installation Information\{6181E138-C21C-471C-9238-F2F59C314C6C}\Setup.exe -runfromtemp -l0x0007 -removeonly Steuer Hilfesammlung-->MsiExec.exe /X{67DABCB4-239C-4E02-805E-DEA0DDCB1926} Tinypic 3.12-->"C:\Program Files\Tinypic\unins000.exe" TorisWin32-->C:\FN20\winprg32\UNWISE.EXE C:\FN20\winprg32\INSTALL.LOG Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462} Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} USB 2.0 1.3M UVC WebCam-->C:\Windows\snuninst.exe /name='USB 2.0 1.3M UVC WebCam' VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VistaFeaturePack-->C:\Program Files\InstallShield Installation Information\{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x0409 Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\flashusb.inf_c8396fa4\flashusb.inf WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 WinRAR Archivierer-->C:\Program Files\WinRAR\uninstall.exe Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly ======Hosts File====== 127.0.0.1 localhost ::1 localhost ======Security center information====== AS: Avira AntiVir PersonalEdition AS: Windows-Defender ======System event log====== Computer Name: Mandy-PC Event Code: 6006 Message: Der Ereignisprotokolldienst wurde beendet. Record Number: 162931 Source Name: EventLog Time Written: 20090523202644.000000-000 Event Type: Informationen User: Computer Name: Mandy-PC Event Code: 1 Message: Die Systemzeit wurde von 2009-05-23T20:26:40.591Z auf 2009-05-23T20:26:40.575Z geändert. Record Number: 162930 Source Name: Microsoft-Windows-Kernel-General Time Written: 20090523202640.575000-000 Event Type: Informationen User: NT-AUTORITÄT\LOKALER DIENST Computer Name: Mandy-PC Event Code: 7036 Message: Dienst "Windows-Zeitgeber" befindet sich jetzt im Status "Beendet". Record Number: 162929 Source Name: Service Control Manager Time Written: 20090523202641.000000-000 Event Type: Informationen User: Computer Name: Mandy-PC Event Code: 7036 Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Beendet". Record Number: 162928 Source Name: Service Control Manager Time Written: 20090523202641.000000-000 Event Type: Informationen User: Computer Name: Mandy-PC Event Code: 7036 Message: Dienst "Plug & Play" befindet sich jetzt im Status "Beendet". Record Number: 162927 Source Name: Service Control Manager Time Written: 20090523202640.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: Mandy-PC Event Code: 1531 Message: Der Benutzerprofildienst wurde erfolgreich gestartet. Record Number: 788 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20071214025602.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Mandy-PC Event Code: 2 Message: Der Zertifikatdiensteclient wurde angehalten. Record Number: 787 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20070819102903.981000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: LH-29FHYUN4RZ8F Event Code: 9009 Message: Der Desktopfenster-Manager wurde mit dem Code (0xc00002fe) abgebrochen. Record Number: 786 Source Name: Desktop Window Manager Time Written: 20070819102902.000000-000 Event Type: Informationen User: Computer Name: LH-29FHYUN4RZ8F Event Code: 8225 Message: Der VSS-Dienst wird aufgrund eines Ereignisses vom Dienststeuerungs-Manager heruntergefahren. Record Number: 785 Source Name: VSS Time Written: 20070819102902.000000-000 Event Type: Informationen User: Computer Name: LH-29FHYUN4RZ8F Event Code: 1013 Message: Der Windows-Suchdienst wurde normal beendet. Record Number: 784 Source Name: Microsoft-Windows-Search Time Written: 20070819102720.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: Mandy-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: MANDY-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2a0 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 29102 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080803201008.783875-000 Event Type: Überwachung erfolgreich User: Computer Name: Mandy-PC Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: MANDY-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x2a0 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 29101 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080803201008.783875-000 Event Type: Überwachung erfolgreich User: Computer Name: Mandy-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-20 Kontoname: NETZWERKDIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e4 Berechtigungen: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Record Number: 29100 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080803201008.674675-000 Event Type: Überwachung erfolgreich User: Computer Name: Mandy-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: MANDY-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-20 Kontoname: NETZWERKDIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e4 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2a0 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 29099 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080803201008.674675-000 Event Type: Überwachung erfolgreich User: Computer Name: Mandy-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 29098 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080803201008.409475-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Haufe\iDesk\iDeskService\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4802 "NUMBER_OF_PROCESSORS"=2 "configsetroot"=%SystemRoot%\ConfigSetRoot "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
und jetzt log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Mandy at 2009-10-08 20:36:52 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 47 GB (49%) free of 95 GB Total RAM: 2046 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:36:54, on 08.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\CS\tsc.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\Mandy\Desktop\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\Mandy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: Google Update Service (gupdate1c9a5a5badcef30) (gupdate1c9a5a5badcef30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8885 bytes ======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job C:\Windows\tasks\CS.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-18 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440] "Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-09-12 155648] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "LexwareInfoService"=C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-09-11 339240] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-18 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320] "ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04ec72db-883e-11de-8ab5-001bfca91e56}] shell\AutoRun\command - G:\USBAutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e28cf692-33cb-11de-a355-001d60160655}] shell\AutoRun\command - F:\programs\nu2menu\nu2menu.exe ======List of files/folders created in the last 1 months====== 2009-10-08 20:36:51 ----D---- C:\rsit 2009-10-08 19:33:01 ----A---- C:\Windows\ntbtlog.txt 2009-10-08 16:31:36 ----D---- C:\Program Files\Trend Micro 2009-10-08 16:27:30 ----D---- C:\Users\Mandy\AppData\Roaming\Malwarebytes 2009-10-08 16:27:20 ----D---- C:\ProgramData\Malwarebytes 2009-10-08 16:27:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-08 16:17:21 ----D---- C:\Program Files\CCleaner 2009-10-08 12:02:11 ----D---- C:\Program Files\Enigma Software Group 2009-10-07 20:45:37 ----D---- C:\ProgramData\Office Genuine Advantage 2009-10-07 20:28:07 ----A---- C:\Windows\system32\wdigest.dll 2009-10-07 20:28:07 ----A---- C:\Windows\system32\msv1_0.dll 2009-10-07 20:28:07 ----A---- C:\Windows\system32\kerberos.dll 2009-10-07 20:28:06 ----A---- C:\Windows\system32\secur32.dll 2009-10-07 20:28:06 ----A---- C:\Windows\system32\schannel.dll 2009-10-07 20:28:06 ----A---- C:\Windows\system32\lsass.exe 2009-10-07 20:28:06 ----A---- C:\Windows\system32\lsasrv.dll 2009-10-07 14:34:25 ----D---- C:\Program Files\Common Files\CSUninstall 2009-10-07 14:34:09 ----D---- C:\Program Files\CS 2009-10-03 14:18:03 ----N---- C:\Windows\system32\MpSigStub.exe 2009-10-02 08:31:55 ----A---- C:\Windows\system32\wups2.dll 2009-10-02 08:31:55 ----A---- C:\Windows\system32\wucltux.dll 2009-10-02 08:31:55 ----A---- C:\Windows\system32\wuaueng.dll 2009-10-02 08:31:55 ----A---- C:\Windows\system32\wuauclt.exe 2009-10-02 08:30:49 ----A---- C:\Windows\system32\wups.dll 2009-10-02 08:30:49 ----A---- C:\Windows\system32\wudriver.dll 2009-10-02 08:30:49 ----A---- C:\Windows\system32\wuapi.dll 2009-10-02 08:29:45 ----A---- C:\Windows\system32\wuwebv.dll 2009-10-02 08:29:45 ----A---- C:\Windows\system32\wuapp.exe 2009-10-01 20:04:10 ----D---- C:\Program Files\Maxis 2009-09-24 22:03:52 ----D---- C:\Windows\system32\eu-ES 2009-09-24 22:03:52 ----D---- C:\Windows\system32\ca-ES 2009-09-24 22:03:50 ----D---- C:\Windows\system32\vi-VN 2009-09-24 21:25:18 ----D---- C:\Windows\system32\EventProviders 2009-09-24 09:07:20 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2009-09-24 09:07:16 ----A---- C:\Windows\system32\SLCExt.dll 2009-09-24 09:07:15 ----A---- C:\Windows\system32\SLsvc.exe 2009-09-24 09:07:14 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll 2009-09-24 09:07:14 ----A---- C:\Windows\system32\DevicePairingWizard.exe 2009-09-24 09:07:10 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2009-09-24 09:07:07 ----A---- C:\Windows\system32\mssrch.dll 2009-09-24 09:07:04 ----A---- C:\Windows\system32\tquery.dll 2009-09-24 09:07:03 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-09-24 09:07:02 ----A---- C:\Windows\system32\scavenge.dll 2009-09-24 09:07:02 ----A---- C:\Windows\system32\RMActivate_isv.exe 2009-09-24 09:07:02 ----A---- C:\Windows\system32\RMActivate.exe 2009-09-24 09:07:01 ----A---- C:\Windows\system32\msi.dll 2009-09-24 09:06:59 ----A---- C:\Windows\system32\imapi2fs.dll 2009-09-24 09:06:58 ----A---- C:\Windows\system32\WscEapPr.dll 2009-09-24 09:06:58 ----A---- C:\Windows\system32\wcnwiz2.dll 2009-09-24 09:06:58 ----A---- C:\Windows\system32\sysmain.dll 2009-09-24 09:06:58 ----A---- C:\Windows\system32\secproc_isv.dll 2009-09-24 09:06:56 ----A---- C:\Windows\system32\icardagt.exe 2009-09-24 09:06:54 ----A---- C:\Windows\system32\EhStorShell.dll 2009-09-24 09:06:54 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll 2009-09-24 09:06:52 ----A---- C:\Windows\system32\spreview.exe 2009-09-24 09:06:51 ----A---- C:\Windows\system32\spinstall.exe 2009-09-24 09:06:51 ----A---- C:\Windows\system32\drmv2clt.dll 2009-09-24 09:06:50 ----A---- C:\Windows\system32\spwizui.dll 2009-09-24 09:06:50 ----A---- C:\Windows\system32\shell32.dll 2009-09-24 09:06:50 ----A---- C:\Windows\system32\secproc.dll 2009-09-24 09:06:50 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll 2009-09-24 09:06:49 ----A---- C:\Windows\system32\SearchIndexer.exe 2009-09-24 09:06:49 ----A---- C:\Windows\system32\p2psvc.dll 2009-09-24 09:06:47 ----A---- C:\Windows\system32\mssvp.dll 2009-09-24 09:06:46 ----A---- C:\Windows\system32\mssphtb.dll 2009-09-24 09:06:46 ----A---- C:\Windows\system32\mssph.dll 2009-09-24 09:06:46 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL 2009-09-24 09:06:46 ----A---- C:\Windows\system32\mscoree.dll 2009-09-24 09:06:46 ----A---- C:\Windows\system32\imapi2.dll 2009-09-24 09:06:45 ----A---- C:\Windows\system32\sdohlp.dll 2009-09-24 09:06:45 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-09-24 09:06:45 ----A---- C:\Windows\system32\IMJP10K.DLL 2009-09-24 09:06:45 ----A---- C:\Windows\system32\esent.dll 2009-09-24 09:06:45 ----A---- C:\Windows\system32\DevicePairing.dll 2009-09-24 09:06:43 ----A---- C:\Windows\system32\wevtsvc.dll 2009-09-24 09:06:43 ----A---- C:\Windows\system32\sperror.dll 2009-09-24 09:06:43 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2009-09-24 09:06:43 ----A---- C:\Windows\system32\korwbrkr.dll 2009-09-24 09:06:42 ----A---- C:\Windows\system32\SLC.dll 2009-09-24 09:06:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2009-09-24 09:06:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-09-24 09:06:42 ----A---- C:\Windows\system32\msshsq.dll 2009-09-24 09:06:42 ----A---- C:\Windows\system32\IasMigReader.exe 2009-09-24 09:06:41 ----A---- C:\Windows\system32\msjet40.dll 2009-09-24 09:06:40 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-09-24 09:06:40 ----A---- C:\Windows\system32\msxml6.dll 2009-09-24 09:06:40 ----A---- C:\Windows\system32\MPSSVC.dll 2009-09-24 09:06:39 ----A---- C:\Windows\system32\Query.dll 2009-09-24 09:06:39 ----A---- C:\Windows\system32\qmgr.dll 2009-09-24 09:06:38 ----A---- C:\Windows\system32\P2PGraph.dll 2009-09-24 09:06:38 ----A---- C:\Windows\system32\msexch40.dll 2009-09-24 09:06:38 ----A---- C:\Windows\system32\diagperf.dll 2009-09-24 09:06:37 ----A---- C:\Windows\system32\ole32.dll 2009-09-24 09:06:37 ----A---- C:\Windows\system32\ntdll.dll 2009-09-24 09:06:36 ----A---- C:\Windows\system32\srchadmin.dll 2009-09-24 09:06:36 ----A---- C:\Windows\system32\msxml3.dll 2009-09-24 09:06:35 ----A---- C:\Windows\system32\winload.exe 2009-09-24 09:06:35 ----A---- C:\Windows\system32\uDWM.dll 2009-09-24 09:06:35 ----A---- C:\Windows\system32\riched20.dll 2009-09-24 09:06:35 ----A---- C:\Windows\system32\mmc.exe 2009-09-24 09:06:35 ----A---- C:\Windows\system32\mblctr.exe 2009-09-24 09:06:35 ----A---- C:\Windows\system32\IasMigPlugin.dll 2009-09-24 09:06:35 ----A---- C:\Windows\system32\EncDec.dll 2009-09-24 09:06:35 ----A---- C:\Windows\system32\dfsr.exe 2009-09-24 09:06:34 ----A---- C:\Windows\system32\RacEngn.dll 2009-09-24 09:06:34 ----A---- C:\Windows\system32\fdBth.dll |
