Ladebalken bei Vista nicht mehr animiert!!! |
|
---|---|
18.05.2008, 14:30
Member
Beiträge: 16 |
|
|
|
18.05.2008, 19:18
Ehrenmitglied
Beiträge: 29434 |
#2
mit dem Löschen der Viren siehe:
http://board.protecus.de/t33641.htm ist das Problem behoben ? wende vistascan an + poste den report http://virus-protect.org/artikel/tools/windowsscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
19.05.2008, 13:55
Member
Themenstarter Beiträge: 16 |
#3
Ja,das Problem ist behoben.
Also das mit den Viren! Dieses Problem mit den Ladebalken NOCH nicht! Hier ist der Vistascan wie gewüscht: Die 30 neuesten Dateien im Ordner Windows: ***** ***** ***** ***** ***** ***** Scanning C:\Windows ***** ***** ***** ***** ***** ***** 19.05.2008 WindowsUpdate.log 13 45:16.174 19.05.2008 ntbtlog.txt 13 39:19.202 19.05.2008 bootstat.dat 13 38:67.584 19.05.2008 PFRO.log 13 38:980 18.05.2008 bthservsdp.dat 21 04:12 18.05.2008 NeroDigital.ini 20 46:69 18.05.2008 system.ini 13 58:227 System 15.05.2008 Critical 17 58:110.592 09.05.2008 QTFont.qfn 15 46:54.156 02.05.2008 win.ini 11 01:683 08.04.2008 QTFont.for 15 41:1.409 30.03.2008 WINHLP32.DL2 12 41:76 30.03.2008 Setup1.exe 12 40:266.240 30.03.2008 temp.000 12 40:74.752 25.03.2008 AW_XenoMorph1280.bmp 21 16:3.932.214 22.03.2008 .wb4 14 25:29 21.03.2008 hpqins13.dat 18 10:111.361 18.03.2008 WindowsShell.Manifest 22 23:749 18.03.2008 SPInstall.etl 21 34:458.752 11.03.2008 awshkwv.ini 20 13:4.479 08.03.2008 videoimp.ini 16 24:598 02.03.2008 WB.ini 18 18:72 21.02.2008 winshell.dat 16 12:227 19.02.2008 BeatBox.INI 13 00:381 19.02.2008 Robota.INI 13 00:28 19.02.2008 mgxoschk.ini 12 34:6.768 16.02.2008 ATKPF.ini 17 02:24 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32 ***** ***** ***** ***** ***** ***** 19.05.2008 libsyslic1.ls 13 50:192 19.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 13 38:3.296 19.05.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 13 38:3.296 19.05.2008 oodbs.lor 13 38:439.288 18.05.2008 acovcnt.exe 13 58:45.056 18.05.2008 bkbfuvws.dll 13 28:124.928 18.05.2008 hgGvwtsT.dll 13 28:371.712 18.05.2008 jvqaxmry.dll 10 42:124.928 18.05.2008 kurckpml.dll 09 45:134.144 18.05.2008 shajukuy.dll 09 40:125.952 18.05.2008 RVAXO.bat 09 31:822.241 17.05.2008 qojlgjgc.dll 20 52:134.144 17.05.2008 vbwysolo.dll 20 50:125.952 17.05.2008 jphludom.dll 19 46:125.952 17.05.2008 ygxubdlt.dll 18 26:125.952 17.05.2008 vdmpuvvk.dll 17 11:125.952 17.05.2008 bnufehkc.dll 15 32:125.952 17.05.2008 krhvtdcu.dll 14 08:125.952 17.05.2008 xngnbpaf.dll 12 11:125.952 17.05.2008 ryhcqmwf.dll 10 45:125.952 17.05.2008 perfh009.dat 10 19:598.850 17.05.2008 perfc009.dat 10 19:106.120 17.05.2008 perfh007.dat 10 19:632.408 17.05.2008 perfc007.dat 10 19:128.422 17.05.2008 PerfStringBackup.INI 10 19:1.456.198 17.05.2008 yfelwtgo.dll 10 12:125.952 17.05.2008 ceyqejvy.dll 09 52:135.680 17.05.2008 mdvgtodb.dll 09 40:125.952 16.05.2008 vvqffwox.dll 20 15:135.680 16.05.2008 jxixebsu.dll 20 09:125.952 16.05.2008 axkkilwy.dll 20 08:125.952 16.05.2008 rslnykwk.dll 18 03:135.680 16.05.2008 fsfiigdi.dll 17 53:125.952 16.05.2008 fclopfsy.dll 17 52:125.952 16.05.2008 fjfhilox.dll 17 29:135.680 16.05.2008 cpgpkebf.dll 17 14:125.952 16.05.2008 emrmoyfs.dll 16 23:135.680 16.05.2008 ceescwsk.dll 16 17:125.952 15.05.2008 eFwwwvSj.dll 17 20:59.904 09.05.2008 mrt.exe 23 35:16.863.864 04.05.2008 libsyslic1.pd 20 01:170.432 04.05.2008 iconv.dll 20 01:878.080 04.05.2008 libxslt.dll 20 01:150.016 04.05.2008 libxml2.dll 20 01:721.920 04.05.2008 libexslt.dll 20 01:51.200 28.04.2008 wbsys.dll 11 35:42.672 28.04.2008 wbload.dll 11 34:58.792 ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** 127.0.0.1 localhost ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 4.296 K smss.exe 568 Services 0 740 K csrss.exe 644 Services 0 5.016 K wininit.exe 684 Services 0 3.916 K csrss.exe 696 Console 1 7.448 K winlogon.exe 732 Console 1 5.708 K services.exe 776 Services 0 7.004 K lsass.exe 788 Services 0 2.236 K lsm.exe 800 Services 0 3.836 K svchost.exe 932 Services 0 6.676 K svchost.exe 992 Services 0 6.960 K svchost.exe 1140 Services 0 10.796 K svchost.exe 1168 Services 0 34.476 K LVPrcSrv.exe 1184 Services 0 4.116 K svchost.exe 1240 Services 0 61.556 K audiodg.exe 1312 Services 0 17.724 K SLsvc.exe 1344 Services 0 9.984 K svchost.exe 1376 Services 0 12.620 K VistaSrv.exe 1528 Services 0 3.556 K WBVista.exe 1548 Console 1 3.504 K svchost.exe 1656 Services 0 20.448 K ASLDRSrv.exe 1832 Services 0 3.316 K dwm.exe 1864 Console 1 35.760 K spoolsv.exe 1920 Services 0 10.364 K explorer.exe 1944 Console 1 54.800 K CCSVCHST.EXE 1952 Services 0 3.912 K HControl.exe 1056 Console 1 7.420 K wcourier.exe 1116 Console 1 5.540 K BatteryLife.exe 1204 Console 1 4.084 K ACMON.exe 1304 Console 1 6.620 K ACEngSvr.exe 1648 Console 1 7.972 K svchost.exe 380 Services 0 9.508 K ATKOSD.exe 2312 Console 1 4.788 K RtHDVCpl.exe 2396 Console 1 7.824 K UnlockerAssistant.exe 2516 Console 1 3.196 K Apoint.exe 2536 Console 1 6.628 K ApMsgFwd.exe 2588 Console 1 2.836 K WBTray.exe 2628 Console 1 764 K TweakRAM.exe 2640 Console 1 11.708 K ISUSPM.exe 2648 Console 1 6.760 K rundll32.exe 2692 Console 1 4.492 K CCSVCHST.EXE 2700 Console 1 2.040 K AppleMobileDeviceService. 2860 Services 0 3.420 K mDNSResponder.exe 2876 Services 0 4.808 K svchost.exe 2904 Services 0 3.404 K svchost.exe 2936 Services 0 7.996 K LSSrvc.exe 2956 Services 0 3.364 K LVComSer.exe 2980 Services 0 6.112 K NBService.exe 3092 Services 0 7.420 K LVComSer.exe 3116 Console 1 6.164 K svchost.exe 3132 Services 0 2.992 K oodag.exe 3168 Services 0 8.120 K svchost.exe 3236 Services 0 2.832 K SatSrv.exe 3256 Services 0 4.252 K StarWindService.exe 3324 Services 0 4.016 K ApntEx.exe 3332 Console 1 4.056 K svchost.exe 3360 Services 0 7.452 K SearchIndexer.exe 3400 Services 0 20.704 K hidfind.exe 3460 Console 1 3.956 K Apvfb.exe 3532 Console 1 4.564 K unsecapp.exe 2176 Console 1 5.320 K WmiPrvSE.exe 1600 Services 0 5.844 K wmpnscfg.exe 4084 Console 1 5.724 K wmpnetwk.exe 1996 Services 0 20.972 K uTorrent.exe 1268 Console 1 16.944 K Safari.exe 828 Console 1 76.856 K AluSchedulerSvc.exe 1424 Services 0 1.948 K TrustedInstaller.exe 1280 Services 0 8.576 K symlcsvc.exe 3344 Services 0 1.300 K SearchProtocolHost.exe 5328 Services 0 9.464 K SearchFilterHost.exe 5440 Services 0 5.232 K cmd.exe 5664 Console 1 3.900 K tasklist.exe 1352 Console 1 5.092 K WmiPrvSE.exe 5008 Services 0 6.132 K Microsoft Windows [Version 6.0.6001] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 19.05.2008 um 13:51:46,68 *** |
