Home » Viren, Trojaner & Malware Forum » Appl/nircmd.3 Appl/aclset » Themenansicht

Appl/nircmd.3 Appl/aclset
#0
11.01.2008, 19:12
Piodre
Member

Beiträge: 25
#1 habe seit dem ich bei avir die experteneinstellung eingegeben habe andauernd meldungen...wie s.o.+APPL/KillApp.A sie tauchen in verbindung mit hp.exe dateien auf und eins bei c:\windows\NirCmd.exe
wie soll ich damit umgehen?habe zuerst alles in quarantäne getan.

ComboFix 08-01-04.1 - P&H 2008-01-11 18:38:50.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.969 [GMT 1:00]
ausgeführt von:: C:\Users\P&H\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe nicht gefunden

.
((((((((((((((((((((((( Dateien erstellt von 2007-12-11 bis 2008-01-11 ))))))))))))))))))))))))))))))
.

2008-01-11 18:38 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-11 17:04 . 2008-01-11 17:04 27,430 --a------ C:\Users\Helena\AppData\Roaming\nvModes.dat
2008-01-11 08:50 . 2008-01-11 08:50 <DIR> d-------- C:\Users\Helena\AppData\Roaming\Hewlett-Packard
2008-01-11 08:49 . 2008-01-11 08:49 <DIR> d-------- C:\Users\Helena\Bluetooth Software
2008-01-11 08:49 . 2008-01-11 08:49 <DIR> d-------- C:\Users\Helena\AppData\Roaming\Macrovision
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Videos
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Searches
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Saved Games
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Pictures
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Music
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Links
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Downloads
2008-01-11 08:48 . 2008-01-11 08:49 <DIR> dr------- C:\Users\Helena\Documents
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> dr------- C:\Users\Helena\Contacts
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> d-------- C:\Users\Helena\AppData\Roaming\Ulead Systems
2008-01-11 08:48 . 2006-11-02 13:37 <DIR> d-------- C:\Users\Helena\AppData\Roaming\Media Center Programs
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> d-------- C:\Users\Helena\AppData\Roaming\DigitalPersona
2008-01-11 08:48 . 2008-01-11 08:48 <DIR> d--h----- C:\Users\Helena\AppData
2008-01-10 07:51 . 2008-01-10 07:51 <DIR> d-------- C:\Users\P&H\AppData\Roaming\dvdcss
2008-01-10 07:27 . 2008-01-10 07:28 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Ulead Systems
2008-01-10 07:26 . 2008-01-10 07:26 <DIR> d-------- C:\Users\All Users\InterVideo
2008-01-10 07:26 . 2008-01-10 07:26 <DIR> d-------- C:\ProgramData\InterVideo
2008-01-10 07:26 . 2008-01-10 07:26 <DIR> d-------- C:\Program Files\Windows Media Components
2008-01-10 07:26 . 2008-01-10 07:26 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-01-10 07:26 . 2007-03-27 19:56 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-01-10 07:26 . 2007-03-27 19:56 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-01-10 07:26 . 2007-03-27 19:56 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-01-10 07:26 . 2007-03-27 19:56 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-01-10 07:26 . 2007-03-27 19:56 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
2008-01-10 07:26 . 2007-03-27 19:56 26,136 --a------ C:\Windows\System32\IVIresize.dll
2008-01-10 07:25 . 2008-01-10 07:27 <DIR> d-------- C:\Users\All Users\Ulead Systems
2008-01-10 07:25 . 2008-01-10 07:27 <DIR> d-------- C:\ProgramData\Ulead Systems
2008-01-10 07:25 . 2008-01-10 07:26 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-01-10 07:08 . 2008-01-10 07:08 3,938 --a------ C:\Windows\System32\ealregsnapshot1.reg
2008-01-10 07:06 . 2008-01-10 07:07 <DIR> d-------- C:\Program Files\AdVantage
2008-01-10 07:05 . 2008-01-10 07:53 <DIR> d-------- C:\Users\P&H\AppData\Roaming\DAEMON Tools
2008-01-10 07:05 . 2008-01-10 07:06 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-10 07:00 . 2008-01-10 07:00 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2008-01-09 16:16 . 2008-01-09 16:16 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Ashampoo
2008-01-09 16:15 . 2008-01-09 16:15 <DIR> d-------- C:\Users\All Users\ashampoo
2008-01-09 16:15 . 2008-01-09 16:15 <DIR> d-------- C:\ProgramData\ashampoo
2008-01-09 16:15 . 2008-01-09 16:15 <DIR> d-------- C:\Program Files\Ashampoo
2008-01-09 08:29 . 2008-01-09 08:29 0 --a------ C:\Users\P&H\AppData\Roaming\wklnhst.dat
