System verseucht mit Smitfraud-C.toolbar888, Viren, etc. |
||
---|---|---|
#0
| ||
15.06.2007, 14:49
Member
Beiträge: 16 |
||
|
||
15.06.2007, 15:02
Member
Beiträge: 3716 |
#2
hi,
1. arbeitsplatz öffnen,extras,ordneroptionen,ansicht dateinamenerweiterungen bei bekannten dateitypen ausblenden off geschützte systeemdateien ausblenden off inhalte von systemordnern einblenden on versteckte dateien und ordner alle einblenden on 2. lad dir hijackthis: www.hijackthis.de bitte instaliere das programm in eienn eigenen ordner c:\programme\hijackhtis bitte benenne die hijackthis.exe in hjt.com um, dies ist nötig, da sich malware vor der hijackthis.exe verstecken kann also die endung .exe muss verschwinden! öffne nun das programm, klicke scan and safe log und poste dies hier. 3. lad combofix: http://virus-protect.org/artikel/tools/combofix.html poste log. 4. lad smitfraudfix: http://siri.geekstogo.com/SmitfraudFix_De.php bitte das erste log im normalen modus erstellen und die reinigung unbedingt im abgesicherten durchführen. bitte beide logs posten! 5. vundofix laden und posten: www.hijackthis-forum.de/archive/index.php/t-18415.html - 14k - so fot scannen lassen, bis nichts mehr gefunden wird, alle logs posten! 6. da vundo auch mit rootkits verbunden sein kann, lad dir all diese rootkitscanner runter und führe sie nach beschreibung aus: www.hijackthis-forum.de/showthread.php?t=20219 - 38k - bitte trenne deine internetverbindung und schalte alle programme wie antivirenlösung aus. mit trennen meine ich kabel raus, wlan aus. 7. logs in folgender reihenfolge posten: 1. smitfraudfix 2. vundofix 3. rootkitscanns 4. combofix und neues hijackthis. |
|
|
||
15.06.2007, 19:39
Member
Themenstarter Beiträge: 16 |
#3
Hallo,
Danke erstmal für die schnelle Antwort. Ich habe jetzt die Liste durchgearbeitet, da allerdings sowohl Vundofix als auch RootkitRevealer und Blacklight nichts gefunden haben, wollte ich erstmal die Zwischenergebnisse posten, bevor ich zig Logs poste, die alle dasselbe aussagen, nämlich dass nichts gefunden wurde. 1. Smitfraudfix Normaler Modus: SmitFraudFix v2.195 Scan done at 15:39:06,42, 15.06.2007 Run from C:\Downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\iTunes\iTunesHelper.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\WINDOWS\system32\cmd.exe C:\Programme\Messenger\msmsgs.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Jan Kriebel »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Jan Kriebel\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\JANKRI~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: SiS 900-Based PCI Fast Ethernet Adapter - Paketplaner-Miniport DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End --------------------------------------------- Abgesicherter Modus: SmitFraudFix v2.195 Scan done at 15:19:03,51, 15.06.2007 Run from C:\Downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning ----------------------------------------- 2. Vundofix VundoFix V6.5.0 Checking Java version... Sun Java not detected Scan started at 15:40:22 15.06.2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.5.0 Checking Java version... Sun Java not detected Scan started at 15:47:05 15.06.2007 Listing files found while scanning.... No infected files were found. ----------------------------------------------- 3.1 RootkitReveal HKU\.DEFAULT\Control Panel\International 15.06.2007 15:11 0 bytes Security mismatch. HKU\.DEFAULT\Control Panel\International\Geo 15.06.2007 15:11 0 bytes Security mismatch. HKU\S-1-5-21-1801674531-606747145-725345543-1004\Control Panel\International 15.06.2007 15:11 0 bytes Security mismatch. HKU\S-1-5-21-1801674531-606747145-725345543-1004\Control Panel\International\Geo 15.06.2007 15:11 0 bytes Security mismatch. HKU\S-1-5-21-1801674531-606747145-725345543-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 27.05.2007 12:39 0 bytes Key name contains embedded nulls (*) HKU\S-1-5-18\Control Panel\International 15.06.2007 15:11 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International\Geo 15.06.2007 15:11 0 bytes Security mismatch. HKLM\SECURITY\Policy\Secrets\SAC* 18.12.2004 18:53 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 18.12.2004 18:53 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 12.03.2005 20:36 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 02.06.2007 22:04 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 13.03.2005 10:56 26 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\currentPollMinutes 15.06.2007 16:02 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\lastGoodTime 15.06.2007 16:02 32 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg 21.03.2007 19:54 0 bytes Access is denied. C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 12.10.2006 13:25 252.00 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 12.10.2006 13:25 111.50 KB Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD 15.06.2007 16:00 0 bytes Visible in Windows API, MFT, but not in