|
|
19.05.2008, 14:46
Ehrenmitglied
Beiträge: 29434 |
#4
Cool_Boy_007
http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\Windows\awshkwv.iniKlicke auf den Roten MoveIt! « poste, was rechts im fenster erscheint «« wende noch mal combofix an + poste den report http://virus-protect.org/artikel/tools/combofix.html + ein neues Log vom HijackThis http://virus-protect.org/hjtkurz.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
19.05.2008, 15:07
Member
Themenstarter Beiträge: 16 |
#5
[color="red"]Hier der Report von OTMove:[/color]
C:\Windows\awshkwv.ini moved successfully. C:\Windows\system32\acovcnt.exe moved successfully. LoadLibrary failed for C:\Windows\system32\bkbfuvws.dll C:\Windows\system32\bkbfuvws.dll NOT unregistered. C:\Windows\system32\bkbfuvws.dll moved successfully. LoadLibrary failed for C:\Windows\system32\hgGvwtsT.dll C:\Windows\system32\hgGvwtsT.dll NOT unregistered. C:\Windows\system32\hgGvwtsT.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\jvqaxmry.dll C:\Windows\system32\jvqaxmry.dll NOT unregistered. C:\Windows\system32\jvqaxmry.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\kurckpml.dll C:\Windows\system32\kurckpml.dll NOT unregistered. C:\Windows\system32\kurckpml.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\shajukuy.dll C:\Windows\system32\shajukuy.dll NOT unregistered. C:\Windows\system32\shajukuy.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\qojlgjgc.dll C:\Windows\system32\qojlgjgc.dll NOT unregistered. C:\Windows\system32\qojlgjgc.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\vbwysolo.dll C:\Windows\system32\vbwysolo.dll NOT unregistered. C:\Windows\system32\vbwysolo.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\jphludom.dll C:\Windows\system32\jphludom.dll NOT unregistered. C:\Windows\system32\jphludom.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\ygxubdlt.dll C:\Windows\system32\ygxubdlt.dll NOT unregistered. C:\Windows\system32\ygxubdlt.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\vdmpuvvk.dll C:\Windows\system32\vdmpuvvk.dll NOT unregistered. C:\Windows\system32\vdmpuvvk.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\bnufehkc.dll C:\Windows\system32\bnufehkc.dll NOT unregistered. C:\Windows\system32\bnufehkc.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\krhvtdcu.dll C:\Windows\system32\krhvtdcu.dll NOT unregistered. C:\Windows\system32\krhvtdcu.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\xngnbpaf.dll C:\Windows\system32\xngnbpaf.dll NOT unregistered. C:\Windows\system32\xngnbpaf.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\ryhcqmwf.dll C:\Windows\system32\ryhcqmwf.dll NOT unregistered. C:\Windows\system32\ryhcqmwf.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\yfelwtgo.dll C:\Windows\system32\yfelwtgo.dll NOT unregistered. C:\Windows\system32\yfelwtgo.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\ceyqejvy.dll C:\Windows\system32\ceyqejvy.dll NOT unregistered. C:\Windows\system32\ceyqejvy.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\mdvgtodb.dll C:\Windows\system32\mdvgtodb.dll NOT unregistered. C:\Windows\system32\mdvgtodb.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\vvqffwox.dll C:\Windows\system32\vvqffwox.dll NOT unregistered. C:\Windows\system32\vvqffwox.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\jxixebsu.dll C:\Windows\system32\jxixebsu.dll NOT unregistered. C:\Windows\system32\jxixebsu.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\axkkilwy.dll C:\Windows\system32\axkkilwy.dll NOT unregistered. C:\Windows\system32\axkkilwy.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\rslnykwk.dll C:\Windows\system32\rslnykwk.dll NOT unregistered. C:\Windows\system32\rslnykwk.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\fsfiigdi.dll C:\Windows\system32\fsfiigdi.dll NOT unregistered. C:\Windows\system32\fsfiigdi.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\fclopfsy.dll C:\Windows\system32\fclopfsy.dll NOT unregistered. C:\Windows\system32\fclopfsy.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\fjfhilox.dll C:\Windows\system32\fjfhilox.dll NOT unregistered. C:\Windows\system32\fjfhilox.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\cpgpkebf.dll C:\Windows\system32\cpgpkebf.dll NOT unregistered. C:\Windows\system32\cpgpkebf.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\emrmoyfs.dll C:\Windows\system32\emrmoyfs.dll NOT unregistered. C:\Windows\system32\emrmoyfs.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\ceescwsk.dll C:\Windows\system32\ceescwsk.dll NOT unregistered. C:\Windows\system32\ceescwsk.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\system32\eFwwwvSj.dll C:\Windows\system32\eFwwwvSj.dll NOT unregistered. C:\Windows\system32\eFwwwvSj.dll moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05192008_150205[/u] [color="red"]Hier ist der Report von ComboFix:[/color] ((((((((((((((((((((((( Dateien erstellt von 2008-04-19 bis 2008-05-19 )))))))))))))))))))))))))))))) . 2008-05-19 15:08 . 2008-05-19 15:08 0 --ah----- C:\Users\Default\ntuser.dat.LOG2 2008-05-19 15:02 . 2008-05-19 15:02 <DIR> d-------- C:\_OTMoveIt 2008-05-18 12:21 . 