2008-01-09 07:05 . 2008-01-09 07:05 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 07:05 . 2008-01-09 07:05 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 07:05 . 2008-01-09 07:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 07:05 . 2008-01-09 07:05 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 07:05 . 2008-01-09 07:05 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 07:04 . 2008-01-09 07:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 07:04 . 2008-01-09 07:04 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 07:03 . 2008-01-09 07:03 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 07:03 . 2008-01-09 07:03 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 07:03 . 2008-01-09 07:03 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 07:03 . 2008-01-09 07:03 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 07:03 . 2008-01-09 07:03 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 07:03 . 2008-01-09 07:03 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 07:03 . 2008-01-09 07:03 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 07:03 . 2008-01-09 07:03 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-08 16:24 . 2008-01-09 08:38 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-01-08 16:24 . 2008-01-09 08:38 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-01-08 16:24 . 2008-01-08 16:24 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-08 16:24 . 2008-01-09 21:07 6,705,696 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-01-08 16:24 . 2008-01-09 21:07 107,952 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-01-08 16:24 . 2008-01-09 21:07 29,984 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-01-08 16:24 . 2008-01-09 21:07 4,356 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-01-08 08:23 . 2008-01-08 08:23 <DIR> d-------- C:\Users\P&H\AppData\Roaming\ICQ Toolbar
2008-01-07 14:53 . 2008-01-07 14:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 17:48 . 2008-01-06 17:48 <DIR> d-------- C:\Users\P&H\AppData\Roaming\WildTangent
2008-01-06 13:40 . 2008-01-06 13:40 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-06 12:13 . 2008-01-09 16:15 <DIR> d-------- C:\Program Files\ICQToolbar
2008-01-06 12:12 . 2008-01-06 12:37 <DIR> d-------- C:\Users\P&H\AppData\Roaming\ICQ
2008-01-06 12:12 . 2008-01-06 12:37 <DIR> d-------- C:\Program Files\ICQ6
2008-01-06 12:11 . 2008-01-06 12:11 <DIR> d-------- C:\Users\P&H\AppData\Roaming\InstallShield
2008-01-06 02:32 . 2008-01-06 02:32 <DIR> d-------- C:\Users\P&H\AppData\Roaming\vlc
2008-01-06 01:54 . 2008-01-06 01:54 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-06 01:29 . 2008-01-06 01:29 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Thunderbird
2008-01-06 01:29 . 2008-01-06 01:29 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-01-05 20:11 . 2008-01-09 08:03 <DIR> d-------- C:\Program Files\PokerStars
2008-01-05 18:23 . 2003-07-20 19:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-01-05 18:23 . 2005-01-04 10:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-01-05 18:16 . 2008-01-05 18:24 <DIR> d-------- C:\Users\All Users\NexonUS
2008-01-05 18:16 . 2008-01-05 18:24 <DIR> d-------- C:\ProgramData\NexonUS
2008-01-05 18:02 . 2008-01-11 17:06 27,145 --a------ C:\Users\P&H\AppData\Roaming\nvModes.dat
2008-01-05 16:04 . 2008-01-10 16:35 <DIR> d-------- C:\Users\P&H\AppData\Roaming\skypePM
2008-01-05 16:04 . 2008-01-05 16:04 32 --a------ C:\Users\All Users\ezsid.dat
2008-01-05 16:04 . 2008-01-05 16:04 32 --a------ C:\ProgramData\ezsid.dat
2008-01-05 15:59 . 2008-01-10 20:51 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Skype
2008-01-05 15:58 . 2008-01-05 15:59 <DIR> d-------- C:\Users\All Users\Skype
2008-01-05 15:58 . 2008-01-05 15:59 <DIR> d-------- C:\ProgramData\Skype
2008-01-05 15:58 . 2008-01-05 15:59 <DIR> d-------- C:\Program Files\Skype
2008-01-05 15:58 . 2008-01-05 15:58 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\Users\P&H\AppData\Roaming\HP
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\Users\P&H\AppData\Roaming\CyberLink
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\Users\All Users\HP
2008-01-05 15:20 . 2008-01-05 15:20 <DIR> d-------- C:\ProgramData\HP
2008-01-05 14:59 . 2008-01-05 14:59 <DIR> d-------- C:\Users\P&H\AppData\Roaming\Talkback
2008-01-05 14:58 . 2008-01-05 14:58 0 --a------ C:\Windows\nsreg.dat
2008-01-05 14:51 . 2008-01-05 14:51 <DIR> d-------- C:\Users\All Users\Avira
2008-01-05 14:51 . 2008-01-05 14:51 <DIR> d-------- C:\ProgramData\Avira
2008-01-05 14:51 . 2008-01-05 14:51 <DIR> d-------- C:\Program Files\Avira