2009-09-24 09:06:33 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2009-09-24 09:06:33 ----A---- C:\Windows\system32\SearchFilterHost.exe 2009-09-24 09:06:33 ----A---- C:\Windows\system32\milcore.dll 2009-09-24 09:06:33 ----A---- C:\Windows\system32\kernel32.dll 2009-09-24 09:06:32 ----A---- C:\Windows\system32\spoolss.dll 2009-09-24 09:06:32 ----A---- C:\Windows\system32\schedsvc.dll 2009-09-24 09:06:32 ----A---- C:\Windows\system32\EhStorAPI.dll 2009-09-24 09:06:32 ----A---- C:\Windows\system32\CertEnroll.dll 2009-09-24 09:06:31 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2009-09-24 09:06:31 ----A---- C:\Windows\system32\msvcp60.dll 2009-09-24 09:06:31 ----A---- C:\Windows\system32\msjtes40.dll 2009-09-24 09:06:31 ----A---- C:\Windows\system32\gpedit.dll 2009-09-24 09:06:31 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll 2009-09-24 09:06:30 ----A---- C:\Windows\system32\WinSAT.exe 2009-09-24 09:06:30 ----A---- C:\Windows\system32\infocardapi.dll 2009-09-24 09:06:29 ----A---- C:\Windows\system32\PresentationSettings.exe 2009-09-24 09:06:29 ----A---- C:\Windows\system32\Magnify.exe 2009-09-24 09:06:29 ----A---- C:\Windows\system32\es.dll 2009-09-24 09:06:28 ----A---- C:\Windows\system32\mstext40.dll 2009-09-24 09:06:28 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll 2009-09-24 09:06:28 ----A---- C:\Windows\system32\advapi32.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\WMPhoto.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\WebClnt.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\slwmi.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\msxbde40.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\msexcl40.dll 2009-09-24 09:06:26 ----A---- C:\Windows\system32\comsvcs.dll 2009-09-24 09:06:25 ----A---- C:\Windows\system32\vssapi.dll 2009-09-24 09:06:25 ----A---- C:\Windows\system32\msfeeds.dll 2009-09-24 09:06:25 ----A---- C:\Windows\system32\authui.dll 2009-09-24 09:06:24 ----A---- C:\Windows\system32\vbscript.dll 2009-09-24 09:06:24 ----A---- C:\Windows\system32\propsys.dll 2009-09-24 09:06:24 ----A---- C:\Windows\system32\PresentationHost.exe 2009-09-24 09:06:24 ----A---- C:\Windows\system32\newdev.dll 2009-09-24 09:06:24 ----A---- C:\Windows\system32\NetProjW.dll 2009-09-24 09:06:24 ----A---- C:\Windows\system32\msrepl40.dll 2009-09-24 09:06:23 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-09-24 09:06:23 ----A---- C:\Windows\system32\iedkcs32.dll 2009-09-24 09:06:23 ----A---- C:\Windows\system32\iasrecst.dll 2009-09-24 09:06:23 ----A---- C:\Windows\system32\gpsvc.dll 2009-09-24 09:06:23 ----A---- C:\Windows\system32\eudcedit.exe 2009-09-24 09:06:23 ----A---- C:\Windows\system32\crypt32.dll 2009-09-24 09:06:23 ----A---- C:\Windows\explorer.exe 2009-09-24 09:06:22 ----A---- C:\Windows\system32\setupapi.dll 2009-09-24 09:06:22 ----A---- C:\Windows\system32\rpcss.dll 2009-09-24 09:06:22 ----A---- C:\Windows\system32\mspbde40.dll 2009-09-24 09:06:22 ----A---- C:\Windows\system32\d3d9.dll 2009-09-24 09:06:21 ----A---- C:\Windows\system32\shlwapi.dll 2009-09-24 09:06:21 ----A---- C:\Windows\system32\msltus40.dll 2009-09-24 09:06:21 ----A---- C:\Windows\system32\mfc42.dll 2009-09-24 09:06:21 ----A---- C:\Windows\system32\davclnt.dll 2009-09-24 09:06:20 ----A---- C:\Windows\system32\msrd3x40.dll 2009-09-24 09:06:20 ----A---- C:\Windows\system32\msdtctm.dll 2009-09-24 09:06:20 ----A---- C:\Windows\system32\EhStorPwdMgr.dll 2009-09-24 09:06:20 ----A---- C:\Windows\system32\EhStorAuthn.dll 2009-09-24 09:06:20 ----A---- C:\Windows\system32\browseui.dll 2009-09-24 09:06:19 ----A---- C:\Windows\system32\wevtapi.dll 2009-09-24 09:06:19 ----A---- C:\Windows\system32\photowiz.dll 2009-09-24 09:06:19 ----A---- C:\Windows\system32\nlhtml.dll 2009-09-24 09:06:18 ----A---- C:\Windows\system32\user32.dll 2009-09-24 09:06:17 ----A---- C:\Windows\system32\samsrv.dll 2009-09-24 09:06:17 ----A---- C:\Windows\system32\quartz.dll 2009-09-24 09:06:17 ----A---- C:\Windows\system32\ci.dll 2009-09-24 09:06:16 ----A---- C:\Windows\system32\win32spl.dll 2009-09-24 09:06:16 ----A---- C:\Windows\system32\WcnNetsh.dll 2009-09-24 09:06:16 ----A---- C:\Windows\system32\SLCommDlg.dll 2009-09-24 09:06:16 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-09-24 09:06:16 ----A---- C:\Windows\system32\oleaut32.dll 2009-09-24 09:06:15 ----A---- C:\Windows\system32\netshell.dll 2009-09-24 09:06:15 ----A---- C:\Windows\system32\IKEEXT.DLL 2009-09-24 09:06:15 ----A---- C:\Windows\system32\compcln.exe 2009-09-24 09:06:14 ----A---- C:\Windows\system32\winhttp.dll 2009-09-24 09:06:14 ----A---- C:\Windows\system32\apds.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\xmlfilter.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\QAGENTRT.DLL 2009-09-24 09:06:13 ----A---- C:\Windows\system32\mswstr10.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\msvcrt.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\msctf.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\gdi32.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\emdmgmt.dll 2009-09-24 09:06:13 ----A---- C:\Windows\system32\audiosrv.dll 2009-09-24 09:06:12 ----A---- C:\Windows\system32\VSSVC.exe 2009-09-24 09:06:12 ----A---- C:\Windows\system32\sqlsrv32.dll 2009-09-24 09:06:12 ----A---- C:\Windows\system32\SLUI.exe 2009-09-24 09:06:12 ----A---- C:\Windows\system32\msrd2x40.dll 2009-09-24 09:06:12 ----A---- C:\Windows\system32\mfc42u.dll 2009-09-24 09:06:12 ----A---- C:\Windows\system32\iphlpsvc.dll 2009-09-24 09:06:12 ----A---- C:\Windows\system32\eapphost.dll 2009-09-24 09:06:11 ----A---- C:\Windows\system32\winresume.exe 2009-09-24 09:06:11 ----A---- C:\Windows\system32\shdocvw.dll 2009-09-24 09:06:11 ----A---- C:\Windows\system32\propdefs.dll 2009-09-24 09:06:11 ----A---- C:\Windows\system32\odbc32.dll 2009-09-24 09:06:10 ----A---- C:\Windows\system32\wevtutil.exe 2009-09-24 09:06:10 ----A---- C:\Windows\system32\dbgeng.dll 2009-09-24 09:06:09 ----A---- C:\Windows\system32\WsmSvc.dll 2009-09-24 09:06:09 ----A---- C:\Windows\system32\usp10.dll 2009-09-24 09:06:09 ----A---- C:\Windows\system32\swprv.dll 2009-09-24 09:06:09 ----A---- C:\Windows\system32\mssitlb.dll 2009-09-24 09:06:09 ----A---- C:\Windows\system32\mmcndmgr.dll 2009-09-24 09:06:08 ----A---- C:\Windows\system32\vds.exe 2009-09-24 09:06:08 ----A---- C:\Windows\system32\mshtmled.dll 2009-09-24 09:06:08 ----A---- C:\Windows\system32\ieapfltr.dll 2009-09-24 09:06:08 ----A---- C:\Windows\system32\drvinst.exe 2009-09-24 09:06:07 ----A---- C:\Windows\system32\netlogon.dll 2009-09-24 09:06:07 ----A---- C:\Windows\system32\msscb.dll 2009-09-24 09:06:07 ----A---- C:\Windows\system32\msctfp.dll 2009-09-24 09:06:07 ----A---- C:\Windows\system32\fdBthProxy.dll 2009-09-24 09:06:07 ----A---- C:\Windows\system32\devmgr.dll 2009-09-24 09:06:07 ----A---- C:\Windows\system32\DevicePairingProxy.dll 2009-09-24 09:06:07 ----A---- C:\Windows\system32\BFE.DLL 2009-09-24 09:06:07 ----A---- C:\Windows\system32\adsldpc.dll 2009-09-24 09:06:06 ----A---- C:\Windows\system32\WSDApi.dll 2009-09-24 09:06:06 ----A---- C:\Windows\system32\WMVSDECD.DLL 2009-09-24 09:06:06 ----A---- C:\Windows\system32\Wldap32.dll 2009-09-24 09:06:06 ----A---- C:\Windows\system32\wcnwiz.dll 2009-09-24 09:06:06 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-09-24 09:06:06 ----A---- C:\Windows\system32\evr.dll 2009-09-24 09:06:05 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-09-24 09:06:05 ----A---- C:\Windows\system32\wercon.exe 2009-09-24 09:06:05 ----A---- C:\Windows\system32\services.exe 2009-09-24 09:06:05 ----A---- C:\Windows\system32\iertutil.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\wcncsvc.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\msdrm.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\mimefilt.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\comdlg32.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\certcli.dll 2009-09-24 09:06:04 ----A---- C:\Windows\system32\adtschema.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\WMNetMgr.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\umpnpmgr.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\taskeng.exe 2009-09-24 09:06:03 ----A---- C:\Windows\system32\rtffilt.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\reg.exe 2009-09-24 09:06:03 ----A---- C:\Windows\system32\mswdat10.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\msjter40.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\msdtcprx.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\ipsmsnap.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\dnsapi.dll 2009-09-24 09:06:03 ----A---- C:\Windows\system32\certutil.exe 2009-09-24 09:06:02 ----A---- C:\Windows\system32\w32time.dll 2009-09-24 09:06:01 ----A---- C:\Windows\system32\rsaenh.dll 2009-09-24 09:06:01 ----A---- C:\Windows\system32\msshooks.dll 2009-09-24 09:06:01 ----A---- C:\Windows\system32\msscntrs.dll 2009-09-24 09:06:01 ----A---- C:\Windows\system32\msihnd.dll 2009-09-24 09:06:01 ----A---- C:\Windows\system32\IPSECSVC.DLL 2009-09-24 09:06:01 ----A---- C:\Windows\system32\bthserv.dll 2009-09-24 09:06:01 ----A---- C:\Windows\system32\bcrypt.dll 2009-09-24 09:06:00 ----A---- C:\Windows\system32\TsWpfWrp.exe 2009-09-24 09:06:00 ----A---- C:\Windows\system32\netapi32.dll 2009-09-24 09:06:00 ----A---- C:\Windows\system32\msstrc.dll 2009-09-24 09:06:00 ----A---- C:\Windows\system32\MMDevAPI.dll 2009-09-24 09:06:00 ----A---- C:\Windows\system32\inetpp.dll 2009-09-24 09:06:00 ----A---- C:\Windows\system32\inetcomm.dll 2009-09-24 09:06:00 ----A---- C:\Windows\system32\dfshim.dll 2009-09-24 09:05:59 ----A---- C:\Windows\system32\mtxclu.dll 2009-09-24 09:05:59 ----A---- C:\Windows\system32\mscories.dll 2009-09-24 09:05:59 ----A---- C:\Windows\system32\hidserv.dll 2009-09-24 09:05:59 ----A---- C:\Windows\system32\fundisc.dll 2009-09-24 09:05:59 ----A---- C:\Windows\system32\dhcpcsvc6.dll 2009-09-24 09:05:59 ----A---- C:\Windows\system32\cryptsvc.dll 2009-09-24 09:05:58 ----A---- C:\Windows\system32\wmicmiplugin.dll 2009-09-24 09:05:58 ----A---- C:\Windows\system32\termsrv.dll 2009-09-24 09:05:58 ----A---- C:\Windows\system32\profsvc.dll 2009-09-24 09:05:57 ----A---- C:\Windows\system32\imapi.dll 2009-09-24 09:05:56 ----A---- C:\Windows\system32\wdc.dll 2009-09-24 09:05:56 ----A---- C:\Windows\system32\shsvcs.dll 2009-09-24 09:05:56 ----A---- C:\Windows\system32\msiexec.exe 2009-09-24 09:05:56 ----A---- C:\Windows\system32\chsbrkr.dll 2009-09-24 09:05:55 ----A---- C:\Windows\system32\rasmans.dll 2009-09-24 09:05:55 ----A---- C:\Windows\system32\pnidui.dll 2009-09-24 09:05:55 ----A---- C:\Windows\system32\icardres.dll 2009-09-24 09:05:55 ----A---- C:\Windows\system32\iassdo.dll 2009-09-24 09:05:54 ----A---- C:\Windows\system32\spoolsv.exe 2009-09-24 09:05:54 ----A---- C:\Windows\system32\autofmt.exe 2009-09-24 09:05:53 ----A---- C:\Windows\system32\wersvc.dll 2009-09-24 09:05:53 ----A---- C:\Windows\system32\slmgr.vbs 2009-09-24 09:05:53 ----A---- C:\Windows\system32\scrrun.dll 2009-09-24 09:05:53 ----A---- C:\Windows\system32\PSHED.DLL 2009-09-24 09:05:52 ----A---- C:\Windows\system32\pdh.dll 2009-09-24 09:05:52 ----A---- C:\Windows\system32\dhcpcsvc.dll 2009-09-24 09:05:52 ----A---- C:\Windows\system32\azroles.dll 2009-09-24 09:05:51 ----A---- C:\Windows\system32\wmpmde.dll 2009-09-24 09:05:51 ----A---- C:\Windows\system32\pidgenx.dll 2009-09-24 09:05:51 ----A---- C:\Windows\system32\CertEnrollUI.dll 2009-09-24 09:05:50 ----A---- C:\Windows\system32\winlogon.exe 2009-09-24 09:05:50 ----A---- C:\Windows\system32\SyncCenter.dll 2009-09-24 09:05:49 ----A---- C:\Windows\system32\SLUINotify.dll 2009-09-24 09:05:48 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-09-24 09:05:48 ----A---- C:\Windows\system32\sethc.exe 2009-09-24 09:05:48 ----A---- C:\Windows\system32\ncrypt.dll 2009-09-24 09:05:48 ----A---- C:\Windows\system32\msjetoledb40.dll 2009-09-24 09:05:48 ----A---- C:\Windows\system32\kd1394.dll 2009-09-24 09:05:48 ----A---- C:\Windows\system32\comuid.dll 2009-09-24 09:05:48 ----A---- C:\Windows\system32\certmgr.dll 2009-09-24 09:05:47 ----A---- C:\Windows\system32\untfs.dll 2009-09-24 09:05:47 ----A---- C:\Windows\system32\spp.dll 2009-09-24 09:05:47 ----A---- C:\Windows\system32\scrobj.dll 2009-09-24 09:05:47 ----A---- C:\Windows\system32\iassam.dll 2009-09-24 09:05:46 ----A---- C:\Windows\system32\wisptis.exe 2009-09-24 09:05:46 ----A---- C:\Windows\system32\taskcomp.dll 2009-09-24 09:05:46 ----A---- C:\Windows\system32\rtutils.dll 2009-09-24 09:05:46 ----A---- C:\Windows\system32\dwm.exe 2009-09-24 09:05:46 ----A---- C:\Windows\system32\autochk.exe 2009-09-24 09:05:45 ----A---- C:\Windows\system32\printui.dll 2009-09-24 09:05:45 ----A---- C:\Windows\system32\iasnap.dll 2009-09-24 09:05:44 ----A---- C:\Windows\system32\winsrv.dll 2009-09-24 09:05:44 ----A---- C:\Windows\system32\cscript.exe 2009-09-24 09:05:44 ----A---- C:\Windows\system32\autoconv.exe 2009-09-24 09:05:43 ----A---- C:\Windows\system32\wow32.dll 2009-09-24 09:05:43 ----A---- C:\Windows\system32\userenv.dll 2009-09-24 09:05:43 ----A---- C:\Windows\system32\osk.exe 2009-09-24 09:05:43 ----A---- C:\Windows\system32\onex.dll 2009-09-24 09:05:43 ----A---- C:\Windows\system32\kdcom.dll 2009-09-24 09:05:43 ----A---- C:\Windows\system32\basecsp.dll 2009-09-24 09:05:43 ----A---- C:\Windows\system32\audiodg.exe 2009-09-24 09:05:42 ----A---- C:\Windows\system32\mswsock.dll 2009-09-24 09:05:41 ----A---- C:\Windows\system32\spcmsg.dll 2009-09-24 09:05:41 ----A---- C:\Windows\system32\kdusb.dll 2009-09-24 09:05:40 ----A---- C:\Windows\system32\WinSCard.dll 2009-09-24 09:05:40 ----A---- C:\Windows\system32\winmm.dll 2009-09-24 09:05:40 ----A---- C:\Windows\system32\RelMon.dll 2009-09-24 09:05:40 ----A---- C:\Windows\system32\rdpencom.dll 2009-09-24 09:05:39 ----A---- C:\Windows\system32\WerFaultSecure.exe 2009-09-24 09:05:39 ----A---- C:\Windows\system32\offfilt.dll 2009-09-24 09:05:39 ----A---- C:\Windows\system32\msftedit.dll 2009-09-24 09:05:39 ----A---- C:\Windows\system32\dnsrslvr.dll 2009-09-24 09:05:38 ----A---- C:\Windows\system32\wsepno.dll 2009-09-24 09:05:38 ----A---- C:\Windows\system32\WerFault.exe 2009-09-24 09:05:38 ----A---- C:\Windows\system32\Utilman.exe 2009-09-24 09:05:38 ----A---- C:\Windows\system32\stobject.dll 2009-09-24 09:05:38 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2009-09-24 09:05:38 ----A---- C:\Windows\system32\secproc_ssp.dll 2009-09-24 09:05:37 ----A---- C:\Windows\system32\SndVol.exe 2009-09-24 09:05:37 ----A---- C:\Windows\system32\mscms.dll 2009-09-24 09:05:37 ----A---- C:\Windows\system32\mfplat.dll 2009-09-24 09:05:37 ----A---- C:\Windows\system32\mcmde.dll 2009-09-24 09:05:37 ----A---- C:\Windows\system32\diskraid.exe 2009-09-24 09:05:37 ----A---- C:\Windows\system32\apphelp.