directory index. C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL 15.06.2007 16:00 0 bytes Visible in Windows API, MFT, but not in directory index. ------------------------------------------------------ 3.2 Blacklight 06/15/07 16:13:18 [Info]: BlackLight Engine 1.0.61 initialized 06/15/07 16:13:18 [Info]: OS: 5.1 build 2600 (Service Pack 2) 06/15/07 16:13:19 [Note]: 7019 4 06/15/07 16:13:19 [Note]: 7005 0 06/15/07 16:13:25 [Note]: 7006 0 06/15/07 16:13:25 [Note]: 7011 1824 06/15/07 16:13:25 [Note]: 7026 0 06/15/07 16:13:25 [Note]: 7026 0 06/15/07 16:13:43 [Note]: FSRAW library version 1.7.1021 06/15/07 19:26:47 [Note]: 7007 0 ---------------------------------------------- 4. Combofix: Jan Kriebel - 06-12-05 16:11:56,43 Service Pack 2 ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Jan Kriebel" ((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 )))))))))))))))))))))))))))))))))) 2006-12-05 15:53 <DIR> d-------- C:\Programme\HijackThis 2006-12-01 17:47 21,504 --a------ C:\WINDOWS\jestertb.dll 2006-11-23 21:11 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2006-11-22 19:13 <DIR> d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Alnera 2006-11-22 19:12 <DIR> d-------- C:\Programme\Alnera 2006-11-22 19:04 77,824 --a------ C:\WINDOWS\system32\GkSui20.EXE 2006-11-22 19:04 <DIR> d-------- C:\Programme\RSS-Ticker 2006-11-21 20:46 57,344 --a------ C:\WINDOWS\system32\UnEnvyNT.dll 2006-11-21 20:46 <DIR> d-------- C:\Programme\Audio Deck 2006-11-21 20:40 589,120 --a------ C:\WINDOWS\system32\drivers\Envy24HF.sys 2006-11-21 20:40 254,000 --a------ C:\WINDOWS\system32\Audio3D.dll 2006-11-18 17:52 <DIR> d-------- C:\Programme\MSXML 4.0 2006-11-18 17:52 <DIR> d-------- C:\adc0cc0c79373d0b404491c31ccd 2006-11-14 14:49 <DIR> d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Ventrilo 2006-11-14 14:48 <DIR> d-------- C:\Programme\Ventrilo 2006-11-14 14:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2006-11-10 18:11 <DIR> d-------- C:\SteamBuster 2006-11-09 15:18 <DIR> d-------- C:\Programme\JanSoft 2006-11-05 14:32 <DIR> d-------- C:\Programme\GSpot 2006-11-05 11:52 <DIR> d-------- C:\Programme\Windows Media Connect 2 2006-11-05 11:49 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-05 16:11 -------- d-------- C:\Programme\Mozilla Firefox 2006-12-05 15:01 -------- d-------- C:\Programme\Mozilla Thunderbird 2006-12-04 17:27 -------- d-------- C:\Programme\Warcraft III 2006-12-02 19:26 -------- d-------- C:\Programme\World of Warcraft 2006-12-02 12:40 -------- d-------- C:\Programme\Trillian 2006-12-02 11:50 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Xfire 2006-12-01 22:34 -------- d-------- C:\Programme\Electronic Arts 2006-12-01 18:23 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-12-01 18:22 -------- d-------- C:\Programme\Activision 2006-11-25 23:57 -------- d-------- C:\Programme\EA GAMES 2006-11-25 17:12 -------- d-------- C:\Programme\WinZip 2006-11-24 15:48 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\teamspeak2 2006-11-24 15:47 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Skype 2006-11-23 21:36 -------- d-------- C:\Programme\Winamp 2006-11-22 16:48 -------- d-------- C:\Programme\RightMark3DSound 2006-11-18 22:09 -------- d---s---- C:\Programme\Xfire 2006-11-17 22:47 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-11-17 14:06 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-11-17 14:06 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-11-17 14:06 -------- d-------- C:\Programme\Symantec 2006-11-16 12:27 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared 2006-11-14 14:48 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-11-10 20:32 -------- d-------- C:\Programme\Gothic III 2006-11-10 18:42 -------- d-------- C:\Programme\Ubisoft 2006-11-08 16:50 -------- d-------- C:\Programme\phase5 2006-11-05 13:41 -------- d-------- C:\Programme\DOSBox-0.61 2006-11-05 11:52 -------- d-------- C:\Programme\Windows Media Player 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-02 14:23 2829 --a------ C:\WINDOWS\War3Unin.pif 2006-11-02 14:23 139264 --a------ C:\WINDOWS\War3Unin.exe 2006-11-01 21:23 -------- d-------- C:\Programme\iTunes 2006-11-01 21:23 -------- d-------- C:\Programme\iPod 2006-11-01 21:22 -------- d-------- C:\Programme\QuickTime 2006-11-01 21:20 -------- d-------- C:\Programme\Apple Software Update 2006-10-31 15:57 -------- d-------- C:\Programme\Tweak-XP Pro 4 2006-10-28 16:07 -------- d-------- C:\Programme\Google 2006-10-28 13:30 -------- d-------- C:\Programme\Rockstar Games 2006-10-26 12:59 -------- d-------- C:\Programme\Internet Explorer 2006-10-25 18:59 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\POPWWPROFILES 2006-10-21 19:21 -------- d-------- C:\Programme\BF2AutoLoader 2006-10-21 19:08 -------- d-------- C:\Programme\NeverwinterNights 2006-10-18 23:03 43008 --------- C:\WINDOWS\system32\wpdshextres.dll 2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe 2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe 2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll 2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll 2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll 2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll 2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll 2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll 2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll 2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll 2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll 2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll 2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll 2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll 2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll 2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll 2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll 2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll 2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll 2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll 2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll 2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll 2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll 2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll 2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll 2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll 2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll 2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll 2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll 2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll 2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll 2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll 2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll 2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll 2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll 2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll 2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll 2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll 2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll 2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll 2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll 2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll 2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll 2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll 2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll 2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll 2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll 2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll 2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll 2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll 2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll 2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll 2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll 2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe 2006-10-18 21:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe 2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-10-18 19:31 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2006-10-18 19:31 -------- d-------- C:\Programme\Illustrate 2006-10-18 19:30 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\foobar2000 2006-10-17 12:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-10-17 12:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-10-17 12:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-10-17 12:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-10-17 12:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-10-17 12:33 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-10-17 12:33 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 12:01 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-10-17 12:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-10-17 12:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-10-17 12:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-10-17 12:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-10-17 12:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-10-17 12:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-10-17 12:00 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-17 11:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 11:56 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2006-10-13 11:56 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2006-10-13 11:56 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-10-12 14:37 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe 2006-10-12 14:37 -------- d-------- C:\Programme\Radeon Omega Drivers 2006-10-12 14:37 -------- d-------- C:\Programme\MultiRes 2006-10-11 15:18 -------- d-------- C:\Programme\Prey 2006-10-10 15:32 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\DivX 2006-10-10 15:18 -------- d-------- C:\Programme\WinRAR 2006-10-10 15:16 -------- d-------- C:\Programme\DivX 2006-10-10 15:14 56 -r-hs---- C:\WINDOWS\system32\4A18A6001F.sys 2006-10-10 15:14 11690 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-10 14:10 -------- d-------- C:\Programme\ICQLite 2006-10-08 15:30 356352 --a------ C:\WINDOWS\eSellerateEngine.dll 2006-10-05 12:45 -------- d-------- C:\Programme\CopyPod 2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll 2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll 2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll 2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll 2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll 2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll 2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe 2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 22:58 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" "Steam"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Programme\\Nero\\Nero 7\\InCD\\InCD.exe" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "EnvyHFCPL"="C:\\Programme\\Audio Deck\\EnMixCPL.exe 1" "RSS_TICKER"="" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableStatusMessages"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\AutoStart IR.lnk" "backup"="C:\\WINDOWS\\pss\\AutoStart IR.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinTV\\Ir.exe /QUIET" "item"="AutoStart IR" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen für Microsoft Works-Kalender.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Erinnerungen für Microsoft Works-Kalender.lnk" "backup"="C:\\WINDOWS\\pss\\Erinnerungen für Microsoft Works-Kalender.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe " "item"="Erinnerungen für Microsoft Works-Kalender" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\InterVideo WinCinema Manager.lnk" "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech Desktop Messenger.lnk" "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start" "item"="Logitech Desktop Messenger" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package Menu.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Picture Package Menu.lnk" "backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe " "item"="Picture Package Menu" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Picture Package VCD Maker.lnk" "backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h" "item"="Picture Package VCD Maker" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Jan Kriebel^Startmenü^Programme^Autostart^Trillian.lnk] "path"="C:\\Dokumente und Einstellungen\\Jan Kriebel\\Startmenü\\Programme\\Autostart\\Trillian.lnk" "backup"="C:\\WINDOWS\\pss\\Trillian.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Trillian\\trillian.exe " "item"="Trillian" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Anti-Blaxx" "hkey"="HKLM" "command"="C:\\Programme\\Anti-Blaxx 1.18\\Anti-Blaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cli" "hkey"="HKLM" "command"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeedBuster] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FeedBuster" "hkey"="HKCU" "command"="\"C:\\Programme\\Alnera\\FeedBuster\\FeedBuster.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="isuspm" "hkey"="HKLM" "command"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackWeb-8876480" "hkey"="HKCU" "command"="\\Program\\BackWeb-8876480.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="steam" "hkey"="HKCU" "command"="\"c:\\valve\\steam\\steam.exe\" -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Programme\\Winamp\\winampa.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Jan Kriebel.job Completion time: 06-12-05 16:14:04.76 C:\ComboFix.txt ... 06-12-05 16:14 ----------------------------------------------- Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 15:06:26, on 15.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exea C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\iTunes\iTunesHelper.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Programme\HijackThis\hjt.com C:\Programme\Messenger\msmsgs.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe" O4 - Startup: ATI Tray Tools.lnk = C:\Programme\Radeon Omega Drivers\v3.8.330\2KXP_INF\SwpDrv\DelRad.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTestClient) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXProj_20060127.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175589687906 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file) O18 - Protocol: bw+0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ------------------------------------------ Mich wundert etwas, dass auf einmal kein Trojan.Vundo erkannt wird, auch die dauernden Bedrohungsmeldungen durch Norton haben aufgehört. Ich werde nochmal eine Prüfung laufen lassen, um zu schauen, ob er noch was findet. Grüße, JanK Edit: Norton hat nichts mehr gefunden. Trotzdem ist das System langsamer als sonst. Dieser Beitrag wurde am 15.06.2007 um 21:57 Uhr von JanK editiert.