2008-05-18 12:21 <DIR> d-------- C:\Program Files\UnscramblerRC 2008-05-18 11:06 . 2008-05-18 15:57 <DIR> d-------- C:\The.Legend.Of.Zelda.Twilight.Princess.WII.Pal.[WwW.LoKoTorrents.CoM] 2008-05-18 10:51 . 2008-05-18 10:51 <DIR> d-------- C:\Users\Rami\AppData\Roaming\Malwarebytes 2008-05-18 10:51 . 2008-05-18 10:51 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-05-18 10:49 . 2008-01-19 09:34 888,320 --a------ C:\Windows\System32\jkkIaxvw.dll 2008-05-18 10:43 . 2008-05-18 09:31 822,241 --a------ C:\Windows\System32\RVAXO.bat 2008-05-18 10:43 . 2001-10-01 14:51 69,632 --a------ C:\Windows\System32\remove.exe 2008-05-17 21:16 . 2008-05-17 21:16 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-17 18:47 . 2008-05-17 18:47 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-05-17 14:49 . 2008-05-17 14:49 7,680 --a------ C:\Windows\System32\drivers\RKL7677.tmp.sys 2008-05-15 17:58 . 2008-05-15 17:58 <DIR> d-------- C:\Users\Rami\AppData\Roaming\Screeq.com 2008-05-15 17:58 . 2008-05-15 17:58 110,592 --a------ C:\Windows\Critical System Error.scr 2008-05-04 20:13 . 2008-05-04 20:13 <DIR> d-------- C:\Users\Rami\AppData\Roaming\SYSTRAN 2008-05-04 20:01 . 2008-05-04 20:01 <DIR> d-------- C:\Program Files\SYSTRAN 2008-05-04 20:01 . 2008-05-04 20:01 170,432 --a------ C:\Windows\System32\libsyslic1.pd 2008-05-04 20:01 . 2008-05-19 13:50 192 --a------ C:\Windows\System32\libsyslic1.ls 2008-05-04 20:00 . 2007-03-14 01:57 144,896 -ra------ C:\Windows\System32\libsyslic1.original.dll 2008-05-04 20:00 . 2007-03-14 14:59 144,896 --a------ C:\Windows\System32\libsyslic1.dll 2008-05-04 19:46 . 2008-05-04 20:01 878,080 --a------ C:\Windows\System32\iconv.dll 2008-05-04 19:46 . 2008-05-04 20:01 721,920 --a------ C:\Windows\System32\libxml2.dll 2008-05-04 19:46 . 2008-05-04 20:01 150,016 --a------ C:\Windows\System32\libxslt.dll 2008-05-04 19:46 . 2008-05-04 20:01 51,200 --a------ C:\Windows\System32\libexslt.dll 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads 2008-05-04 19:41 . 2008-05-04 19:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents 2008-05-02 16:29 . 2008-05-02 16:30 <DIR> d-------- C:\Program Files\TweakRAM 2008-05-02 12:19 . 2008-05-03 21:52 <DIR> d-------- C:\ProgramData\PT2008 2008-05-02 12:15 . 2008-05-02 12:15 <DIR> d-------- C:\Program Files\linguatec 2008-05-02 10:57 . 2008-05-02 10:57 <DIR> d-------- C:\Users\Rami\AppData\Roaming\uk.co.planetside 2008-05-02 10:48 . 2007-02-28 13:00 108,752 --a------ C:\Windows\System32\drivers\dptrackerd.sys 2008-05-01 18:42 . 2008-05-01 18:42 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP 2008-05-01 18:42 . 2008-05-01 18:42 126,062 --a------ C:\ProgramData\LuUninstall.LiveUpdate 2008-04-28 11:35 . 2008-04-28 11:35 42,672 --a------ C:\Windows\System32\wbsys.dll 2008-04-28 11:34 . 2008-04-28 11:34 58,792 --a------ C:\Windows\System32\wbload.dll 2008-04-23 14:32 . 2008-04-23 14:32 19,968 --a------ C:\Windows\System32\CPUINF32.DLL 2008-04-22 15:29 . 2008-04-22 15:29 <DIR> d-------- C:\Program Files\Apple Software Update 7 Datei(en), . 1,639,424 C:\ComboFix\Bytes 7 Datei(en), . 341,761 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 13:08 --------- d-----w C:\Users\Rami\AppData\Roaming\uTorrent 2008-05-19 12:50 --------- d-----w C:\Users\Rami\AppData\Roaming\DivX 2008-05-19 11:57 --------- d-----w C:\ProgramData\Symantec 2008-05-18 18:53 --------- d-----w C:\Program Files\Google 2008-05-18 10:47 --------- d-----w C:\ProgramData\Stardock 2008-05-18 08:38 12,978 ----a-w C:\Users\Rami\AppData\Roaming\nvModes.dat 2008-05-17 14:06 --------- d--h--w C:\Program Files\win32GI 2008-05-15 14:48 --------- d-----w C:\Program Files\English Bid for Power Final 2.5 2008-05-15 14:46 81,920 ----a-w C:\Users\Rami\AppData\Roaming\ezpinst.exe 2008-05-15 14:46 47,360 ----a-w C:\Users\Rami\AppData\Roaming\pcouffin.sys 2008-05-14 20:33 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-14 20:33 --------- d-----w C:\Program Files\Windows Mail 2008-05-04 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 09:13 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-02 09:13 --------- d-----w C:\Program Files\DivX 2008-05-01 16:47 --------- d-----w C:\Users\Rami\AppData\Roaming\UpdateStar 2008-04-30 18:24 --------- d-----w C:\Program Files\Common Files\Stardock 2008-04-22 13:32 --------- d-----w C:\Program Files\Safari 2008-04-13 14:17 --------- d-----w C:\Users\Rami\AppData\Roaming\CamTrack 2008-04-13 11:44 --------- d-----w C:\Program Files\Bomberman Online International 2008-04-12 16:19 --------- d-----w C:\Program Files\ECOM 2008-04-09 18:55 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-04-08 14:29 --------- d-----w C:\Program Files\biu software 2008-04-08 13:40 --------- d-----w C:\Program Files\iTunes 2008-04-08 13:40 --------- d-----w C:\Program Files\iPod 2008-04-08 13:37 --------- d-----w C:\Program Files\QuickTime 2008-04-02 10:34 --------- d-----w C:\Program Files\Common Files\Real 2008-04-01 12:37 --------- d-----w C:\ProgramData\Ashampoo 2008-04-01 12:37 --------- d-----w C:\Program Files\Ashampoo 2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-03-31 11:47 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4 2008-03-30 10:40 266,240 ------w C:\Windows\Setup1.exe 2008-03-28 07:23 89,088 ----a-w C:\Windows\System32\atl71.dll 2008-03-28 07:23 348,160 ----a-w C:\Windows\System32\msvcr71.dll 2008-03-26 04:48 766,464 ----a-w C:\Windows\system32\drivers\athr.sys 2008-03-25 19:21 15,819,776 ----a-w C:\Windows\System32\imageres.dll 2008-03-25 19:16 --------- d-----w C:\Program Files\Stardock 2008-03-25 11:09 --------- d-----w C:\Program Files\LANGMaster 2008-03-25 11:04 --------- d-----w C:\Users\Rami\AppData\Roaming\Apple Computer 2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-03-21 16:42 --------- d-----w C:\Program Files\Unlocker 2008-03-21 16:08 --------- d-----w