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\wscript.exe 2009-09-24 09:05:36 ----A---- C:\Windows\system32\wiaservc.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\ulib.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\sysclass.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\prnntfy.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\odbccp32.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\msnetobj.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\iasdatastore.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\dsound.dll 2009-09-24 09:05:36 ----A---- C:\Windows\system32\adsmsext.dll 2009-09-24 09:05:35 ----A---- C:\Windows\system32\wscntfy.dll 2009-09-24 09:05:35 ----A---- C:\Windows\system32\rastapi.dll 2009-09-24 09:05:35 ----A---- C:\Windows\system32\pnpsetup.dll 2009-09-24 09:05:35 ----A---- C:\Windows\system32\IPHLPAPI.DLL 2009-09-24 09:05:35 ----A---- C:\Windows\system32\fdProxy.dll 2009-09-24 09:05:35 ----A---- C:\Windows\system32\cryptui.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\wscsvc.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\WMVENCOD.DLL 2009-09-24 09:05:34 ----A---- C:\Windows\system32\wlangpui.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\vdsdyn.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\rastls.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\logman.exe 2009-09-24 09:05:34 ----A---- C:\Windows\system32\ipsecsnp.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\iepeers.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\iashlpr.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\gpapi.dll 2009-09-24 09:05:34 ----A---- C:\Windows\system32\diskpart.exe 2009-09-24 09:05:34 ----A---- C:\Windows\system32\brcpl.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\zipfldr.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\wusa.exe 2009-09-24 09:05:33 ----A---- C:\Windows\system32\wshext.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\regsvc.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\rasapi32.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\ntprint.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\mscorier.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\iasrad.dll 2009-09-24 09:05:33 ----A---- C:\Windows\system32\findstr.exe 2009-09-24 09:05:32 ----A---- C:\Windows\system32\wpccpl.dll 2009-09-24 09:05:32 ----A---- C:\Windows\system32\webcheck.dll 2009-09-24 09:05:32 ----A---- C:\Windows\system32\rasdlg.dll 2009-09-24 09:05:32 ----A---- C:\Windows\system32\netcenter.dll 2009-09-24 09:05:31 ----A---- C:\Windows\system32\wsnmp32.dll 2009-09-24 09:05:31 ----A---- C:\Windows\system32\wer.dll 2009-09-24 09:05:31 ----A---- C:\Windows\system32\themecpl.dll 2009-09-24 09:05:31 ----A---- C:\Windows\system32\iassvcs.dll 2009-09-24 09:05:30 ----A---- C:\Windows\system32\uxsms.dll 2009-09-24 09:05:30 ----A---- C:\Windows\system32\tsbyuv.dll 2009-09-24 09:05:30 ----A---- C:\Windows\system32\srvsvc.dll 2009-09-24 09:05:30 ----A---- C:\Windows\system32\mssprxy.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\slcc.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\scansetting.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\powrprof.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\ntmarta.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\networkmap.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\msutb.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\mstsc.exe 2009-09-24 09:05:29 ----A---- C:\Windows\system32\mstlsapi.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\iasads.dll 2009-09-24 09:05:29 ----A---- C:\Windows\system32\iasacct.dll 2009-09-24 09:05:28 ----A---- C:\Windows\system32\sud.dll 2009-09-24 09:05:28 ----A---- C:\Windows\system32\powercpl.dll 2009-09-24 09:05:28 ----A---- C:\Windows\system32\PerfCenterCPL.dll 2009-09-24 09:05:28 ----A---- C:\Windows\system32\newdev.exe 2009-09-24 09:05:28 ----A---- C:\Windows\system32\dot3svc.dll 2009-09-24 09:05:28 ----A---- C:\Windows\system32\connect.dll 2009-09-24 09:05:28 ----A---- C:\Windows\system32\authz.dll 2009-09-24 09:05:26 ----A---- C:\Windows\system32\themeui.dll 2009-09-24 09:05:26 ----A---- C:\Windows\system32\systemcpl.dll 2009-09-24 09:05:26 ----A---- C:\Windows\system32\pcaui.dll 2009-09-24 09:05:26 ----A---- C:\Windows\system32\accessibilitycpl.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\wlanpref.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\usercpl.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\samlib.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\rpchttp.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\qdvd.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\mmci.dll 2009-09-24 09:05:25 ----A---- C:\Windows\system32\autoplay.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\wpcao.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\vdsutil.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\tapisrv.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\scksp.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\regapi.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\msinfo32.exe 2009-09-24 09:05:24 ----A---- C:\Windows\system32\mpr.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\ieaksie.dll 2009-09-24 09:05:24 ----A---- C:\Windows\system32\feclient.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\wscisvif.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\sdclt.exe 2009-09-24 09:05:23 ----A---- C:\Windows\system32\scesrv.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\rekeywiz.exe 2009-09-24 09:05:23 ----A---- C:\Windows\system32\psisdecd.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\oleprn.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\imm32.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\iaspolcy.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\Faultrep.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\dpapimig.exe 2009-09-24 09:05:23 ----A---- C:\Windows\system32\dot3msm.dll 2009-09-24 09:05:23 ----A---- C:\Windows\system32\DeviceEject.exe 2009-09-24 09:05:23 ----A---- C:\Windows\system32\AudioSes.dll 2009-09-24 09:05:22 ----A---- C:\Windows\system32\qedit.dll 2009-09-24 09:05:22 ----A---- C:\Windows\system32\pnpui.dll 2009-09-24 09:05:22 ----A---- C:\Windows\system32\perfdisk.dll 2009-09-24 09:05:22 ----A---- C:\Windows\system32\ncryptui.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\TSTheme.exe 2009-09-24 09:05:21 ----A---- C:\Windows\system32\spwinsat.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\scecli.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\rasplap.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\rasgcw.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\hdwwiz.exe 2009-09-24 09:05:21 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2009-09-24 09:05:21 ----A---- C:\Windows\system32\extmgr.dll 2009-09-24 09:05:21 ----A---- C:\Windows\system32\certreq.exe 2009-09-24 09:05:20 ----A---- C:\Windows\system32\whealogr.dll 2009-09-24 09:05:20 ----A---- C:\Windows\system32\tcpmon.dll 2009-09-24 09:05:20 ----A---- C:\Windows\system32\tcpipcfg.dll 2009-09-24 09:05:20 ----A---- C:\Windows\system32\srcore.dll 2009-09-24 09:05:20 ----A---- C:\Windows\system32\PnPUnattend.exe 2009-09-24 09:05:20 ----A---- C:\Windows\system32\fdWSD.dll 2009-09-24 09:05:20 ----A---- C:\Windows\system32\cmmon32.exe 2009-09-24 09:05:20 ----A---- C:\Windows\system32\cmdial32.dll 2009-09-24 09:05:19 ----A---- C:\Windows\system32\SnippingTool.exe 2009-09-24 09:05:19 ----A---- C:\Windows\system32\SCardSvr.dll 2009-09-24 09:05:19 ----A---- C:\Windows\system32\raschap.dll 2009-09-24 09:05:19 ----A---- C:\Windows\system32\conime.exe 2009-09-24 09:05:18 ----A---- C:\Windows\system32\WMVXENCD.DLL 2009-09-24 09:05:18 ----A---- C:\Windows\system32\wlanui.dll |
2009-09-24 09:05:18 ----A---- C:\Windows\system32\wiaaut.dll 2009-09-24 09:05:18 ----A---- C:\Windows\system32\shwebsvc.dll 2009-09-24 09:05:18 ----A---- C:\Windows\system32\rasppp.dll 2009-09-24 09:05:18 ----A---- C:\Windows\system32\PnPutil.exe 2009-09-24 09:05:18 ----A---- C:\Windows\system32\MSVidCtl.dll 2009-09-24 09:05:18 ----A---- C:\Windows\system32\fontext.dll 2009-09-24 09:05:18 ----A---- C:\Windows\system32\dsprop.dll 2009-09-24 09:05:18 ----A---- C:\Windows\system32\dimsroam.dll 2009-09-24 09:05:17 ----A---- C:\Windows\system32\shsetup.dll 2009-09-24 09:05:17 ----A---- C:\Windows\system32\oobefldr.dll 2009-09-24 09:05:17 ----A---- C:\Windows\system32\occache.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\wmdrmsdk.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\wlgpclnt.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\rasmontr.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\mscandui.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\modemui.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\dataclen.dll 2009-09-24 09:05:16 ----A---- C:\Windows\system32\chtbrkr.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\WSDMon.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\wmpeffects.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\smss.exe 2009-09-24 09:05:15 ----A---- C:\Windows\system32\rdpwsx.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\netplwiz.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\mstime.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\credui.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\certprop.dll 2009-09-24 09:05:15 ----A---- C:\Windows\system32\blackbox.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\wscapi.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\wpcsvc.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\thawbrkr.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\sendmail.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\networkexplorer.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\msscp.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\msrating.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\msimtf.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\logagent.exe 2009-09-24 09:05:14 ----A---- C:\Windows\system32\InkEd.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\ifmon.dll 2009-09-24 09:05:14 ----A---- C:\Windows\system32\gpresult.exe 2009-09-24 09:05:14 ----A---- C:\Windows\system32\cipher.exe 2009-09-24 09:05:13 ----A---- C:\Windows\system32\softkbd.dll 2009-09-24 09:05:13 ----A---- C:\Windows\system32\olepro32.dll 2009-09-24 09:05:13 ----A---- C:\Windows\system32\msctfui.dll 2009-09-24 09:05:13 ----A---- C:\Windows\system32\MediaMetadataHandler.dll 2009-09-24 09:05:13 ----A---- C:\Windows\system32\dmsynth.dll 2009-09-24 09:05:12 ----A---- C:\Windows\system32\puiapi.dll 2009-09-24 09:05:12 ----A---- C:\Windows\system32\drmmgrtn.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\wshbth.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\version.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\SLLUA.exe 2009-09-24 09:05:11 ----A---- C:\Windows\system32\msisip.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\mprapi.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\input.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\fc.exe 2009-09-24 09:05:11 ----A---- C:\Windows\system32\ExplorerFrame.dll 2009-09-24 09:05:11 ----A---- C:\Windows\system32\cdd.dll 2009-09-24 09:05:10 ----A---- C:\Windows\system32\MsCtfMonitor.dll 2009-09-24 09:05:10 ----A---- C:\Windows\system32\fdSSDP.dll 2009-09-24 09:05:10 ----A---- C:\Windows\system32\dmusic.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\wsdchngr.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\SMBHelperClass.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\msjint40.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\l2nacp.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\ftp.exe 2009-09-24 09:05:09 ----A---- C:\Windows\system32\eapp3hst.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\cscdll.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\cscapi.dll 2009-09-24 09:05:09 ----A---- C:\Windows\system32\bthci.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\tscupgrd.exe 2009-09-24 09:05:08 ----A---- C:\Windows\system32\Storprop.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\slcinst.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\rasdial.exe 2009-09-24 09:05:08 ----A---- C:\Windows\system32\rasdiag.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\ipconfig.exe 2009-09-24 09:05:08 ----A---- C:\Windows\system32\fdWCN.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\eappcfg.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\dot3cfg.