|
|
|
||
18.06.2007, 07:30
Member
Beiträge: 3716 |
#4
überprüfe bitte:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe bei virus toatal ergebeniss komplett posten mit additional informaition www.virustotal.com sind noch probleme bemerkbar?b |
|
|
||
18.06.2007, 17:45
Member
Themenstarter Beiträge: 16 |
#5
Hier ist das ergebnis der VirusTotal-Prüfung:
Antivirus Version Update Result AhnLab-V3 2007.6.16.0 06.18.2007 no virus found AntiVir 7.4.0.32 06.18.2007 TR/Crypt.XPACK.Gen Authentium 4.93.8 06.16.2007 no virus found Avast 4.7.997.0 06.18.2007 no virus found AVG 7.5.0.467 06.17.2007 PSW.Generic4.SZY BitDefender 7.2 06.18.2007 no virus found CAT-QuickHeal 9.00 06.18.2007 no virus found ClamAV devel-20070416 06.18.2007 no virus found DrWeb 4.33 06.18.2007 no virus found eSafe 7.0.15.0 06.17.2007 Win32.OnLineGames.es eTrust-Vet 30.7.3726 06.18.2007 no virus found Ewido 4.0 06.18.2007 Trojan.OnLineGames.es FileAdvisor 1 06.18.2007 No Thread detected Fortinet 2.85.0.0 06.18.2007 W32/OnLineGames.ES!tr.pws F-Prot 4.3.2.48 06.15.2007 no virus found F-Secure 6.70.13030.0 06.18.2007 Trojan-PSW.Win32.OnLineGames.es Ikarus T3.1.1.8 06.18.2007 Dialer Kaspersky 4.0.2.24 06.18.2007 Trojan-PSW.Win32.OnLineGames.es McAfee 5054 06.15.2007 no virus found Microsoft 1.2607 06.18.2007 no virus found NOD32v2 2336 06.18.2007 no virus found Norman 5.80.02 06.18.2007 W32/OnLineGames.HAJ Panda 9.0.0.4 06.17.2007 Suspicious file Prevx1 V2 06.18.2007 no virus found Sophos 4.18.0 06.12.2007 no virus found Sunbelt 2.2.907.0 06.16.2007 no virus found Symantec 10 06.18.2007 no virus found TheHacker 6.1.6.134 06.18.2007 Trojan/PSW.OnLineGames.es VBA32 3.12.0.2 06.15.2007 no virus found VirusBuster 4.3.23:9 06.18.2007 no virus found Webwasher-Gateway 6.0.1 06.18.2007 Trojan.Crypt.XPACK.Gen Aditional Information File size: 57344 bytes MD5: 1ebf8962ffde5d7dcc73e55377b91273 SHA1: 3d78e0e8c0905c9e643939b73d5c96c9621ad9be packers: UPX packers: UPX Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1ebf8962ffde5d7dcc73e55377b91273 packers: UPX Ansonsten keine bemerkbaren Probleme mehr. |
|
|
||
19.06.2007, 16:34
Ehrenmitglied
Beiträge: 6028 |
#6
Schliesse alle Fenster und starte Hijack This
Klicke:Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 klicke:Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Loeschen und Papierkorb leeren C:\Qoobox C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe Und Berichte __________ MfG Argus |
|
|
||
19.06.2007, 19:32
Member
Themenstarter Beiträge: 16 |
||
|
||
19.06.2007, 19:38
Ehrenmitglied
Beiträge: 6028 |
#8
Systemwiederherstellung
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Neu Starten Dann wieder aktivieren Dein Java software ist veraltet,download jre-6-windows-i586.exe Srcolle runter nach ---->Java Runtime Environment (JRE) 6u1 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf "Download" Setze in haeckchen bei --->"Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6-windows-i586.exe”zum Desktop zu installieren Schliesse alle Programme auch dein Webbrowser Ueber "Start -> Einstellungen -> Systemsteuerung -> Software Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde --->Rechner neu starten Installiere jetzt vom Desktop aus ---> “jre-6-windows-i586.exe” __________ MfG Argus |
|
|
||
19.06.2007, 20:57
Member
Themenstarter Beiträge: 16 |
||
|
||
Ich brauche mal wieder Hilfe. Seit ein paar Tagen weisst mich Norton Antivirus 2006 immer wieder auf Bedrohungen hin, die auch sofort blockiert werden. Bei einem vollständigen Scan fand Norton 8 Bedrohungen, die auch sofort repariert werden sein sollen. Doch nach einem Neustart hatte ich sehr schnell wieder dieselben Warnungen.