C:\Program Files\HP 2008-03-21 16:08 --------- d-----w C:\Program Files\Common Files\HP 2008-03-21 15:59 --------- d-----w C:\Program Files\Registry Clean Expert 2008-03-21 14:37 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-21 14:35 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS 2008-03-19 16:34 --------- d-----w C:\Program Files\Lavalys 2008-03-18 20:23 174 --sha-w C:\Program Files\desktop.ini 2008-03-18 19:40 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-03-18 19:40 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-03-18 19:14 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-03-18 19:14 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-03-09 17:06 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-27 12:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll 2008-02-27 12:15 16,640 ----a-w C:\Windows\System32\authuitu.dll 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 14:12 64,512 ---ha-w C:\Users\Rami\AppData\Roaming\dach100.dll 2008-01-08 12:48 19,970,080 --sha-w C:\Windows\System32\drivers\fidbox(494).dat . ------- Sigcheck ------- . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1427A821-7B93-4F08-9A34-9FA03A3D93DB}] 2008-01-24 15:28 20480 --a------ C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d52f8da-9dd6-462e-8140-871b5dfe93b3}] C:\Windows\system32\kurckpml.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-25 05:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-01-31 16:25 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 05:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2008-05-01 18:29 1188352] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 03:22 155648] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-19 08:18 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-19 08:18 7770112] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-19 08:18 81920] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048] "TweakMASTER"="C:\PROGRA~1\WIRELE~2\WBTray.exe" [2004-10-22 19:25 289280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2008-03-18 12:54 237304 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2950956674-1511352922-1959501381-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{776CB5CB-7464-453C-9048-FF1FEC2215C9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{C7CC161F-919C-443C-847F-D144F8187922}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{980CEF90-3F97-41A7-A5E0-EF453B5F7E87}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{2594C54A-15CA-46D3-A3F6-AB367F27A3AB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BF467EB8-3433-4E9E-8BFB-13D687EC3DD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7D48E3B1-FF9A-41D1-A9E3-65947B88E278}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{3A647768-5BD3-4B42-BF15-B50D25322241}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{C3BE30D5-98DF-42D9-9496-164D062E6FC1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{9A27BBB0-CAFC-4C36-BAE5-53733D8EBEFA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{11AEB937-2E4B-4D25-B26D-5DD95E9FAAA2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{60AA735D-7DE6-4BB0-9213-499D3D863C14}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{8B28F700-6E39-42FD-9C43-CCC357335392}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{774F68A3-5766-4608-916A-EEAF637A5BDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{5C53FD9A-3F28-4425-8C8F-12FC3429B9BF}"= UDP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV "{C4B6E261-7E95-4B23-9C74-25E6D9617B56}"= TCP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV "{FB65CBF5-7D06-4696-B39A-684A3D98172B}"= UDP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV "{5863D3E1-1C27-449A-B7C0-A79EAB574FDC}"= TCP:C:\Program Files\concept design\onlineTV 3\onlineTV.exe:onlineTV "{5F221400-0E7A-4347-875E-8BFE0F731BE3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{67008D86-1285-4017-9AC7-B8635AFD245C}"= UDP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent "{3E6E95D7-04FB-48E0-9299-722A4A1A8719}"= TCP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent "{C4CACF2D-1760-4905-9C6C-D0B9C431DC93}"= UDP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent "{A17C6042-17A8-4CE2-8A8B-04DBDB94855B}"= TCP:C:\Users\Rami\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{D0EBBA02-89C7-4A9C-9C66-3DCDDDF7DFCA}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{326D82C2-1B0A-4696-92A8-482B45FF2977}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{2A1425FD-108C-4030-85DB-0B4826A0A608}C:\\program files\\bomberman online international\\bomberman.exe"= UDP:C:\program files\bomberman online international\bomberman.exe:BomberMan "UDP Query User{FBAE91EE-2A2A-4596-9824-D685CAAA40AB}C:\\program files\\bomberman online international\\bomberman.exe"= TCP:C:\program files\bomberman online international\bomberman.exe:BomberMan "{301999B2-75A5-44EE-87D8-97875DCD5ABA}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{8EE25307-0A99-4F56-A79B-3011BEF92C4E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{308638EA-3E99-4040-B851-635C057C886F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{FD82A54C-4840-49FF-BD41-A155497E849B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{36CFB532-7DAB-4046-BF81-02D814A312A1}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{7F181C76-80EE-46F2-8E64-BA6D4308EA19}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{A08FE072-92CF-4FFF-AC85-D394A0407CFD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{68D24C4D-AAFB-40E6-8944-32B29D6AA50C}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{5CADE9B3-C747-4844-B67D-1A4B373C9435}"= Disabled:UDP:C:\Users\Rami\Desktop\IncMail.exe:IncrediMail "{77ABC664-16BA-44AD-B6F6-F29CC94D873B}"= Disabled:TCP:C:\Users\Rami\Desktop\IncMail.exe:IncrediMail "{3BCE2A10-DF7C-4A23-BFDE-1971B8630E9D}"= Disabled:UDP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail "{58D1BC36-BE90-4722-ADEA-50301E5F4513}"= Disabled:TCP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail "{8DAF79E7-8428-44C6-BFF6-FAA7B4F90502}"= Disabled:UDP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail "{20309383-C384-4F98-991F-4BFE22DD7151}"= Disabled:TCP:C:\Users\Rami\Desktop\IncrediMail\IncMail.exe:IncrediMail "{9797C5EE-6D0C-48EB-8AF2-7B8FEAFBFD8E}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{B3F4F347-67EC-48E8-B730-FB565007495E}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{5FEAD773-3B42-4066-96CC-50F9F248A6B5}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{8DF112B4-D4E0-4189-911E-51A74DB23109}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{19AADB8E-37DD-4F8F-958A-E75580B4ACD2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{ED4F9E10-5F6F-42A1-8016-77325FB4B506}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{0B46721F-7C13-42B4-B53A-5E414777E365}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{D2E554E9-911B-4A32-A887-59B1C8C08DEC}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "TCP Query User{8DBF9701-6F56-485B-A1F8-3ABE95510624}C:\\windows\\system32\\oaszzh.exe"= UDP:C:\windows\system32\oaszzh.exe:oaszzh "UDP Query User{C7CA07AA-83EC-4115-8A9D-A3A6F7E194B0}C:\\windows\\system32\\oaszzh.exe"= TCP:C:\windows\system32\oaszzh.exe:oaszzh "TCP Query User{B867EFFD-EC4A-4EF1-844B-75A5066434F2}C:\\users\\rami\\desktop\\worms 4 mayhem.exe"= UDP:C:\users\rami\desktop\worms 4 mayhem.exe:worms 4 mayhem.exe "UDP Query User{9DEC3E6E-C605-4F24-914B-5EBB7465481A}C:\\users\\rami\\desktop\\worms 4 mayhem.exe"= TCP:C:\users\rami\desktop\worms 4 mayhem.exe:worms 4 mayhem.exe "{4F613C21-340D-4115-80C9-F0C2627E9D09}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service "{D63399A3-8EBF-468A-9308-88718CAB6438}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service "{652B9A36-1141-4576-8E18-74AE2F1019DB}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service "{E2EA7131-1662-4BA2-839C-1E8944B12630}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service "{FAD07197-0285-4721-B68C-7698B1C0E61C}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "{078ACFB3-2B6C-4309-BC28-9972259D4790}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "{49F3DFFF-F285-4685-BF93-15D64CAD2D02}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone) "{C2ADAE8E-D5B2-4D42-B8FB-777BE870322E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BFF4718A-9C45-4F03-8B30-FA86A870E8DC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C2A29D44-2794-4C87-A7A8-AC4FF04F0571}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{AAB8EB5E-F16A-47B6-93C1-C60D2407752F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1D1F8801-8AAE-489D-9F76-37D00386A2D4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{C8BCC5D5-FA7B-43D6-9813-BFC9917898CC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080512.002\IDSvix86.sys [2008-02-13 18:18] R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];C:\Windows\system32\drivers\Sleen16.sys [2007-10-11 13:24] R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2008-01-19 09:33] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 06:48] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 22:50] R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 00:37] S3 AntiAries;Anti Aries Helper Driver;C:\Windows\System32\drivers\RKL7677.tmp.sys [2008-05-17 14:49] S3 CAM1690;USB PC Camera;C:\Windows\system32\Drivers\cam1690.sys [2007-11-21 17:35] S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2008-03-09 19:06] S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - COMHOST . Inhalt des "geplante Tasks" Ordners "2008-05-18 08:36:48 C:\Windows\Tasks\1-Klick-Wartung.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-03-31 18:00:08 C:\Windows\Tasks\Norton Internet Security Online - Systemprüfung ausführen - Rami.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: "2008-05-17 18:40:20 C:\Windows\Tasks\User_Feed_Synchronization-{55BC94FE-2A34-4708-ADFB-9287CD596A8F}.job" - C:\Windows\system32\msfeedssync.exe "2008-05-17 15:22:21 C:\Windows\Tasks\Vista Manager Live Update.job" - C:\Program Files\Yamicsoft\Vista Manager\LiveUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 15:13:20 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Unlocker\UnlockerHook.dll . Zeit der Fertigstellung: 2008-05-19 15:15:04 ComboFix-quarantined-files.txt 2008-05-19 13:14:34 11 Verzeichnis(se), 15,845,433,344 Bytes frei 17 Verzeichnis(se), 15,703,019,520 Bytes frei 324 --- E O F --- 2008-05-19 11:45:44 [color="red"]Hier ist der Report von HijackThis:[/color] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:18:32, on 19.05.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\WirelessBooster\WBTray.exe C:\Program Files\TweakRAM\TweakRAM.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Safari\Safari.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = T-online.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll O2 - BHO: {3b39efd5-b178-0418-e264-6dd9ad8f25d3} - {3d52f8da-9dd6-462e-8140-871b5dfe93b3} - C:\Windows\system32\kurckpml.dll (file missing) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: WirelessBooster Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\WIRELE~2\TweakBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\WIRELE~2\WBTray.exe O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: SYSTRAN Suche - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197469799284 O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Franzis\Alcohol Virtual CD + DVD\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe -- End of file - 11690 bytes Hier sind alle Berichte ,die du brauchst. Danke im Vorraus für deine Hilfe. Dieser Beitrag wurde am 19.05.2008 um 15:22 Uhr von Cool_Boy_007 editiert.