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\CHxReadingStringIME.dll 2009-09-24 09:05:08 ----A---- C:\Windows\system32\bthudtask.exe 2009-09-24 09:05:07 ----A---- C:\Windows\system32\ocsetup.exe 2009-09-24 09:05:07 ----A---- C:\Windows\system32\nslookup.exe 2009-09-24 09:05:07 ----A---- C:\Windows\system32\networkitemfactory.dll 2009-09-24 09:05:07 ----A---- C:\Windows\system32\mmcico.dll 2009-09-24 09:05:07 ----A---- C:\Windows\system32\hbaapi.dll 2009-09-24 09:05:07 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2009-09-24 09:05:07 ----A---- C:\Windows\system32\fdeploy.dll 2009-09-24 09:05:07 ----A---- C:\Windows\system32\eappgnui.dll 2009-09-24 09:05:06 ----A---- C:\Windows\system32\PNPXAssoc.dll 2009-09-24 09:05:06 ----A---- C:\Windows\system32\gpupdate.exe 2009-09-24 09:05:05 ----A---- C:\Windows\system32\NcdProp.dll 2009-09-24 09:05:05 ----A---- C:\Windows\system32\iscsilog.dll 2009-09-24 09:05:05 ----A---- C:\Windows\system32\csrstub.exe 2009-09-24 09:05:05 ----A---- C:\Windows\system32\cbsra.exe 2009-09-24 09:05:05 ----A---- C:\Windows\system32\bitsigd.dll 2009-09-24 09:05:04 ----A---- C:\Windows\system32\winrnr.dll 2009-09-24 09:05:04 ----A---- C:\Windows\system32\vdmdbg.dll 2009-09-24 09:05:04 ----A---- C:\Windows\system32\slwga.dll 2009-09-24 09:05:04 ----A---- C:\Windows\system32\odbcconf.dll 2009-09-24 09:05:04 ----A---- C:\Windows\system32\midimap.dll 2009-09-24 09:05:04 ----A---- C:\Windows\system32\inetppui.dll 2009-09-24 09:05:00 ----A---- C:\Windows\system32\msimsg.dll 2009-09-24 09:05:00 ----A---- C:\Windows\system32\f3ahvoas.dll 2009-09-24 09:04:34 ----A---- C:\Windows\system32\SmiEngine.dll 2009-09-24 09:04:30 ----A---- C:\Windows\system32\wdscore.dll 2009-09-24 09:04:29 ----A---- C:\Windows\system32\PkgMgr.exe 2009-09-24 09:04:16 ----A---- C:\Windows\system32\drvstore.dll 2009-09-09 20:01:17 ----A---- C:\Windows\system32\netiohlp.dll 2009-09-09 20:01:16 ----A---- C:\Windows\system32\TCPSVCS.EXE 2009-09-09 20:01:16 ----A---- C:\Windows\system32\ROUTE.EXE 2009-09-09 20:01:16 ----A---- C:\Windows\system32\NETSTAT.EXE 2009-09-09 20:01:16 ----A---- C:\Windows\system32\MRINFO.EXE 2009-09-09 20:01:16 ----A---- C:\Windows\system32\HOSTNAME.EXE 2009-09-09 20:01:16 ----A---- C:\Windows\system32\finger.exe 2009-09-09 20:01:16 ----A---- C:\Windows\system32\ARP.EXE 2009-09-09 20:01:15 ----A---- C:\Windows\system32\netevent.dll 2009-09-09 20:00:56 ----A---- C:\Windows\system32\wlansvc.dll 2009-09-09 20:00:56 ----A---- C:\Windows\system32\wlansec.dll 2009-09-09 20:00:56 ----A---- C:\Windows\system32\wlanmsm.dll 2009-09-09 20:00:56 ----A---- C:\Windows\system32\wlanhlp.dll 2009-09-09 20:00:56 ----A---- C:\Windows\system32\L2SecHC.dll 2009-09-09 20:00:55 ----A---- C:\Windows\system32\wlanapi.dll 2009-09-09 20:00:47 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-09-09 20:00:47 ----A---- C:\Windows\system32\mf.dll 2009-09-09 20:00:46 ----A---- C:\Windows\system32\rrinstaller.exe 2009-09-09 20:00:46 ----A---- C:\Windows\system32\mfps.dll 2009-09-09 20:00:46 ----A---- C:\Windows\system32\mfpmp.exe 2009-09-09 20:00:45 ----A---- C:\Windows\system32\mferror.dll 2009-09-09 19:58:27 ----A---- C:\Windows\system32\jscript.dll ======List of files/folders modified in the last 1 months====== 2009-10-08 20:36:54 ----D---- C:\Windows\Temp 2009-10-08 20:22:32 ----D---- C:\Users\Mandy\AppData\Roaming\Skype 2009-10-08 20:22:16 ----D---- C:\Users\Mandy\AppData\Roaming\skypePM 2009-10-08 20:22:01 ----D---- C:\Windows\system32\drivers 2009-10-08 20:19:56 ----A---- C:\Windows\system32\acovcnt.exe 2009-10-08 20:19:31 ----D---- C:\Windows\System32 2009-10-08 19:48:05 ----SHD---- C:\Windows\Installer 2009-10-08 19:48:05 ----D---- C:\Windows 2009-10-08 19:48:05 ----D---- C:\Program Files\Common Files 2009-10-08 19:48:04 ----HD---- C:\Config.Msi 2009-10-08 19:47:53 ----RD---- C:\Program Files 2009-10-08 19:44:52 ----SHD---- C:\System Volume Information 2009-10-08 19:30:06 ----D---- C:\Program Files\ICQToolbar 2009-10-08 17:54:08 ----D---- C:\Windows\system32\Tasks 2009-10-08 17:41:18 ----AD---- C:\ProgramData\TEMP 2009-10-08 17:40:19 ----D---- C:\Program Files\eMule.de 0.48a v18 2009-10-08 17:39:29 ----D---- C:\Program Files\Java 2009-10-08 17:20:56 ----D---- C:\Windows\Debug 2009-10-08 17:12:11 ----D---- C:\Windows\Prefetch 2009-10-08 16:55:55 ----D---- C:\Windows\system32\catroot2 2009-10-08 16:27:20 ----HD---- C:\ProgramData 2009-10-07 20:53:38 ----D---- C:\Program Files\RTL3DSoftware20 2009-10-07 20:29:37 ----D---- C:\Windows\winsxs 2009-10-07 20:28:59 ----D---- C:\Windows\system32\zh-TW 2009-10-07 20:28:59 ----D---- C:\Windows\system32\zh-HK 2009-10-07 20:28:59 ----D---- C:\Windows\system32\tr-TR 2009-10-07 20:28:59 ----D---- C:\Windows\system32\sv-SE 2009-10-07 20:28:59 ----D---- C:\Windows\system32\pt-BR 2009-10-07 20:28:59 ----D---- C:\Windows\system32\nl-NL 2009-10-07 20:28:59 ----D---- C:\Windows\system32\nb-NO 2009-10-07 20:28:59 ----D---- C:\Windows\system32\ko-KR 2009-10-07 20:28:59 ----D---- C:\Windows\system32\it-IT 2009-10-07 20:28:59 ----D---- C:\Windows\system32\he-IL 2009-10-07 20:28:59 ----D---- C:\Windows\system32\fr-FR 2009-10-07 20:28:59 ----D---- C:\Windows\system32\fi-FI 2009-10-07 20:28:59 ----D---- C:\Windows\system32\es-ES 2009-10-07 20:28:59 ----D---- C:\Windows\system32\en-US 2009-10-07 20:28:59 ----D---- C:\Windows\system32\el-GR 2009-10-07 20:28:59 ----D---- C:\Windows\system32\de-DE 2009-10-07 20:28:59 ----D---- C:\Windows\system32\da-DK 2009-10-07 20:28:59 ----D---- C:\Windows\system32\ar-SA 2009-10-07 20:26:36 ----D---- C:\Windows\system32\catroot 2009-10-07 14:34:25 ----D---- C:\Windows\Tasks 2009-10-05 08:37:11 ----D---- C:\Windows\inf 2009-10-05 08:37:11 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-10-03 14:28:00 ----D---- C:\Windows\rescache 2009-10-01 20:05:45 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-25 17:03:53 ----RSD---- C:\Windows\assembly 2009-09-25 11:31:24 ----D---- C:\Windows\Microsoft.NET 2009-09-24 22:17:21 ----SHD---- C:\Boot 2009-09-24 22:06:25 ----D---- C:\Program Files\Windows Calendar 2009-09-24 22:06:24 ----D---- C:\Program Files\Windows Mail 2009-09-24 22:06:24 ----D---- C:\Program Files\Movie Maker 2009-09-24 22:06:21 ----D---- C:\Program Files\Windows Sidebar 2009-09-24 22:06:21 ----D---- C:\Program Files\Windows Media Player 2009-09-24 22:06:21 ----D---- C:\Program Files\Internet Explorer 2009-09-24 22:06:20 ----D---- C:\Program Files\Windows Journal 2009-09-24 22:06:20 ----D---- C:\Program Files\Windows Collaboration 2009-09-24 22:06:17 ----D---- C:\Program Files\Common Files\System 2009-09-24 22:06:16 ----D---- C:\Program Files\Windows Photo Gallery 2009-09-24 22:06:08 ----D---- C:\Windows\servicing 2009-09-24 22:06:08 ----D---- C:\Windows\ehome 2009-09-24 22:06:08 ----D---- C:\Program Files\Windows Defender 2009-09-24 22:05:41 ----D---- C:\Windows\IME 2009-09-24 22:05:40 ----D---- C:\Windows\system32\XPSViewer 2009-09-24 22:05:40 ----D---- C:\Windows\system32\sk-SK 2009-09-24 22:05:40 ----D---- C:\Windows\system32\lv-LV 2009-09-24 22:05:40 ----D---- C:\Windows\system32\hr-HR 2009-09-24 22:05:40 ----D---- C:\Windows\system32\et-EE 2009-09-24 22:05:34 ----D---- C:\Windows\system32\oobe 2009-09-24 22:05:33 ----D---- C:\Windows\system32\migration 2009-09-24 22:05:26 ----D---- C:\Windows\system32\AdvancedInstallers 2009-09-24 22:05:25 ----D---- C:\Windows\system32\zh-CN 2009-09-24 22:05:25 ----D---- C:\Windows\system32\uk-UA 2009-09-24 22:05:25 ----D---- C:\Windows\system32\sr-Latn-CS 2009-09-24 22:05:25 ----D---- C:\Windows\system32\SLUI 2009-09-24 22:05:25 ----D---- C:\Windows\system32\sl-SI 2009-09-24 22:05:25 ----D---- C:\Windows\system32\setup 2009-09-24 22:05:25 ----D---- C:\Windows\system32\ru-RU 2009-09-24 22:05:25 ----D---- C:\Windows\system32\pt-PT 2009-09-24 22:05:25 ----D---- C:\Windows\system32\pl-PL 2009-09-24 22:05:25 ----D---- C:\Windows\system32\manifeststore 2009-09-24 22:05:25 ----D---- C:\Windows\system32\ja-JP 2009-09-24 22:05:25 ----D---- C:\Windows\system32\hu-HU 2009-09-24 22:05:25 ----D---- C:\Windows\system32\cs-CZ 2009-09-24 22:05:25 ----D---- C:\Windows\system32\bg-BG 2009-09-24 22:05:24 ----D---- C:\Windows\system32\ro-RO 2009-09-24 22:05:22 ----D---- C:\Windows\system32\th-TH 2009-09-24 22:05:20 ----D---- C:\Windows\system32\wbem 2009-09-24 22:05:17 ----D---- C:\Windows\system32\lt-LT 2009-09-24 22:05:16 ----D---- C:\Windows\system32\migwiz 2009-09-24 22:04:03 ----RSD---- C:\Windows\Fonts 2009-09-24 22:04:02 ----D---- C:\Windows\AppPatch 2009-09-24 22:03:49 ----D---- C:\Windows\system32\Boot 2009-09-24 22:01:43 ----D---- C:\Windows\system32\RTCOM 2009-09-18 21:21:02 ----D---- C:\Users\Mandy\AppData\Roaming\LG Electronics 2009-09-10 18:51:09 ----D---- C:\ProgramData\Microsoft Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-02 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2007-12-24 278728] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-05 55656] R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-12-28 18688] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2007-12-24 25416] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-08-30 140800] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-03-01 694784] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-24 2609152] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232] R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920] R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728] R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612] R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [] S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [] S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 SIVDRIVER;SIV Kernel Driver; \??\C:\Windows\system32\Drivers\SIVX32.sys [2007-02-24 19944] S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376] S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-24 602112] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-06-11 94208] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [2007-12-27 39936] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 gupdate1c9a5a5badcef30;Google Update Service (gupdate1c9a5a5badcef30); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-15 133104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- |
hoffe das geht so |
braucht ihr noch irgendwas? Weil keiner mehr was schreibt? |
Zitat:
|
Hallo, wollte nicht nerven, aber ich habe leider keine ahnung von trojaner usw. nur ich möchte ihn wieder loswerden. |
Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen: Code: C:\Windows\system32\acovcnt.exe Führe Lop S&D.exe per Doppelklick aus. Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen). |
hallo, hier einmal der erste Bericht von Virustotal Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.10 - AhnLab-V3 5.0.0.2 2009.10.10 - AntiVir 7.9.1.35 2009.10.09 - Antiy-AVL 2.0.3.7 2009.10.10 - Authentium 5.1.2.4 2009.10.10 - Avast 4.8.1351.0 2009.10.09 - AVG 8.5.0.420 2009.10.04 - BitDefender 7.2 2009.10.10 - CAT-QuickHeal 10.00 2009.10.10 - ClamAV 0.94.1 2009.10.10 - Comodo 2556 2009.10.10 - DrWeb 5.0.0.12182 2009.10.10 - eSafe 7.0.17.0 2009.10.08 - eTrust-Vet 35.1.7060 2009.10.09 - F-Prot 4.5.1.85 2009.10.10 - F-Secure 8.0.14470.0 2009.10.10 - Fortinet 3.120.0.0 2009.10.10 - GData 19 2009.10.10 - Ikarus T3.1.1.72.0 2009.10.10 - Jiangmin 11.0.800 2009.10.08 - K7AntiVirus 7.10.867 2009.10.10 - Kaspersky 7.0.0.125 2009.10.10 - McAfee 5766 2009.10.09 - McAfee+Artemis 5766 2009.10.09 - McAfee-GW-Edition 6.8.5 2009.10.10 - Microsoft 1.5101 2009.10.10 - NOD32 4495 2009.10.10 - Norman 6.01.09 2009.10.09 - nProtect 2009.1.8.0 2009.10.10 - Panda 10.0.2.2 2009.10.10 - PCTools 4.4.2.0 2009.10.10 - Prevx 3.0 2009.10.10 - Rising 21.50.52.00 2009.10.10 - Sophos 4.45.0 2009.10.10 - Sunbelt 3.2.1858.2 2009.10.10 - Symantec 1.4.4.12 2009.10.10 - TheHacker 6.5.0.2.035 2009.10.10 - TrendMicro 8.950.0.1094 2009.10.10 - VBA32 3.12.10.11 2009.10.09 - ViRobot 2009.10.9.1978 2009.10.09 - VirusBuster 4.6.5.0 2009.10.10 - weitere Informationen File size: 45056 bytes MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095 SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2 ssdeep: 384:eswH94Z+gT87cSDxeHlxpCjkDADNZop8ZYNniy91AI1ZQSrS9E5l1wX:OHE5 g7p8xQrN8niLI1ZQSeu5lG PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1613 timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7 .rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9 .data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf .rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945 ( 5 imports ) > DDRAW.dll: DirectDrawCreateEx > KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc > USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA > ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA > ole32.dll: CoInitializeEx, CoUninitialize ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=6bcaf46e2b7fa9ace92b4d39f3037c5c' target='_blank'>http://www.threatexpert.com/report.aspx?md5=6bcaf46e2b7fa9ace92b4d39f3037c5c</a> sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned |
So und nun das andere --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 ) BIOS : Default System BIOS USER : Mandy ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:93 Go (Free:44 Go) D:\ (Local Disk) - NTFS - Total:86 Go (Free:86 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 10.10.2009|17:33 ) [ UAC => 1 ] --------------------\\ Ordner Verzeichnis unter Local [27.12.2007|14:35] C:\Users\Mandy\AppData\Local\ABBYY [01.01.2008|19:11] C:\Users\Mandy\AppData\Local\Adobe [07.12.2008|11:23] C:\Users\Mandy\AppData\Local\Ahead [13.12.2007|14:01] C:\Users\Mandy\AppData\Local\Anwendungsdaten [05.04.2008|13:16] C:\Users\Mandy\AppData\Local\Apple [24.07.2008|11:55] C:\Users\Mandy\AppData\Local\Apple Computer [13.12.2007|14:05] C:\Users\Mandy\AppData\Local\ATI [09.02.2009|23:23] C:\Users\Mandy\AppData\Local\CANON_INC [09.10.2009|09:45] C:\Users\Mandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [19.02.2008|19:19] C:\Users\Mandy\AppData\Local\eMule [07.07.2009|08:24] C:\Users\Mandy\AppData\Local\GDIPFONTCACHEV1.DAT [10.08.2009|21:43] C:\Users\Mandy\AppData\Local\Google [18.12.2008|22:32] C:\Users\Mandy\AppData\Local\Haufe [03.05.2009|18:53] C:\Users\Mandy\AppData\Local\HP [10.10.2009|13:56] C:\Users\Mandy\AppData\Local\IconCache.db [03.01.2009|00:31] C:\Users\Mandy\AppData\Local\Lexware [19.02.2009|23:03] C:\Users\Mandy\AppData\Local\Microsoft [18.07.2008|17:23] C:\Users\Mandy\AppData\Local\Microsoft Games [03.05.2009|20:43] C:\Users\Mandy\AppData\Local\Microsoft Help [26.01.2008|15:03] C:\Users\Mandy\AppData\Local\Mozilla [18.01.2008|22:06] C:\Users\Mandy\AppData\Local\Nero [20.10.2008|20:28] C:\Users\Mandy\AppData\Local\Opera [16.12.2007|21:28] C:\Users\Mandy\AppData\Local\Seven Zip [10.10.2009|17:32] C:\Users\Mandy\AppData\Local\Temp [13.12.2007|14:01] C:\Users\Mandy\AppData\Local\Temporary Internet Files [09.09.2008|21:36] C:\Users\Mandy\AppData\Local\TomTom [29.04.2009|15:58] C:\Users\Mandy\AppData\Local\Toshiba [13.12.2007|14:01] C:\Users\Mandy\AppData\Local\Verlauf [01.01.2008|17:03] C:\Users\Mandy\AppData\Local\VirtualStore [3|Datei(en),] C:\Users\Mandy\AppData\Local\Bytes [28|Verzeichnis(se),] C:\Users\Mandy\AppData\Local\Bytes frei --------------------\\ Geplante Aufgaben unter C:\Windows\Tasks [10.10.2009 17:24][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [10.10.2009 13:56][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [10.10.2009 17:00][--a------] C:\Windows\tasks\1-Klick-Wartung.job [09.10.2009 08:55][--ah-----] C:\Windows\tasks\SA.DAT [08.10.2009 22:19][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Ordner Verzeichnis unter C:\ProgramData [20.08.2007|01:46] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [16.12.2007|21:02] C:\ProgramData\addr_file.html [16.11.2008|16:21] C:\ProgramData\Adobe [05.04.2008|13:16] C:\ProgramData\Apple [24.08.2008|19:38] C:\ProgramData\Apple Computer [02.11.2006|15:02] C:\ProgramData\Application Data [14.12.2007|19:26] C:\ProgramData\ASUS [20.08.2007|02:44] C:\ProgramData\Atheros [19.03.2009|12:43] C:\ProgramData\Avira [18.12.2008|22:29] C:\ProgramData\BTrieve [02.11.2006|15:02] C:\ProgramData\Desktop [02.11.2006|15:02] C:\ProgramData\Documents [06.07.2008|13:05] C:\ProgramData\eBay [19.02.2008|19:19] C:\ProgramData\eMule [26.12.2007|19:39] C:\ProgramData\ezsid.dat [09.08.2008|20:47] C:\ProgramData\ezsidmv.dat [02.11.2006|15:02] C:\ProgramData\Favorites [26.01.2008|15:03] C:\ProgramData\Google [18.12.2008|22:00] C:\ProgramData\Haufe [03.05.2009|21:03] C:\ProgramData\Hewlett-Packard [15.06.2009|12:37] C:\ProgramData\HP [03.05.2009|15:20] C:\ProgramData\HP Product Assistant [03.05.2009|18:54] C:\ProgramData\HPSSUPPLY [04.05.2009|08:11] C:\ProgramData\hpzinstall.log [04.12.2008|20:48] C:\ProgramData\ICQ [18.12.2008|22:12] C:\ProgramData\Lexware [16.08.2009|21:57] C:\ProgramData\LGMOBILEAX [26.12.2007|23:25] C:\ProgramData\LightScribe [08.10.2009|16:27] C:\ProgramData\Malwarebytes [15.03.2009|15:48] C:\ProgramData\Microsoft [10.09.2009|18:51] C:\ProgramData\Microsoft Help [26.01.2008|14:56] C:\ProgramData\Mozilla [18.01.2008|21:56] C:\ProgramData\Nero [07.10.2009|20:45] C:\ProgramData\Office Genuine Advantage [20.08.2007|02:55] C:\ProgramData\P4G [26.12.2007|19:36] C:\ProgramData\Skype [02.11.2006|15:02] C:\ProgramData\Start Menu [16.12.2007|23:45] C:\ProgramData\Symantec [08.10.2009|17:41] C:\ProgramData\TEMP [02.11.2006|15:02] C:\ProgramData\Templates [09.09.2008|21:42] C:\ProgramData\TomTom [29.12.2007|11:30] C:\ProgramData\TuneUp Software [25.12.2007|15:06] C:\ProgramData\UDL [04.05.2009|08:11] C:\ProgramData\WEBREG [10.02.2009|20:31] C:\ProgramData\ZoomBrowser [4|Datei(en),] C:\ProgramData\Bytes [43|Verzeichnis(se),] C:\ProgramData\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files [14.03.2008|13:01] C:\Program Files\7-Zip [27.12.2007|14:34] C:\Program Files\ABBYY [20.08.2007|01:46] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites [16.11.2008|16:21] C:\Program Files\Adobe [20.08.2007|03:00] C:\Program Files\Apoint2K [28.01.2009|14:01] C:\Program Files\Apple Software Update [03.05.2009|16:04] C:\Program Files\Ashampoo [20.08.2007|03:19] C:\Program Files\ASUS [20.08.2007|02:45] C:\Program Files\Atheros [20.08.2007|02:21] C:\Program Files\ATI [20.08.2007|02:24] C:\Program Files\ATI Technologies [20.08.2007|02:30] C:\Program Files\ATK Hotkey [20.08.2007|02:31] C:\Program Files\ATKGFNEX [20.08.2007|02:32] C:\Program Files\ATKOSD2 [19.03.2009|12:43] C:\Program Files\Avira [10.07.2009|21:35] C:\Program Files\Biet-O-Matic [12.12.2008|23:42] C:\Program Files\BitTorrent Fastest Tool [14.03.2008|19:21] C:\Program Files\Bullfrog [09.02.2009|22:21] C:\Program Files\Canon [19.01.2009|12:52] C:\Program Files\capella-software [08.10.2009|16:17] C:\Program Files\CCleaner [10.10.2009|13:44] C:\Program Files\Common Files [20.08.2007|03:04] C:\Program Files\CSR [24.12.2007|20:26] C:\Program Files\Dancing Dots [14.08.2009|12:49] C:\Program Files\DIFX [20.10.2008|20:36] C:\Program Files\DivX [01.01.2008|16:01] C:\Program Files\eBay [08.10.2009|17:40] C:\Program Files\eMule.de 0.48a v18 [08.10.2009|12:02] C:\Program Files\Enigma Software Group [03.05.2009|19:17] C:\Program Files\EPSON [16.05.2009|21:11] C:\Program Files\Google [18.12.2008|22:00] C:\Program Files\Haufe [03.05.2009|15:18] C:\Program Files\Hewlett-Packard [10.05.2009|20:46] C:\Program Files\HP [04.12.2008|20:48] C:\Program Files\ICQ6 [10.03.2009|09:53] C:\Program Files\ICQ6.5 [04.12.2008|20:48] C:\Program Files\ICQ6Toolbar [08.10.2009|19:30] C:\Program Files\ICQToolbar [14.08.2009|12:49] C:\Program Files\infineon [01.10.2009|20:05] C:\Program Files\InstallShield Installation Information [24.09.2009|22:06] C:\Program Files\Internet Explorer [24.08.2008|19:38] C:\Program Files\iPod [24.08.2008|19:38] C:\Program Files\iTunes [08.10.2009|17:39] C:\Program Files\Java [18.12.2008|22:02] C:\Program Files\Lexware [14.08.2009|12:44] C:\Program Files\LG Electronics [08.10.2009|17:14] C:\Program Files\Malwarebytes' Anti-Malware [07.10.2009|14:56] C:\Program Files\Maxis [29.12.2007|22:25] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [02.11.2006|14:37] C:\Program Files\Microsoft Games [29.10.2008|22:06] C:\Program Files\Microsoft Office [29.10.2008|22:07] C:\Program Files\Microsoft Visual Studio [29.10.2008|22:02] C:\Program Files\Microsoft Visual Studio 8 [06.07.2009|22:37] C:\Program Files\Microsoft Works [20.08.2007|01:43] C:\Program Files\Microsoft.NET [20.08.2007|01:29] C:\Program Files\Motorola [24.09.2009|22:06] C:\Program Files\Movie Maker [03.05.2009|16:05] C:\Program Files\Mozilla Firefox [29.10.2008|22:08] C:\Program Files\MSBuild [07.02.2008|19:08] C:\Program Files\MSECache [18.04.2007|10:43] C:\Program Files\MSXML 4.0 [18.01.2008|21:56] C:\Program Files\Nero [20.10.2008|20:28] C:\Program Files\Opera [20.08.2007|02:55] C:\Program Files\P4G [20.08.2007|03:02] C:\Program Files\PowerForPhone [28.01.2009|14:04] C:\Program Files\QuickTime [20.08.2007|02:48] C:\Program Files\Realtek [02.11.2006|14:37] C:\Program Files\Reference Assemblies [07.10.2009|20:53] C:\Program Files\RTL3DSoftware20 [27.12.2007|14:26] C:\Program Files\ScanWizard 5 [26.12.2007|19:37] C:\Program Files\Skype [25.02.2008|21:12] C:\Program Files\Tinypic [09.09.2008|21:41] C:\Program Files\TomTom HOME [29.04.2009|15:50] C:\Program Files\Toshiba [08.10.2009|16:31] C:\Program Files\Trend Micro [02.11.2006|15:01] C:\Program Files\Uninstall Information [24.09.2009|22:06] C:\Program Files\Windows Calendar [24.09.2009|22:06] C:\Program Files\Windows Collaboration [24.09.2009|22:06] C:\Program Files\Windows Defender [24.09.2009|22:06] C:\Program Files\Windows Journal [24.09.2009|22:06] C:\Program Files\Windows Mail [24.09.2009|22:06] C:\Program Files\Windows Media Player [02.11.2006|14:37] C:\Program Files\Windows NT [24.09.2009|22:06] C:\Program Files\Windows Photo Gallery [24.09.2009|22:06] C:\Program Files\Windows Sidebar [14.03.2008|12:58] C:\Program Files\WinRAR [20.08.2007|02:44] C:\Program Files\Wireless Console 2 [0|Datei(en),] C:\Program Files\Bytes [89|Verzeichnis(se),] C:\Program Files\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files [16.11.2008|16:21] C:\Program Files\Common Files\Adobe [18.01.2008|21:40] C:\Program Files\Common Files\Ahead [09.02.2009|22:17] C:\Program Files\Common Files\Canon [20.08.2007|01:44] C:\Program Files\Common Files\DESIGNER [18.12.2008|22:05] C:\Program Files\Common Files\Haufe [03.05.2009|15:18] C:\Program Files\Common Files\Hewlett-Packard [03.05.2009|15:18] C:\Program Files\Common Files\HP [25.12.2007|15:25] C:\Program Files\Common Files\InstallShield [18.12.2008|22:07] C:\Program Files\Common Files\Lexware [20.08.2007|01:50] C:\Program Files\Common Files\LightScribe [06.07.2009|22:37] C:\Program Files\Common Files\microsoft shared [18.01.2008|21:59] C:\Program Files\Common Files\Nero [26.01.2008|15:09] C:\Program Files\Common Files\PX Storage Engine [02.11.2006|13:18] C:\Program Files\Common Files\Services [09.08.2008|20:47] C:\Program Files\Common Files\Skype [02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines [20.07.2008|09:16] C:\Program Files\Common Files\Symantec Shared [24.09.2009|22:06] C:\Program Files\Common Files\System [0|Datei(en),] C:\Program Files\Common Files\Bytes [20|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei --------------------\\ Process ( 87 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern C:\Program Files\BitTorrent Fastest Tool C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG C:\Users\Mandy\AppData\Roaming\MICROS~1\Windows\Cookies\mandy@advertising[2].txt --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme |
Das letzte Logfile (von Lop S&D) sieht nicht ganz vollständig aus. Du kannst die Logdatei (wenn sie zu groß zum Posten hier ist) auch bei file-upload.net hochladen und hier verlinken. |
Oh sorry hatte gedacht er wäre fertig hier der komplette log --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-60 ) BIOS : Default System BIOS USER : Mandy ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:93 Go (Free:44 Go) D:\ (Local Disk) - NTFS - Total:86 Go (Free:86 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 11.10.2009|10:59 ) [ UAC => 1 ] --------------------\\ Ordner Verzeichnis unter Local [27.12.2007|14:35] C:\Users\Mandy\AppData\Local\ABBYY [01.01.2008|19:11] C:\Users\Mandy\AppData\Local\Adobe [07.12.2008|11:23] C:\Users\Mandy\AppData\Local\Ahead [13.12.2007|14:01] C:\Users\Mandy\AppData\Local\Anwendungsdaten [05.04.2008|13:16] C:\Users\Mandy\AppData\Local\Apple [24.07.2008|11:55] C:\Users\Mandy\AppData\Local\Apple Computer [13.12.2007|14:05] C:\Users\Mandy\AppData\Local\ATI [09.02.2009|23:23] C:\Users\Mandy\AppData\Local\CANON_INC [09.10.2009|09:45] C:\Users\Mandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [19.02.2008|19:19] C:\Users\Mandy\AppData\Local\eMule [07.07.2009|08:24] C:\Users\Mandy\AppData\Local\GDIPFONTCACHEV1.DAT [10.08.2009|21:43] C:\Users\Mandy\AppData\Local\Google [18.12.2008|22:32] C:\Users\Mandy\AppData\Local\Haufe [03.05.2009|18:53] C:\Users\Mandy\AppData\Local\HP [10.10.2009|13:56] C:\Users\Mandy\AppData\Local\IconCache.db [03.01.2009|00:31] C:\Users\Mandy\AppData\Local\Lexware [19.02.2009|23:03] C:\Users\Mandy\AppData\Local\Microsoft [18.07.2008|17:23] C:\Users\Mandy\AppData\Local\Microsoft Games [03.05.2009|20:43] C:\Users\Mandy\AppData\Local\Microsoft Help [26.01.2008|15:03] C:\Users\Mandy\AppData\Local\Mozilla [18.01.2008|22:06] C:\Users\Mandy\AppData\Local\Nero [20.10.2008|20:28] C:\Users\Mandy\AppData\Local\Opera [16.12.2007|21:28] C:\Users\Mandy\AppData\Local\Seven Zip [11.10.2009|10:58] C:\Users\Mandy\AppData\Local\Temp [13.12.2007|14:01] C:\Users\Mandy\AppData\Local\Temporary Internet Files [09.09.2008|21:36] C:\Users\Mandy\AppData\Local\TomTom [29.04.2009|15:58] C:\Users\Mandy\AppData\Local\Toshiba [13.12.2007|14:01] C:\Users\Mandy\AppData\Local\Verlauf [01.01.2008|17:03] C:\Users\Mandy\AppData\Local\VirtualStore [3|Datei(en),] C:\Users\Mandy\AppData\Local\Bytes [28|Verzeichnis(se),] C:\Users\Mandy\AppData\Local\Bytes frei --------------------\\ Geplante Aufgaben unter C:\Windows\Tasks [11.10.2009 10:30][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [11.10.2009 10:37][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [11.10.2009 10:30][--a------] C:\Windows\tasks\1-Klick-Wartung.job [09.10.2009 08:55][--ah-----] C:\Windows\tasks\SA.DAT [08.10.2009 22:19][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Ordner Verzeichnis unter C:\ProgramData [20.08.2007|01:46] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [16.12.2007|21:02] C:\ProgramData\addr_file.html [16.11.2008|16:21] C:\ProgramData\Adobe [05.04.2008|13:16] C:\ProgramData\Apple [24.08.2008|19:38] C:\ProgramData\Apple Computer [02.11.2006|15:02] C:\ProgramData\Application Data [14.12.2007|19:26] C:\ProgramData\ASUS [20.08.2007|02:44] C:\ProgramData\Atheros [19.03.2009|12:43] C:\ProgramData\Avira [18.12.2008|22:29] C:\ProgramData\BTrieve [02.11.2006|15:02] C:\ProgramData\Desktop [02.11.2006|15:02] C:\ProgramData\Documents [06.07.2008|13:05] C:\ProgramData\eBay [19.02.2008|19:19] C:\ProgramData\eMule [26.12.2007|19:39] C:\ProgramData\ezsid.dat [09.08.2008|20:47] C:\ProgramData\ezsidmv.dat [02.11.2006|15:02] C:\ProgramData\Favorites [26.01.2008|15:03] C:\ProgramData\Google [18.12.2008|22:00] C:\ProgramData\Haufe [03.05.2009|21:03] C:\ProgramData\Hewlett-Packard [15.06.2009|12:37] C:\ProgramData\HP [03.05.2009|15:20] C:\ProgramData\HP Product Assistant [03.05.2009|18:54] C:\ProgramData\HPSSUPPLY [04.05.2009|08:11] C:\ProgramData\hpzinstall.log [04.12.2008|20:48] C:\ProgramData\ICQ [18.12.2008|22:12] C:\ProgramData\Lexware [16.08.2009|21:57] C:\ProgramData\LGMOBILEAX [26.12.2007|23:25] C:\ProgramData\LightScribe [08.10.2009|16:27] C:\ProgramData\Malwarebytes [15.03.2009|15:48] C:\ProgramData\Microsoft [10.09.2009|18:51] C:\ProgramData\Microsoft Help [26.01.2008|14:56] C:\ProgramData\Mozilla [18.01.2008|21:56] C:\ProgramData\Nero [07.10.2009|20:45] C:\ProgramData\Office Genuine Advantage [20.08.2007|02:55] C:\ProgramData\P4G [26.12.2007|19:36] C:\ProgramData\Skype [02.11.2006|15:02] C:\ProgramData\Start Menu [16.12.2007|23:45] C:\ProgramData\Symantec [08.10.2009|17:41] C:\ProgramData\TEMP [02.11.2006|15:02] C:\ProgramData\Templates [09.09.2008|21:42] C:\ProgramData\TomTom [29.12.2007|11:30] C:\ProgramData\TuneUp Software [25.12.2007|15:06] C:\ProgramData\UDL [04.05.2009|08:11] C:\ProgramData\WEBREG [10.02.2009|20:31] C:\ProgramData\ZoomBrowser [4|Datei(en),] C:\ProgramData\Bytes [43|Verzeichnis(se),] C:\ProgramData\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files [14.03.2008|13:01] C:\Program Files\7-Zip [27.12.2007|14:34] C:\Program Files\ABBYY [20.08.2007|01:46] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites [16.11.2008|16:21] C:\Program Files\Adobe [20.08.2007|03:00] C:\Program Files\Apoint2K [28.01.2009|14:01] C:\Program Files\Apple Software Update [03.05.2009|16:04] C:\Program Files\Ashampoo [20.08.2007|03:19] C:\Program Files\ASUS [20.08.2007|02:45] C:\Program Files\Atheros [20.08.2007|02:21] C:\Program Files\ATI [20.08.2007|02:24] C:\Program Files\ATI Technologies [20.08.2007|02:30] C:\Program Files\ATK Hotkey [20.08.2007|02:31] C:\Program Files\ATKGFNEX [20.08.2007|02:32] C:\Program Files\ATKOSD2 [19.03.2009|12:43] C:\Program Files\Avira [10.07.2009|21:35] C:\Program Files\Biet-O-Matic [12.12.2008|23:42] C:\Program Files\BitTorrent Fastest Tool [14.03.2008|19:21] C:\Program Files\Bullfrog [09.02.2009|22:21] C:\Program Files\Canon [19.01.2009|12:52] C:\Program Files\capella-software [08.10.2009|16:17] C:\Program Files\CCleaner [10.10.2009|13:44] C:\Program Files\Common Files [20.08.2007|03:04] C:\Program Files\CSR [24.12.2007|20:26] C:\Program Files\Dancing Dots [14.08.2009|12:49] C:\Program Files\DIFX [20.10.2008|20:36] C:\Program Files\DivX [01.01.2008|16:01] C:\Program Files\eBay [08.10.2009|17:40] C:\Program Files\eMule.de 0.48a v18 [08.10.2009|12:02] C:\Program Files\Enigma Software Group [03.05.2009|19:17] C:\Program Files\EPSON [16.05.2009|21:11] C:\Program Files\Google [18.12.2008|22:00] C:\Program Files\Haufe [03.05.2009|15:18] C:\Program Files\Hewlett-Packard [10.05.2009|20:46] C:\Program Files\HP [04.12.2008|20:48] C:\Program Files\ICQ6 [10.03.2009|09:53] C:\Program Files\ICQ6.5 [04.12.2008|20:48] C:\Program Files\ICQ6Toolbar [08.10.2009|19:30] C:\Program Files\ICQToolbar [14.08.2009|12:49] C:\Program Files\infineon [01.10.2009|20:05] C:\Program Files\InstallShield Installation Information [24.09.2009|22:06] C:\Program Files\Internet Explorer [24.08.2008|19:38] C:\Program Files\iPod [24.08.2008|19:38] C:\Program Files\iTunes [08.10.2009|17:39] C:\Program Files\Java [18.12.2008|22:02] C:\Program Files\Lexware [14.08.2009|12:44] C:\Program Files\LG Electronics [08.10.2009|17:14] C:\Program Files\Malwarebytes' Anti-Malware [07.10.2009|14:56] C:\Program Files\Maxis [29.12.2007|22:25] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [02.11.2006|14:37] C:\Program Files\Microsoft Games [29.10.2008|22:06] C:\Program Files\Microsoft Office [29.10.2008|22:07] C:\Program Files\Microsoft Visual Studio [29.10.2008|22:02] C:\Program Files\Microsoft Visual Studio 8 [06.07.2009|22:37] C:\Program Files\Microsoft Works [20.08.2007|01:43] C:\Program Files\Microsoft.NET [20.08.2007|01:29] C:\Program Files\Motorola [24.09.2009|22:06] C:\Program Files\Movie Maker [03.05.2009|16:05] C:\Program Files\Mozilla Firefox [29.10.2008|22:08] C:\Program Files\MSBuild [07.02.2008|19:08] C:\Program Files\MSECache [18.04.2007|10:43] C:\Program Files\MSXML 4.0 [18.01.2008|21:56] C:\Program Files\Nero [20.10.2008|20:28] C:\Program Files\Opera [20.08.2007|02:55] C:\Program Files\P4G [20.08.2007|03:02] C:\Program Files\PowerForPhone [28.01.2009|14:04] C:\Program Files\QuickTime [20.08.2007|02:48] C:\Program Files\Realtek [02.11.2006|14:37] C:\Program Files\Reference Assemblies [07.10.2009|20:53] C:\Program Files\RTL3DSoftware20 [27.12.2007|14:26] C:\Program Files\ScanWizard 5 [26.12.2007|19:37] C:\Program Files\Skype [25.02.2008|21:12] C:\Program Files\Tinypic [09.09.2008|21:41] C:\Program Files\TomTom HOME [29.04.2009|15:50] C:\Program Files\Toshiba [08.10.2009|16:31] C:\Program Files\Trend Micro [02.11.2006|15:01] C:\Program Files\Uninstall Information [24.09.2009|22:06] C:\Program Files\Windows Calendar [24.09.2009|22:06] C:\Program Files\Windows Collaboration [24.09.2009|22:06] C:\Program Files\Windows Defender [24.09.2009|22:06] C:\Program Files\Windows Journal [24.09.2009|22:06] C:\Program Files\Windows Mail [24.09.2009|22:06] C:\Program Files\Windows Media Player [02.11.2006|14:37] C:\Program Files\Windows NT [24.09.2009|22:06] C:\Program Files\Windows Photo Gallery [24.09.2009|22:06] C:\Program Files\Windows Sidebar [14.03.2008|12:58] C:\Program Files\WinRAR [20.08.2007|02:44] C:\Program Files\Wireless Console 2 [0|Datei(en),] C:\Program Files\Bytes [89|Verzeichnis(se),] C:\Program Files\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files [16.11.2008|16:21] C:\Program Files\Common Files\Adobe [18.01.2008|21:40] C:\Program Files\Common Files\Ahead [09.02.2009|22:17] C:\Program Files\Common Files\Canon [20.08.2007|01:44] C:\Program Files\Common Files\DESIGNER [18.12.2008|22:05] C:\Program Files\Common Files\Haufe [03.05.2009|15:18] C:\Program Files\Common Files\Hewlett-Packard [03.05.2009|15:18] C:\Program Files\Common Files\HP [25.12.2007|15:25] C:\Program Files\Common Files\InstallShield [18.12.2008|22:07] C:\Program Files\Common Files\Lexware [20.08.2007|01:50] C:\Program Files\Common Files\LightScribe [06.07.2009|22:37] C:\Program Files\Common Files\microsoft shared [18.01.2008|21:59] C:\Program Files\Common Files\Nero [26.01.2008|15:09] C:\Program Files\Common Files\PX Storage Engine [02.11.2006|13:18] C:\Program Files\Common Files\Services [09.08.2008|20:47] C:\Program Files\Common Files\Skype [02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines [20.07.2008|09:16] C:\Program Files\Common Files\Symantec Shared [24.09.2009|22:06] C:\Program Files\Common Files\System [0|Datei(en),] C:\Program Files\Common Files\Bytes [20|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei --------------------\\ Process ( 86 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern C:\Program Files\BitTorrent Fastest Tool C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG C:\Users\Mandy\AppData\Roaming\MICROS~1\Windows\Cookies\mandy@advertising[2].txt --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-10 17:34:09 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-11 10:59:36 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Suche nach anderen Infektionen Kein anderen Infektionen gefunden ! [F:32][D:20]-> C:\Users\Mandy\AppData\Local\Temp [F:18][D:1]-> C:\Users\Mandy\AppData\Roaming\MICROS~1\Windows\Cookies [F:153][D:5]-> C:\Users\Mandy\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:235][D:610]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 11.10.2009|11:04 - Option : [1] --------------------\\ Scan beendet um 11:04:55 [ UAC => 1 ] |
Wie ist es denn jetzt mittlerweile um Deinen PC gestellt, welche Probleme sind da noch akut? Taskmanager noch deaktiviert? |
gestern hat antivir ganz viele warnungen gegeben ja der Task-manager ist immernoch deaktivirt leider |
Dann mach mal bitte einen Durchlauf mit Combofix: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
habe das jetzt noch nicht gemacht. Ich habe den pc nochmal neugestartet und er zeigt nichts mehr an von diesem Cyber Security ist es denn weg? Auch antivir ist ruhig und windows defender auch. |
Und was ist mit dem Taskmanager? Außerdem glaub ich noch nicht ganz, dass Du überm Berg bist. Ich will das Combofix-Log sehen! |
ich bekomme antivir nicht ausgeschaltet? kannst du mir sagen wie es geht? |
Normalerweise reicht es, den Regenschirm einzuklappen ;) Du hast im Systemtray (bei der Uhr in der Taskleiste) von AntiVir ein rotes Symbol mit Regenschirm, per Rechtsklick den Wächter deaktivieren - dann ist der Regenschirm auch eingeklappt. |
das reicht ihm leider nicht |
Normalerweise sollte das reichen. Kannst Du die Meldung nicht ignorieren? |
ComboFix 09-10-10.02 - Mandy 11.10.2009 13:55.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1169 [GMT 2:00] ausgeführt von:: c:\users\Mandy\Desktop\Cofi.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2589176853-53505105-1486268300-500 c:\$recycle.bin\S-1-5-21-4166659471-477811567-471052203-500 c:\windows\Installer\8efd0.msi c:\windows\system32\setup.exe.tmp . ((((((((((((((((((((((( Dateien erstellt von 2009-09-11 bis 2009-10-11 )))))))))))))))))))))))))))))) . 2009-10-11 12:20 . 2009-10-11 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-10 15:33 . 2009-10-11 09:04 -------- d-----w- C:\Lop SD 2009-10-08 18:36 . 2009-10-08 18:37 -------- d-----w- C:\rsit 2009-10-08 14:31 . 2009-10-08 14:31 -------- d-----w- c:\program files\Trend Micro 2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\users\Mandy\AppData\Roaming\Malwarebytes 2009-10-08 14:27 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\programdata\Malwarebytes 2009-10-08 14:27 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-08 14:27 . 2009-10-08 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 14:17 . 2009-10-08 14:17 -------- d-----w- c:\program files\CCleaner 2009-10-08 10:02 . 2009-10-08 10:02 -------- d-----w- c:\program files\Enigma Software Group 2009-10-07 18:45 . 2009-10-07 18:45 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-10-07 18:28 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-10-07 18:28 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-07 18:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-10-07 18:28 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-10-07 18:28 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll 2009-10-07 18:28 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll 2009-10-07 18:28 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-10-07 18:28 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe 2009-10-03 12:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 06:31 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-02 06:31 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-02 06:31 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-02 06:31 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-02 06:30 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-02 06:30 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-02 06:30 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-02 06:29 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-02 06:29 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-01 18:21 . 2009-10-01 18:21 582 ----a-w- c:\windows\eReg.dat 2009-10-01 18:04 . 2009-10-07 12:56 -------- d-----w- c:\program files\Maxis 2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\ca-ES 2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\eu-ES 2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\vi-VN 2009-09-24 19:25 . 2009-09-24 19:25 -------- d-----w- c:\windows\system32\EventProviders 2009-09-24 07:06 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll 2009-09-24 07:05 . 2009-04-11 06:28 310272 ----a-w- c:\windows\system32\mtxclu.dll 2009-09-24 07:04 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-09-24 07:04 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-09-24 07:04 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-09-24 07:04 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-09-24 07:04 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-09-24 07:04 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-09-24 07:04 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-09-24 07:04 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-09-24 07:04 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-09-18 19:16 . 2008-12-02 06:40 28672 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI.exe 2009-09-18 19:16 . 2008-12-01 11:29 16896 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI64.exe 2009-09-18 19:16 . 2008-12-01 11:29 14336 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI32.exe 2009-09-18 19:16 . 2008-06-09 02:38 139264 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutorunService.exe 2009-09-18 19:16 . 2008-06-09 02:37 126976 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutoRunSvcTerminate.exe 2009-09-18 19:16 . 2009-01-27 06:28 3817737 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\VTP V2.3.20.2500 Compressed Embedded Setup.exe 2009-09-18 19:16 . 2008-04-01 09:15 20480 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\SendScsiCmd.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-11 11:56 . 2007-12-26 17:38 -------- d-----w- c:\users\Mandy\AppData\Roaming\Skype 2009-10-11 10:55 . 2007-08-20 01:14 45056 ----a-w- c:\windows\system32\acovcnt.exe 2009-10-11 10:54 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-11 09:35 . 2007-12-26 17:39 -------- d-----w- c:\users\Mandy\AppData\Roaming\skypePM 2009-10-09 07:28 . 2007-04-18 09:14 621952 ----a-w- c:\windows\system32\perfh007.dat 2009-10-09 07:28 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-10-08 17:30 . 2007-12-16 20:45 -------- d-----w- c:\program files\ICQToolbar 2009-10-08 15:40 . 2008-02-19 17:18 -------- d-----w- c:\program files\eMule.de 0.48a v18 2009-10-08 15:39 . 2008-01-19 14:51 -------- d-----w- c:\program files\Java 2009-10-07 18:53 . 2009-08-29 18:07 -------- d-----w- c:\program files\RTL3DSoftware20 2009-10-01 18:05 . 2007-08-20 00:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-24 20:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-18 19:21 . 2008-08-13 18:55 -------- d-----w- c:\users\Mandy\AppData\Roaming\LG Electronics 2009-09-10 16:51 . 2007-08-19 23:37 -------- d-----w- c:\programdata\Microsoft Help 2009-08-29 00:27 . 