Spybot S&D findet "Smitfraud-C.toolbara888".
Mir scheint, mein System ist völlig verseucht, ich poste einfach mal die Logs:
Combfix:
ComboFix 07-06-13.3 - C:\Downloads\ComboFix.exe
"Jan Kriebel" - 2007-06-15 14:27:22 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\winwim32.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))
2007-06-15 14:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-14 20:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-13 22:08 57,344 --a------ C:\DOKUME~1\ALLUSE~1\ANWEND~1\gtuncnqj.exe
2007-06-13 19:08 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\WinSplit
2007-06-13 16:36 <DIR> d-------- C:\Programme\Rapidown
2007-06-06 21:57 49,536 --a------ C:\WINDOWS\system32\drivers\aastj30w.sys
2007-06-06 14:33 <DIR> d-------- C:\Programme\Ray Adams
2007-06-03 12:20 <DIR> d-------- C:\Programme\Photodex Presenter
2007-06-03 12:20 <DIR> d-------- C:\Programme\Photodex
2007-06-03 12:20 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\Netscape
2007-06-03 12:17 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\Photodex
2007-06-02 22:08 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-06-02 22:04 <DIR> d-------- C:\Programme\OO Software
2007-06-01 17:49 <DIR> d-------- C:\Programme\Sierra
2007-05-29 21:12 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\Command & Conquer 3 Tiberium Wars
2007-05-29 19:17 <DIR> d-------- C:\Programme\Valve
2007-05-25 13:20 <DIR> d-------- C:\Programme\FLVPlayer
2007-05-25 13:17 <DIR> d-------- C:\DOKUME~1\JANKRI~1\dwhelper
2007-05-19 22:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-19 15:51 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-19 15:51 67,584 --a------ C:\WINDOWS\ScUnin.exe
2007-05-19 15:51 11,213 --a------ C:\WINDOWS\scunin.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-14 21:08:25 -------- d-----w C:\Programme\Trillian
2007-06-14 21:08:13 -------- d-----w C:\Programme\Symantec
2007-06-14 20:51:18 -------- d-----w C:\Programme\iTunes
2007-06-14 20:49:54 -------- d-----w C:\Programme\Google
2007-06-14 20:47:19 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-06-14 20:13:50 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Symantec
2007-06-14 19:21:49 -------- d-----w C:\Programme\Messenger
2007-06-14 12:28:44 -------- d-----w C:\Programme\Tweak-XP Pro 4
2007-06-14 05:05:23 -------- d-----w C:\Programme\Norton AntiVirus
2007-06-13 19:36:19 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-13 19:34:31 -------- d-----w C:\Programme\CyberLink
2007-06-13 18:05:43 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\OpenOffice.org2
2007-06-12 13:33:28 -------- d-----w C:\Programme\Gothic III
2007-06-06 11:09:55 -------- d-----w C:\Programme\iPod
2007-06-06 11:02:03 -------- d-----w C:\Programme\QuickTime
2007-06-01 15:56:27 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-01 12:30:57 -------- d-----w C:\Programme\World of Warcraft
2007-05-31 17:37:03 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Hamachi
2007-05-31 16:25:13 -------- d-----w C:\Programme\Winamp
2007-05-31 15:27:53 -------- d-----w C:\Programme\EA GAMES
2007-05-29 16:56:38 -------- d-----w C:\Programme\Electronic Arts
2007-05-29 16:52:23 -------- d-----w C:\Programme\Jade Empire
2007-05-27 22:42:41 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Xfire
2007-05-27 22:39:42 -------- d-s---w C:\Programme\Xfire
2007-05-27 16:27:28 -------- d-----w C:\Programme\UI Central
2007-05-27 13:06:06 -------- d-----w C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2007-05-26 21:02:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-26 20:04:22 -------- d-----w C:\Programme\Paint.NET
2007-05-26 15:40:55 -------- d-----w C:\Programme\Rockstar Games
2007-05-20 11:54:10 -------- d-----w C:\Programme\Starcraft
2007-05-19 17:31:39 -------- d-----w C:\Programme\Ubisoft