|
|
|
20.05.2008, 00:41
Ehrenmitglied
Beiträge: 29434 |
#6
««
1. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat O2 - BHO: {3b39efd5-b178-0418-e264-6dd9ad8f25d3}{3d52f8da-9dd6-462e-8140-871b5dfe93b3} - C:\Windows\system32\kurckpml.dll (file missing)2. http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\Users\Rami\AppData\Roaming\Screeq.comKlicke auf den Roten MoveIt! 3. lade datfindbat, alle logs sind per Datum geordnet - poste die Daten bis Januar 2008 http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
20.05.2008, 16:19
Member
Themenstarter Beiträge: 16 |
#7
Hier ist der Log von datfindbat:
Datentr„ger in Laufwerk C: ist VistaOS Volumeseriennummer: F6E0-14D5 Verzeichnis von c:\ 20.05.2008 16:14 0 dirdat.txt 20.05.2008 16:09 2.146.689.024 hiberfil.sys 20.05.2008 16:09 2.460.475.392 pagefile.sys 19.05.2008 15:07 5.151 Bug.txt 19.01.2008 09:45 333.203 bootmgr 10.08.2007 14:33 0 IO.SYS 10.08.2007 14:33 0 MSDOS.SYS 09.03.2007 09:26 524.288 F3T.BIN 09.03.2007 08:27 524.288 F3Tc.BIN 18.09.2006 23:43 10 config.sys 18.09.2006 23:43 24 autoexec.bat 11 Datei(en), 4.608.551.380 Bytes 0 Verzeichnis(se), 15.962.947.584 Bytes frei Datentr„ger in Laufwerk C: ist VistaOS Volumeseriennummer: F6E0-14D5 Verzeichnis von C:\Windows\system32 20.05.2008 16:09 45.056 acovcnt.exe 20.05.2008 16:09 3.296 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 20.05.2008 16:09 3.296 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 20.05.2008 16:09 446.950 oodbs.lor 20.05.2008 14:08 106.120 perfc009.dat 20.05.2008 14:08 598.850 perfh009.dat 20.05.2008 14:08 632.408 perfh007.dat 20.05.2008 14:08 128.422 perfc007.dat 20.05.2008 14:08 1.456.198 PerfStringBackup.INI 19.05.2008 16:33 10.752 BASSMOD.dll 19.05.2008 15:44 161.328 mlfcache.dat 19.05.2008 13:50 192 libsyslic1.ls 18.05.2008 09:31 822.241 RVAXO.bat 09.05.2008 23:35 16.863.864 mrt.exe 04.05.2008 20:01 170.432 libsyslic1.pd 04.05.2008 20:01 878.080 iconv.dll 04.05.2008 20:01 150.016 libxslt.dll 04.05.2008 20:01 721.920 libxml2.dll 04.05.2008 20:01 51.200 libexslt.dll 28.04.2008 11:35 42.672 wbsys.dll 28.04.2008 11:34 58.792 wbload.dll 23.04.2008 14:32 19.968 CPUINF32.DLL 10.04.2008 18:41 1.756.848 FNTCACHE.DAT 31.03.2008 23:25 161.096 DivXCodecVersionChecker.exe 31.03.2008 23:25 823.296 divx_xx07.dll 31.03.2008 23:25 823.296 divx_xx0c.dll 31.03.2008 23:25 682.496 DivX.dll 31.03.2008 23:25 831.488 divx_xx0a.dll 31.03.2008 23:25 802.816 divx_xx11.dll 28.03.2008 23:37 57.344 QuickTime.qts 28.03.2008 23:37 90.112 QuickTimeVR.qtx 28.03.2008 09:23 89.088 atl71.dll 28.03.2008 09:23 348.160 msvcr71.dll 25.03.2008 21:21 15.819.776 imageres.dll 24.03.2008 21:45 630.784 divxdec.ax 21.03.2008 22:30 4.816 divxsm.tlb 21.03.2008 22:30 524.288 DivXsm.exe 21.03.2008 22:30 10.152 dsm_de.qm 21.03.2008 22:30 3.596.288 qt-dx331.dll 21.03.2008 22:30 1.044.480 libdivx.dll 21.03.2008 22:30 200.704 ssldivx.dll 21.03.2008 22:28 416 dpl100.dll.manifest 21.03.2008 22:28 416 dtu100.dll.manifest 21.03.2008 22:28 81.920 dpl100.dll 21.03.2008 22:28 196.608 dtu100.dll 21.03.2008 22:28 3.051 dtu_de.qm 21.03.2008 22:28 53.248 dpuGUI10.dll 21.03.2008 22:28 593.920 dpuGUI11.dll 21.03.2008 22:28 294.912 dpu11.dll 21.03.2008 22:28 57.344 dpv11.dll 21.03.2008 22:28 344.064 dpus11.dll 21.03.2008 22:28 294.912 dpu10.dll 21.03.2008 22:28 12.288 DivXWMPExtType.dll 21.03.2008 22:28 8.523 dpude.qm 21.03.2008 19:01 44.875 TEST.log 21.03.2008 19:01 3.239 SENT.log 21.03.2008 19:01 7.334 RECV.log 18.03.2008 21:40 101.888 ifxcardm.dll 18.03.2008 21:40 82.432 axaltocm.dll 18.03.2008 21:14 152.576 SPWizUI.dll 18.03.2008 21:14 47.560 SPReview.exe 12.03.2008 14:53 118 MRT.INI 09.03.2008 19:06 307.968 TuneUpDefragService.exe 08.03.2008 15:27 10.322 lvcoinst.log 29.02.2008 09:14 19.000 kd1394.dll 29.02.2008 09:11 927.288 winresume.exe 29.02.2008 09:11 988.216 winload.exe 29.02.2008 08:53 378.368 srcore.dll 29.02.2008 08:53 40.960 srclient.dll 29.02.2008 08:53 46.592 setbcdlocale.dll 29.02.2008 08:35 6.656 kbd106n.dll 29.02.2008 06:21 2.032.128 win32k.sys 29.02.2008 06:12 318.464 rstrui.exe 29.02.2008 06:12 14.848 srdelayed.exe Verzeichnis von C:\Windows 20.05.2008 16:10 58.368 ntbtlog.txt 20.05.2008 16:09 67.584 bootstat.dat 20.05.2008 16:06 12 bthservsdp.dat 20.05.2008 16:06 77.654 WindowsUpdate.log 19.05.2008 15:15 53.248 PSEXESVC.EXE 19.05.2008 15:13 227 system.ini 19.05.2008 14:55 69 NeroDigital.ini 09.05.2008 15:46 54.156 QTFont.qfn 02.05.2008 11:01 683 win.ini 08.04.2008 15:41 1.409 QTFont.for 30.03.2008 12:41 76 WINHLP32.DL2 30.03.2008 12:40 266.240 Setup1.exe 30.03.2008 12:40 74.752 temp.000 25.03.2008 21:16 3.932.214 AW_XenoMorph1280.bmp 22.03.2008 14:25 29 .wb4 21.03.2008 18:10 111.361 hpqins13.dat 18.03.2008 22:23 749 WindowsShell.Manifest 18.03.2008 21:34 458.752 SPInstall.etl 08.03.2008 16:24 598 videoimp.ini 02.03.2008 18:18 72 WB.ini 21.02.2008 16:12 227 winshell.dat 19.02.2008 13:00 381 BeatBox.INI 19.02.2008 13:00 28 