2009-09-03 06:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 06:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-16 19:57 . 2009-08-14 10:47 -------- d-----w- c:\programdata\LGMOBILEAX 2009-08-14 16:27 . 2009-09-09 18:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 18:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 18:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 18:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 18:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 18:01 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 18:01 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 18:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 18:01 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\DIFX 2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\infineon 2009-08-14 10:44 . 2009-08-14 10:44 -------- d--h--w- c:\users\Mandy\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} 2009-08-14 10:44 . 2008-08-13 17:54 -------- d-----w- c:\program files\LG Electronics 2009-08-05 19:58 . 2009-03-19 10:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 10:29 . 2009-08-10 19:42 43008 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-08-05 10:29 . 2009-08-10 19:42 340480 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-08-05 10:28 . 2009-08-10 19:42 346112 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-18 16:01 . 2009-07-28 19:17 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 11:35 . 2009-07-28 19:17 828416 ----a-w- c:\windows\system32\wininet.dll 2009-07-17 13:54 . 2009-08-12 19:45 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-15 12:40 . 2009-08-12 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-15 12:39 . 2009-08-12 19:45 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-15 12:39 . 2009-08-12 19:45 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-15 12:39 . 2009-08-12 19:45 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-05-03 14:04 . 2008-01-26 12:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-03 14:04 . 2008-01-26 12:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-03 14:04 . 2008-01-26 12:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-03 14:04 . 2008-01-26 12:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-03 14:04 . 2008-01-26 12:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-09-11 339240] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-22 110592] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "eMuleAutoStart"=c:\program files\eMule.de 0.48a v18\emule.exe -AutoStart "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe "SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe "ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe "ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe "StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"="" "FirewallOverride"="" "UpdatesDisableNotify"="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):65,9c,83,f5,53,3d,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{607A967E-81BC-4E36-8FCF-DBFD6086F094}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= UDP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun "UDP Query User{09303700-F31E-4530-BE2D-AAC1B928FC83}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= TCP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun "TCP Query User{C6A6B932-BBBB-4C85-8122-8DA8765047A3}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{6151AB50-020C-44AB-9392-0FC56122E76D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{D3FA9973-708A-4706-BFAD-EB8035EA3C8E}e:\\autorun.exe"= UDP:E:\autorun.exe:Ride Autorun "UDP Query User{26ACEAFF-855C-4CBD-B943-D43EB8C96036}e:\\autorun.exe"= TCP:E:\autorun.exe:Ride Autorun "TCP Query User{F8C28AAA-08FE-4BC9-9D26-E3705E645814}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{93580DFE-B135-4ECE-A017-1DF5253B5B2C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{6A4122D7-006C-4093-86F4-F16E28EE999B}c:\\program files\\emule.de 0.48a v18\\emule.exe"= UDP:c:\program files\emule.de 0.48a v18\emule.exe:eMule "UDP Query User{BD912133-AE08-493D-BA98-C7F191E5D350}c:\\program files\\emule.de 0.48a v18\\emule.exe"= TCP:c:\program files\emule.de 0.48a v18\emule.exe:eMule "{0F9E4443-3710-4617-B6E0-88C494D5956E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B15A32A7-85EF-40BD-9705-B4EE82FFABD5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{11405F11-0950-41AF-BF65-EBAAD78FAE72}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{642AEFF3-F93F-4988-95DD-EDDF902627BD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{3E74388B-A677-4040-8A4D-6144017F2E99}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6EA4F73C-30CB-4C0B-BF9E-D18D9C4BD95D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{FC6947F3-E635-4A3D-94E3-336B0F777B69}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{0ED03026-0071-40ED-B06C-2FF3F0E216B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{684F7A0A-9781-4ACB-99BD-E1D6B4649C10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{983A2877-7952-4482-A3E9-615241FED4E1}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{7C7D5900-496F-4EF9-AAA7-8E53D3DF1F6C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7DA32F7E-4162-4792-A68E-8FE544535047}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{6F78B03B-0214-4099-8BB2-FA87A6CAC53F}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{38084292-A0B1-4868-A13E-94914993F038}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "TCP Query User{EEDA8DBE-C79D-48EB-AA95-17B7A7686350}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{906EE044-1E19-43AC-8A49-D52B7984409C}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "TCP Query User{4E3EE0EB-0B71-4BBC-8F85-660AAE2706C2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E0341922-BA02-499B-85A5-9DDBF2DD2E71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{A5A72AB7-6EC0-4603-8A62-B705A55633E6}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{37162120-3C4A-4EAE-AE61-6BF377AA6592}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{C66FF8EE-2574-45B9-86B4-BCC6F0D80717}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes "UDP Query User{CF94D5F1-7BE9-4D6E-8C2B-B7AE914AFD86}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes "{54472988-66AD-4CFB-A81D-E190BB683EDF}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{C346AAB3-4751-4BA1-8D5C-5ABCA52B4DE3}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{71612D9A-19DA-4E8F-920B-2E859A1B5E25}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{2020B5AB-2DF0-436C-A347-01D6BE9051D8}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{2B832498-5069-433E-BAC1-26A0BECE63A6}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{4F55887F-14FF-42F4-8E6B-0B10AD2C5BED}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{C83A614F-4A58-42B2-B32B-1C323EEF9B19}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CAE14950-0C23-4A1B-8F90-C39212FEA6F2}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{EA26AE4B-363D-410D-AA9E-57CC39B53087}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "{3ED01330-C6DB-41A5-B2A2-A0E33F235627}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe "{621CA3FB-957B-4A24-8CE3-20D3156ABC8F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.03.2009 12:43 108289] S2 gupdate1c9a5a5badcef30;Google Update Service (gupdate1c9a5a5badcef30);c:\program files\Google\Update\GoogleUpdate.exe [15.03.2009 21:39 133104] S3 FlashUSB;FlashUSB;c:\windows\System32\drivers\FlashUsb.sys [14.08.2009 12:49 16896] S3 SIVDRIVER;SIV Kernel Driver;c:\windows\System32\drivers\SIVX32.sys [24.02.2007 07:27 19944] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39] 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39] . . |
------- Zusätzlicher Suchlauf ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - Ostseewelle HIT-RADIO Mecklenburg-Vorpommern FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartWebPrinting.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-11 14:20 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... C:\ADSM_PData_0150 Scan erfolgreich abgeschlossen versteckte Dateien: 1 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2009-10-11 14:25 ComboFix-quarantined-files.txt 2009-10-11 12:25 Vor Suchlauf: 14 Verzeichnis(se), 49.089.028.096 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 48.968.069.120 Bytes frei 332 --- E O F --- 2009-10-09 07:05 |
Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. (Deine XXX mit dem richtigen Namen wieder ersetzen!!) Code: KILLALL:: 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. http://users.pandora.be/bluepatchy/m...s/CFScript.gif 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
ComboFix 09-10-10.02 - Mandy 11.10.2009 17:59.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1036 [GMT 2:00] ausgeführt von:: c:\users\Mandy\Desktop\Combofix.exe Benutzte Befehlsschalter :: c:\users\Mandy\Desktop\CFScript.txt SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\system32\acovcnt.exe" . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((( Dateien erstellt von 2009-09-11 bis 2009-10-11 )))))))))))))))))))))))))))))) . 2009-10-11 16:06 . 2009-10-11 16:11 -------- d-----w- c:\users\Mandy\AppData\Local\temp 2009-10-11 16:06 . 2009-10-11 16:06 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-11 16:06 . 2009-10-11 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-11 14:35 . 2009-10-11 14:35 -------- d-----w- C:\Cofi 2009-10-10 15:33 . 2009-10-11 09:04 -------- d-----w- C:\Lop SD 2009-10-08 18:36 . 2009-10-08 18:37 -------- d-----w- C:\rsit 2009-10-08 14:31 . 2009-10-08 14:31 -------- d-----w- c:\program files\Trend Micro 2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\users\Mandy\AppData\Roaming\Malwarebytes 2009-10-08 14:27 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-08 14:27 . 2009-10-08 14:27 -------- d-----w- c:\programdata\Malwarebytes 2009-10-08 14:27 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-08 14:27 . 2009-10-08 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 14:17 . 2009-10-08 14:17 -------- d-----w- c:\program files\CCleaner 2009-10-08 10:02 . 2009-10-08 10:02 -------- d-----w- c:\program files\Enigma Software Group 2009-10-07 18:45 . 2009-10-07 18:45 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-10-07 18:28 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-10-07 18:28 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-07 18:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-10-07 18:28 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-10-07 18:28 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll 2009-10-07 18:28 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll 2009-10-07 18:28 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-10-07 18:28 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe 2009-10-03 12:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 06:31 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-02 06:31 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-02 06:31 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-02 06:31 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-02 06:30 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-02 06:30 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-02 06:30 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-02 06:29 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-02 06:29 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-01 18:21 . 2009-10-01 18:21 582 ----a-w- c:\windows\eReg.dat 2009-10-01 18:04 . 2009-10-07 12:56 -------- d-----w- c:\program files\Maxis 2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\ca-ES 2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\eu-ES 2009-09-24 20:03 . 2009-09-24 20:05 -------- d-----w- c:\windows\system32\vi-VN 2009-09-24 19:25 . 2009-09-24 19:25 -------- d-----w- c:\windows\system32\EventProviders 2009-09-24 07:06 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll 2009-09-24 07:05 . 2009-04-11 06:28 310272 ----a-w- c:\windows\system32\mtxclu.dll 2009-09-24 07:04 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-09-24 07:04 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-09-24 07:04 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-09-24 07:04 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-09-24 07:04 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-09-24 07:04 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-09-24 07:04 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-09-24 07:04 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-09-24 07:04 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-09-24 07:04 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-09-18 19:16 . 2008-12-02 06:40 28672 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI.exe 2009-09-18 19:16 . 2008-12-01 11:29 16896 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI64.exe 2009-09-18 19:16 . 2008-12-01 11:29 14336 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI32.exe 2009-09-18 19:16 . 2008-06-09 02:38 139264 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutorunService.exe 2009-09-18 19:16 . 2008-06-09 02:37 126976 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutoRunSvcTerminate.exe 2009-09-18 19:16 . 2009-01-27 06:28 3817737 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\tools\VTP V2.3.20.2500 Compressed Embedded Setup.exe 2009-09-18 19:16 . 2008-04-01 09:15 20480 ----a-r- c:\users\Mandy\AppData\Roaming\Microsoft\Windows\Templates\G\SendScsiCmd.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-11 16:07 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-11 15:56 . 2007-12-26 17:38 -------- d-----w- c:\users\Mandy\AppData\Roaming\Skype 2009-10-11 14:07 . 2007-12-26 17:39 -------- d-----w- c:\users\Mandy\AppData\Roaming\skypePM 2009-10-09 07:28 . 2007-04-18 09:14 621952 ----a-w- c:\windows\system32\perfh007.dat 2009-10-09 07:28 . 