2007-05-19 17:22:36 -------- d-----w C:\Programme\Ulead Systems
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 12:05:51 -------- d-----w C:\Programme\WoW Model Viewer
2007-05-13 13:42:20 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Skype
2007-05-11 12:14:36 -------- d-----w C:\Programme\Worms 4 Mayhem
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:07:38 206,344 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:07:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:07:22 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:07:20 16,904 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:19:26 38,160 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-05-10 10:53:28 -------- d-----w C:\Programme\Microsoft CAPICOM 2.1.0.2
2007-05-06 17:12:12 -------- d-----w C:\Programme\Guitar Pro 5
2007-04-26 17:54:22 -------- d-----w C:\Programme\TV-Browser
2007-04-26 17:52:40 -------- d-----w C:\Programme\TVgenial
2007-04-26 13:51:09 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\MusicIP
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-19 14:31:24 -------- d-----w C:\Programme\Mozilla Thunderbird
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-15 18:14:09 -------- d-----w C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2007-04-15 09:12:22 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-06 14:11:32 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-02 14:27:45 15,555 ----a-w C:\WINDOWS\mozver.dat
2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-25 10:01:37 74,996 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 10:01:37 415,470 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2006-10-10 14:14:19 56 --sh--r C:\WINDOWS\system32\4A18A6001F.sys
2006-10-10 14:14:19 11,690 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Programme\Norton AntiVirus\NavShExt.dll [2007-06-07 14:44]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar4.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-21 19:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Programme\Nero\Nero 7\InCD\InCD.exe" []
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-02-22 12:11]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"LanguageShortcut"="C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"gtuncnqj.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe" [2007-06-13 22:08]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"Steam"="" []
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 19:24]
"AtiTrayTools"="C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 11:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\GEMEIN~1\Stardock\MCPCore.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen für Microsoft Works-Kalender.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk
backup=C:\WINDOWS\pss\Erinnerungen für Microsoft Works-Kalender.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package Menu.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Jan Kriebel^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
path=C:\Dokumente und Einstellungen\Jan Kriebel\Startmenü\Programme\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Jan Kriebel^Startmenü^Programme^Autostart^Trillian.lnk]
path=C:\Dokumente und Einstellungen\Jan Kriebel\Startmenü\Programme\Autostart\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
C:\Programme\Anti-Blaxx 1.18\Anti-Blaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
C:\Programme\Audio Deck\EnMixCPL.exe 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeedBuster]
"C:\Programme\Alnera\FeedBuster\FeedBuster.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\valve\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe
Contents of the 'Scheduled Tasks' folder