Robota.INI 19.02.2008 12:34 6.768 mgxoschk.ini 16.02.2008 17:02 24 ATKPF.ini 06.02.2008 18:01 108.336 mswinsck.ocx 19.01.2008 09:33 13.312 fveupdate.exe 19.01.2008 09:33 58.880 bfsvc.exe 19.01.2008 00:33 134.656 regedit.exe 19.01.2008 00:33 151.040 notepad.exe 19.01.2008 00:33 2.927.104 explorer.exe 19.01.2008 00:33 498.176 HelpPane.exe 09.01.2008 16:12 73.216 ST6UNST.EXE 22.12.2007 12:10 3.120 .lfa 02.12.2007 22:14 358 Let It Snow-Prefs.ini Verzeichnis von C:\Users\MyName\AppData\Local\Temp 20.05.2008 16:09 31.832 Rami.bmp 20.05.2008 13:50 260.904 SilverlightMSI.log 20.05.2008 13:50 1.230 Silverlight0.log 20.05.2008 10:05 38 um.um 19.05.2008 18:28 16.384 ~DF6B7D.tmp 5 Datei(en), 310.388 Bytes 0 Verzeichnis(se), 15.962.804.224 Bytes frei |
|
|
20.05.2008, 16:38
Ehrenmitglied
Beiträge: 29434 |
#8
««
Virustotal http://www.virustotal.com/flash/index_en.html C:\Windows\system32\acovcnt.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren «« scanne mit f-secure + poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
20.05.2008, 20:14
Member
Themenstarter Beiträge: 16 |
#9
Hier ist der Report von f-secure:
Scanning Report Tuesday, May 20, 2008 17:36:59 - 19:35:14 Scanning type: Scan system for malware, rootkits Target: C:\ D:\ Result: 2 malware found W32/Suspicious_U.gen (virus) C:\PROGRAM FILES\WINRAR\SYSTOOLS\PLUGINS\EMPTY KEY.DLL (Submitted) C:\PROGRAM FILES\WINRAR\SYSTOOLS\PLUGINS\SLYSOFT.DLL (Submitted) Statistics Scanned: Files: 59548 System: 5214 Not scanned: 20 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 2 Submitted: 2 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\USERS\MyName\APPDATA\ROAMING\SYMANTEC\NPMDATASTORE\CIMSTORE.XML C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7663EEC413852713C8FA8C5C031527F_CA49E810-D445-4DAA-AB42-D8D4F3551500 C:\BOOT\BCD Options Scanning engines: F-Secure USS: 2.30.0 F-Secure Hydra: 2.8.8110, 2008-05-20 F-Secure Pegasus: 1.20.0, 2008-04-15 F-Secure AVP: 7.0.171, 2008-05-20 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics Copyright © 1998-2007 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. PS: Habe den ersten Schritt durchgeführt und den Report habe ich. Schau nach unten. Dieser Beitrag wurde am 21.05.2008 um 13:37 Uhr von Cool_Boy_007 editiert.
|
|
|
21.05.2008, 12:13
Ehrenmitglied
Beiträge: 29434 |
#10
noch mal... abwarten, bis gescannt wurde, dann bericht komplett abkopieren
Virustotal http://www.virustotal.com/flash/index_en.html C:\Windows\system32\acovcnt.exe Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
21.05.2008, 13:31
Member
Themenstarter Beiträge: 16 |
#11
Bitteschön. Hier ist der Report von VirusTotal:
AhnLab-V3 2008.5.20.0 2008.05.21 - AntiVir 7.8.0.19 2008.05.21 - Authentium 5.1.0.4 2008.05.21 - Avast 4.8.1195.0 2008.05.21 - AVG 7.5.0.516 2008.05.21 - BitDefender 7.2 2008.05.21 - CAT-QuickHeal 9.50 2008.05.19 - ClamAV 0.92.1 2008.05.21 - DrWeb 4.44.0.09170 2008.05.21 - eSafe 7.0.15.0 2008.05.20 - eTrust-Vet 31.4.5808 2008.05.21 - Ewido 4.0 2008.05.21 - F-Prot 4.4.2.54 2008.05.16 - F-Secure 6.70.13260.0 2008.05.21 - Fortinet 3.14.0.0 2008.05.21 - GData 2.0.7306.1023 2008.05.21 - Ikarus T3.1.1.26.0 2008.05.21 - Kaspersky 7.0.0.125 2008.05.21 - McAfee 5299 2008.05.20 - Microsoft 1.3520 2008.05.21 - NOD32v2 3116 2008.05.21 - Norman 5.80.02 2008.05.20 - Panda 9.0.0.4 2008.05.21 - Prevx1 V2 2008.05.21 - Rising 20.45.12.00 2008.05.21 - Sophos 4.29.0 2008.05.21 - Sunbelt 3.0.1123.1 2008.05.17 - Symantec 10 2008.05.21 - TheHacker 6.2.92.314 2008.05.20 - VBA32 3.12.6.6 2008.05.20 - VirusBuster 4.3.26:9 2008.05.20 - Webwasher-Gateway 6.6.2 2008.05.21 - weitere Informationen File size: 45056 bytes MD5...: 6bcaf46e2b7fa9ace92b4d39f3037c5c SHA1..: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095 SHA256: aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2 SHA512: 03b62753530e1adba2af3feede5e3903d41d8b102289bb03f4ad2520ead6ec9c aea29acae81846eb4484310c0bc1c0a69934a02fadb1a015383e0ebee7c007f3 PEiD..: Armadillo v1.71 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401613 timedatestamp.....: 0x425539fb (Thu Apr 07 13:47:39 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4ee6 0x5000 6.60 f7aa46b67e4004a80db01ad39b5c4bd7 .rdata 0x6000 0xb32 0x1000 4.20 f3ceef6b97b6aad02714644497ad4da9 .data 0x7000 0x413c 0x3000 0.56 af4abe2835a3f5bf87330b627a696dbf .rsrc 0xc000 0xc0 0x1000 0.14 c85d6206afcdfed0fe16bdc48441d945 ( 5 imports ) > DDRAW.dll: DirectDrawCreateEx > KERNEL32.dll: CreateEventA, SetEvent, CloseHandle, GetModuleFileNameA, SetHandleCount, GetStdHandle, GetEnvironmentStringsW, SetStdHandle, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, FlushFileBuffers, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapDestroy, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetCPInfo, HeapFree, RtlUnwind, GetFileType, GetEnvironmentVariableA, GetVersionExA, MultiByteToWideChar, HeapCreate, VirtualFree, GetStringTypeA, WriteFile, SetFilePointer, GetLastError, GetStringTypeW, HeapAlloc > USER32.dll: TranslateMessage, DispatchMessageA, CreateWindowExA, TranslateAcceleratorA, GetMessageA, LoadStringA, RegisterClassExA, DefWindowProcA, PostQuitMessage, LoadCursorA, LoadIconA > ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegCreateKeyA > ole32.dll: CoInitializeEx, CoUninitialize ( 0 exports ) Dieser Beitrag wurde am 21.05.2008 um 13:35 Uhr von Cool_Boy_007 editiert.