2007-04-18 09:14 123658 ----a-w- c:\windows\system32\perfc007.dat 2009-10-08 17:30 . 2007-12-16 20:45 -------- d-----w- c:\program files\ICQToolbar 2009-10-08 15:40 . 2008-02-19 17:18 -------- d-----w- c:\program files\eMule.de 0.48a v18 2009-10-08 15:39 . 2008-01-19 14:51 -------- d-----w- c:\program files\Java 2009-10-07 18:53 . 2009-08-29 18:07 -------- d-----w- c:\program files\RTL3DSoftware20 2009-10-01 18:05 . 2007-08-20 00:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-24 20:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-24 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-18 19:21 . 2008-08-13 18:55 -------- d-----w- c:\users\Mandy\AppData\Roaming\LG Electronics 2009-09-10 16:51 . 2007-08-19 23:37 -------- d-----w- c:\programdata\Microsoft Help 2009-08-29 00:27 . 2009-09-03 06:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 06:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-16 19:57 . 2009-08-14 10:47 -------- d-----w- c:\programdata\LGMOBILEAX 2009-08-14 16:27 . 2009-09-09 18:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 18:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 18:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 18:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 18:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 18:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 18:01 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 18:01 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 18:01 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 18:01 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\DIFX 2009-08-14 10:49 . 2009-08-14 10:49 -------- d-----w- c:\program files\infineon 2009-08-14 10:44 . 2009-08-14 10:44 -------- d--h--w- c:\users\Mandy\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} 2009-08-14 10:44 . 2008-08-13 17:54 -------- d-----w- c:\program files\LG Electronics 2009-08-05 19:58 . 2009-03-19 10:43 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 10:29 . 2009-08-10 19:42 43008 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-08-05 10:29 . 2009-08-10 19:42 340480 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-08-05 10:28 . 2009-08-10 19:42 346112 ----a-w- c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-18 16:01 . 2009-07-28 19:17 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 11:35 . 2009-07-28 19:17 828416 ----a-w- c:\windows\system32\wininet.dll 2009-07-17 13:54 . 2009-08-12 19:45 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-15 12:40 . 2009-08-12 19:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-15 12:39 . 2009-08-12 19:45 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-15 12:39 . 2009-08-12 19:45 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-15 12:39 . 2009-08-12 19:45 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-05-03 14:04 . 2008-01-26 12:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-03 14:04 . 2008-01-26 12:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-03 14:04 . 2008-01-26 12:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-03 14:04 . 2008-01-26 12:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-03 14:04 . 2008-01-26 12:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-11_12.20.23 ))))))))))))))))))))))))))))))))))))))))) . + 2007-04-18 08:46 . 2009-10-11 16:11 62422 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-10-11 16:11 85280 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2007-12-13 12:02 . 2009-10-11 16:11 14142 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2589176853-53505105-1486268300-1000_UserData.bin + 2007-12-13 11:59 . 2009-10-11 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2007-12-13 11:59 . 2009-10-11 11:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-12-13 11:59 . 2009-10-11 16:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-12-13 11:59 . 2009-10-11 11:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-12-13 11:59 . 2009-10-11 11:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-12-13 11:59 . 2009-10-11 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-18 19:31 . 2009-10-11 16:07 3650 c:\windows\System32\WDI\ERCQueuedResolutions.dat - 2009-10-11 10:55 . 2009-10-11 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-10-11 16:08 . 2009-10-11 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-10-11 16:08 . 2009-10-11 16:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-10-11 10:55 . 2009-10-11 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-09-11 339240] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-22 110592] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-8-2 2760704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe "SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe "ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe "ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe "StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" -s "hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe "B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):65,9c,83,f5,53,3d,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{607A967E-81BC-4E36-8FCF-DBFD6086F094}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= UDP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun "UDP Query User{09303700-F31E-4530-BE2D-AAC1B928FC83}c:\\program files\\dancing dots\\isabell werth - reitsport\\autorun.exe"= TCP:c:\program files\dancing dots\isabell werth - reitsport\autorun.exe:Ride Autorun "TCP Query User{C6A6B932-BBBB-4C85-8122-8DA8765047A3}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{6151AB50-020C-44AB-9392-0FC56122E76D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{D3FA9973-708A-4706-BFAD-EB8035EA3C8E}e:\\autorun.exe"= UDP:E:\autorun.exe:Ride Autorun "UDP Query User{26ACEAFF-855C-4CBD-B943-D43EB8C96036}e:\\autorun.exe"= TCP:E:\autorun.exe:Ride Autorun "TCP Query User{F8C28AAA-08FE-4BC9-9D26-E3705E645814}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{93580DFE-B135-4ECE-A017-1DF5253B5B2C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{6A4122D7-006C-4093-86F4-F16E28EE999B}c:\\program files\\emule.de 0.48a v18\\emule.exe"= UDP:c:\program files\emule.de 0.48a v18\emule.exe:eMule "UDP Query User{BD912133-AE08-493D-BA98-C7F191E5D350}c:\\program files\\emule.de 0.48a v18\\emule.exe"= TCP:c:\program files\emule.de 0.48a v18\emule.exe:eMule "{0F9E4443-3710-4617-B6E0-88C494D5956E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B15A32A7-85EF-40BD-9705-B4EE82FFABD5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{11405F11-0950-41AF-BF65-EBAAD78FAE72}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{642AEFF3-F93F-4988-95DD-EDDF902627BD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{3E74388B-A677-4040-8A4D-6144017F2E99}"= c:\program files\Skype\Phone\Skype.exe:Skype "{6EA4F73C-30CB-4C0B-BF9E-D18D9C4BD95D}"= UDP:c:\program files\iTunes |
\iTunes.exe:iTunes "{FC6947F3-E635-4A3D-94E3-336B0F777B69}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{0ED03026-0071-40ED-B06C-2FF3F0E216B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{684F7A0A-9781-4ACB-99BD-E1D6B4649C10}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{983A2877-7952-4482-A3E9-615241FED4E1}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{7C7D5900-496F-4EF9-AAA7-8E53D3DF1F6C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7DA32F7E-4162-4792-A68E-8FE544535047}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{6F78B03B-0214-4099-8BB2-FA87A6CAC53F}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{38084292-A0B1-4868-A13E-94914993F038}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "TCP Query User{EEDA8DBE-C79D-48EB-AA95-17B7A7686350}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library "UDP Query User{906EE044-1E19-43AC-8A49-D52B7984409C}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library "TCP Query User{4E3EE0EB-0B71-4BBC-8F85-660AAE2706C2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E0341922-BA02-499B-85A5-9DDBF2DD2E71}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{A5A72AB7-6EC0-4603-8A62-B705A55633E6}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{37162120-3C4A-4EAE-AE61-6BF377AA6592}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{C66FF8EE-2574-45B9-86B4-BCC6F0D80717}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes "UDP Query User{CF94D5F1-7BE9-4D6E-8C2B-B7AE914AFD86}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes "{54472988-66AD-4CFB-A81D-E190BB683EDF}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{C346AAB3-4751-4BA1-8D5C-5ABCA52B4DE3}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{71612D9A-19DA-4E8F-920B-2E859A1B5E25}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{2020B5AB-2DF0-436C-A347-01D6BE9051D8}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{2B832498-5069-433E-BAC1-26A0BECE63A6}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{4F55887F-14FF-42F4-8E6B-0B10AD2C5BED}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe "{C83A614F-4A58-42B2-B32B-1C323EEF9B19}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe "{CAE14950-0C23-4A1B-8F90-C39212FEA6F2}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe "{EA26AE4B-363D-410D-AA9E-57CC39B53087}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe "{3ED01330-C6DB-41A5-B2A2-A0E33F235627}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe "{621CA3FB-957B-4A24-8CE3-20D3156ABC8F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.03.2009 12:43 108289] S2 gupdate1c9a5a5badcef30;Google Update Service (gupdate1c9a5a5badcef30);c:\program files\Google\Update\GoogleUpdate.exe [15.03.2009 21:39 133104] S3 FlashUSB;FlashUSB;c:\windows\System32\drivers\FlashUsb.sys [14.08.2009 12:49 16896] S3 SIVDRIVER;SIV Kernel Driver;c:\windows\System32\drivers\SIVX32.sys [24.02.2007 07:27 19944] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39] 2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 19:39] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\0p9s59ki.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - Ostseewelle HIT-RADIO Mecklenburg-Vorpommern FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2\components\hpSmartWebPrinting.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(4056) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\System32\drivers\CDAC11BA.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\Splendid\ACMON.exe c:\program files\P4G\BatteryLife.exe c:\windows\System32\ACEngSvr.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-10-11 18:24 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-10-11 16:24 ComboFix2.txt 2009-10-11 12:25 Vor Suchlauf: 19 Verzeichnis(se), 51.140.890.624 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 50.924.982.272 Bytes frei 367 --- E O F --- 2009-10-09 07:05 |
Hallo, habe ich alles richtig gemacht mit diesem ComboFix? Und bin ich über den Berg? |
Ja Geduld bitte, ich hab hier noch andere zu "verarzten"! Mal ein kurzer Zwischenstand wäre schön: Wie ist es um Deinen PC nun mittlerweile bestellt? |
ok, vielen dank schonmal |
also der Task-Manager geht wieder und sonst ist von ihm nichts mehr zu sehen. Also startet nicht mehr Cyber Security Aber ist er dann weg? |
Lässt sich mit Sicherheit nicht sagen, das ist nunmal der Nachteil einer Bereinigung. Wenn Du sicher gehen willst/musst, ist eben eine Neuinstallation angesagt. Aber: - Symptome sind weg - Logfile sind sauber Du kannst ja noch mal Kontrollscans durchführen: Kaspersky - Onlinescanner Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware. ---> hier herunterladen => Kaspersky Online Scanner => Hinweise zu älteren Versionen beachten! => Voraussetzung: Internet Explorer 6.0 oder höher => die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter => Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken => Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als => Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten => Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen 2.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade. |
Halli Hallo, melde mich auch mal wieder, war leider viel unterwegs in letzter Zeit und hatte den PC garnicht an. Aber ich habe versucht das mit diesem Kasp... aber der PC geht immer aus wenn ich ihn durchsuchen lasse. Es sieht auch anders aus, wie du es mir beschrieben hast. Ich glaube ich bin zu blöd. :headbang: Hoffe du hilfst mir noch weiter. Der PC ist auch unheimlich langsam geworden? |
Hallo, Kaspersky's Dienst ist zur Zeit nicht verfügbar, wird überarbeitet. Meinst Du der stürzt beim Aufruf der Seite ab oder bei PrevX? Wo genau ist der PC langsamer? |
Also PrevX lässt er durchlaufen aber da kommt kein Log? Dieses Kaspery Internet Secu... habe ich installiert, diese Testversion, aber wenn ich eine Vollständige Durchsuchung mache, fängt er an und nach einiger Zeit kommt eine Blaue seite wie im Bios Ja der PC wird allgemein langsamer, Internet ist normal |
Bitte genauer lesen! Wo steht denn Du sollst die testversion von Kaspersky Internet Security (KIS) installieren? :confused: Ich meinte den Onlinescanner!! Deinstallier den anderen Quatsch wieder, also weg mit KIS! Der Onlinescanner wird aber gerade überarbeitet, deswegen kannst Du ihn momentan nicht benutzen (ja hätte ich mal besser vorher prüfen sollen :rolleyes:) PrevX erzeugt m.W. kein Logdatei, deswegen solltest Du die Pfad notieren und posten, wenn denn etwas gepostet wird. |
Ohh das tut mir leid, habe es nochmal gelesen aber da es nicht anderes gab habe ich gadacht du meinst das! Sorry Gucke mal ob ich das PrevX inbekomme |
Wenn ich Ihn mit PrevX durchlaufen lasse, steht wenn er fertig ist System Claen |
Dann ist ja gut. melde Dich bei weiteren Problemen. |
Alle Zeitangaben in WEZ +1. Es ist jetzt 07:49 Uhr. |
Copyright ©2000-2024, Trojaner-Board