2007-06-06 10:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-08 19:49:48 C:\WINDOWS\tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Jan Kriebel.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 14:32:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-15 14:36:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-15 14:35
C:\ComboFix2.txt ... 2006-12-05 17:14
--- E O F ---
---------------------------------------------------------------
Außerdem wurde noch eine Datei namens Combofix-quarantine erstellt. Das hier stand darin:
Code
---------------------------------------------------------------------HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 14:40:25, on 15.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: ATI Tray Tools.lnk = C:\Programme\Radeon Omega Drivers\v3.8.330\2KXP_INF\SwpDrv\DelRad.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTestClient) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXProj_20060127.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175589687906
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: bw+0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
----------------------------------------------------------
Datfind.bat:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 98F9-620B
Verzeichnis von C:\WINDOWS\system32
15.06.2007 14:31 33.202 oodbs.lor
14.06.2007 22:03 2.550 Uninstall.ico
14.06.2007 22:03 1.406 Help.ico
14.06.2007 22:03 30.590 pavas.ico
14.06.2007 20:25 0 asfiles.txt
13.06.2007 14:07 12.598 wpa.dbl
06.06.2007 08:38 15.747.032 MRT.exe
01.06.2007 17:56 43.520 CmdLineExt03.dll
27.05.2007 11:30 263.264 FNTCACHE.DAT
26.05.2007 23:02 108.144 CmdLineExt.dll
19.05.2007 22:08 86.016 ElbyCDIO.dll
16.05.2007 17:11 683.520 inetcomm.dll
11.05.2007 02:09 1.050.120 oodag.exe
11.05.2007 02:08 2.512.392 oodtray.exe
11.05.2007 02:08 194.056 oodbs.exe
11.05.2007 02:07 206.344 oodtrrs.dll
11.05.2007 02:07 15.880 oodagrs.dll
11.05.2007 02:07 10.248 oodbsrs.dll
11.05.2007 02:07 16.904 oodagmg.dll
10.05.2007 23:18 15.368 ootmapi.dll
08.05.2007 10:59 3.583.488 mshtml.dll
27.04.2007 09:42 65.536 QuickTimeVR.qtx
27.04.2007 09:42 49.152 QuickTime.qts
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 822.784 wininet.dll
25.04.2007 09:42 232.960 webcheck.dll
25.04.2007 09:42 1.152.000 urlmon.dll
25.04.2007 09:42 105.984 url.dll
25.04.2007 09:42 102.400 occache.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 1.824.768 inetcpl.cpl
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 132.608 extmgr.dll
25.04.2007 09:41 153.088 ieakeng.dll
25.04.2007 09:41 124.928 advpack.dll
25.04.2007 09:41 230.400 ieaksie.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
18.04.2007 18:13 2.854.400 SET11.tmp
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 17:53 1.058.304 kernel32.dll
15.04.2007 11:12 108.544 pxcpyi64.exe
06.04.2007 16:11 48.776 S32EVNT1.DLL
02.04.2007 14:21 428.032 swreg.exe
28.03.2007 18:51 538.256 SymNeti.dll
28.03.2007 18:51 161.424 SymRedir.dll
25.03.2007 12:01 401.064 perfh009.dat
25.03.2007 12:01 62.344 perfc009.dat
25.03.2007 12:01 415.470 perfh007.dat
25.03.2007 12:01 74.996 perfc007.dat
25.03.2007 12:01 966.250 PerfStringBackup.INI
17.03.2007 15:44 293.376 winsrv.dll
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:32 1.843.712 win32k.sys
08.03.2007 14:31 45 initdebug.nfo
08.03.2007 01:51 39.672 vxblock.dll
08.03.2007 01:51 1.628.920 pxsfs.dll
08.03.2007 01:51 187.128 pxmas.dll
08.03.2007 01:51 379.640 pxwave.dll
08.03.2007 01:51 64.760 pxinsa64.exe
08.03.2007 01:51 129.784 pxafs.dll
08.03.2007 01:51 547.576 px.dll
08.03.2007 01:51 64.760 pxcpya64.exe
08.03.2007 01:51 510.712 pxdrv.dll
08.03.2007 01:51 72.440 pxhpinst.exe
28.02.2007 18:02 2.059.904 ntkrnlpa.exe
28.02.2007 18:02 2.182.656 ntoskrnl.exe
-----------------------------------------------------------------
Ich hoffe, ihr könnt mir helfen, und bedanke mich schonmal im Voraus.
Grüße, JanK