|
|
|
21.05.2008, 14:10
Ehrenmitglied
Beiträge: 29434 |
#12
««
lade die exe bitte hier hoch, du wirst dann benachrichtigt, poste die nachricht C:\Windows\system32\acovcnt.exe http://www.norman.com/microsites/nsic/Submit/de «« inzwischen scanne mit McAfee FreeScan (Online) + poste den report http://virus-protect.org/onlinescan.html und berichte, ob der Fehler mit dem ladebalken noch auftritt.... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
21.05.2008, 16:04
Member
Themenstarter Beiträge: 16 |
#13
Hier ist die Nachricht von Norman:
Hello, Thanks for taking the time to submit your samples to the Norman Sandbox Information Center. Customer delight is our top priority at Norman. With that in mind we have developed Sandbox Solutions for organizations that are committed to speedy analysis and debugging. Norman Sandbox Solutions give your organization the opportunity to analyze files immediately in your own environment. To find out how to bring the power of Norman Sandbox into your test environments follow the links below. Norman Sandbox Solutions http://www.norman.com/Product/Sandbox-products/ Norman Sandbox Analyzer http://www.norman.com/Product/Sandbox-products/Analyzer/ Norman Sandbox Analyzer Pro http://www.norman.com/Product/Sandbox-products/Analyzer-pro/ Norman SandBox Reporter http://www.norman.com/Product/Sandbox-products/Reporter/ acovcnt.exe : Not detected by Sandbox (Signature: NO_VIRUS) [ DetectionInfo ] * Sandbox name: NO_MALWARE * Signature name: NO_VIRUS * Compressed: NO * TLS hooks: NO * Executable type: Application * Executable file structure: OK [ General information ] * File length: 45056 bytes. * MD5 hash: 6bcaf46e2b7fa9ace92b4d39f3037c5c. [ Changes to registry ] * Creates key "HKLM\Software\ASUS\Asus Chameleon Engine". * Sets value "OV0"=" " in key "HKLM\Software\ASUS\Asus Chameleon Engine". [ Process/window information ] * Creates an event called ACOVSEvent. (C) 2004-2006 Norman ASA. All Rights Reserved. The material presented is distributed by Norman ASA as an information source only. This file is not flagged as malicious by the Norman Sandbox Information Center. However, we can not guarantee that the file is harmless. If you still suspect the file to be malicious and if you urgently need to know for sure, please submit it to your local Norman support department for manual analysis. ************************************ Sent from an unmonitored email address. Please DO NOT reply. ************************************ PS: Ist es normal ,dass der McAfee Scanner die ganze Zeit auf 0 steht bei der Zahl der geprüften Dateien. Nein,das ist es nicht. Der Scan wird sowiso nicht viel bringen. Kannst du nicht einfach deine acovcnt.exe Datei uploaden und dies dann durch meine ersetzen .Das würde dann dieses Problem mit den Ladebalken beheben,oder? Dieser Beitrag wurde am 21.05.2008 um 16:41 Uhr von Cool_Boy_007 editiert.
|
|
|
21.05.2008, 17:30
Ehrenmitglied
Beiträge: 29434 |
#14
acovcnt.exe - gehört nascheinend zu Asus...
HKLM\Software\ASUS\Asus Chameleon Engine hast du so eine Software auf dem Rechner ? Zitat Verzeichnis von C:\Windows\system32 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
21.05.2008, 19:02
Member
Themenstarter Beiträge: 16 |
#15
Ich habe nur ASUS Programme wie ASUS Update und so.
|
|
|
ich habe seit einiger Zeit das Problem,dass bei Vista beim Downloaden oder sonst noch was der Ladebalken nicht animiert ist (keine Lichteffekte von links nach rechts).
Ich denke mal ich habe irgendetwas ausversehen deinstalliert.
Hilft mir bitteeee!!!
Hier zur Hilfe ein Logfile meines Computers:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:09, on 18.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\WirelessBooster\WBTray.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = T-online.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll
O2 - BHO: {3b39efd5-b178-0418-e264-6dd9ad8f25d3} - {3d52f8da-9dd6-462e-8140-871b5dfe93b3} - C:\Windows\system32\kurckpml.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: WirelessBooster Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\WIRELE~2\TweakBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\WIRELE~2\WBTray.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: SYSTRAN Suche - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197469799284
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Franzis\Alcohol Virtual CD + DVD\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
--
End of file - 11675 bytes