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 06:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 06:16 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 06:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 06:04 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 06:04 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 06:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 06:03 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-05 13:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-05 13:35 --------- d-----w C:\ProgramData\Symantec
2008-01-05 13:21 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-05 13:21 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-05 13:21 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-05 13:21 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-05 13:21 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-05 13:21 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-05 13:21 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-05 13:21 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-05 13:21 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-05 13:21 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-01-05 13:21 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-05 13:21 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-05 13:21 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-05 13:21 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-05 13:21 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-05 13:21 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-05 13:21 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-05 13:21 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-05 13:21 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-01-05 13:21 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-05 13:19 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-05 13:19 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-05 13:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-05 13:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-05 13:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-05 13:19 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-05 13:19 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-05 13:13 --------- d-----w C:\Program Files\Java
2008-01-05 13:01 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Vorlagen
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Startmenü
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Favoriten
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Dokumente
2008-01-05 12:38 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-01-05 12:38 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2007-12-14 01:41 --------- d-----w C:\Program Files\Online-Dienste
2007-12-14 01:37 --------- d-----w C:\Program Files\CyberLink
2007-12-14 01:34 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-14 01:32 --------- d-----w C:\Program Files\Hp
2007-12-14 01:24 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-12-14 01:24 315,392 ----a-w C:\Windows\HideWin.exe
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Journal
2007-11-27 06:08 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-27 06:07 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-11-27 06:07 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-11-27 06:07 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-11-27 06:07 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-11-27 06:07 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-11-27 06:07 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-11-27 06:07 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-11-27 06:07 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-11-27 06:07 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-11-26 23:38 --------- d-----w C:\Program Files\Common Files\Java
2007-11-26 23:28 39,936 ----a-w C:\Windows\System32\dwmapi.dll
2007-11-26 23:28 2,016,256 ----a-w C:\Windows\System32\milcore.dll
2007-11-26 23:28 1,585,152 ----a-w C:\Windows\System32\setupapi.dll
2007-11-26 23:27 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-26 23:27 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-26 23:27 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-26 23:27 38,912 ----a-w C:\Windows\system32\drivers\hidclass.sys
2007-11-26 23:27 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-26 23:27 25,472 ----a-w C:\Windows\system32\drivers\hidparse.sys
2007-11-26 23:27 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-26 23:27 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-26 23:27 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-26 23:27 132,864 ----a-w C:\Windows\system32\drivers\usbvideo.sys
2007-11-26 23:27 12,288 ----a-w C:\Windows\system32\drivers\hidusb.sys
2007-11-26 23:26 50,792 ----a-w C:\Windows\system32\drivers\termdd.sys
2007-11-26 23:26 50,280 ----a-w C:\Windows\system32\drivers\volmgr.sys
2007-11-26 23:26 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2007-11-26 23:26 28,776 ----a-w C:\Windows\system32\drivers\mssmbios.sys
2007-11-26 23:26 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2007-11-26 23:26 22,632 ----a-w C:\Windows\System32\streamci.dll
2007-11-26 23:26 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2007-11-26 23:26 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2007-11-26 23:26 140,392 ----a-w C:\Windows\system32\drivers\pci.sys
2007-11-26 23:26 13,928 ----a-w C:\Windows\system32\drivers\msisadrv.sys
2007-11-26 23:26 12,776 ----a-w C:\Windows\system32\drivers\swenum.sys
2007-11-26 23:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-26 23:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-26 23:21 --------- d-----w C:\Program Files\Alice
2007-11-26 23:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-26 23:10 --------- d-----w C:\ProgramData\Microsoft Help
2007-11-26 23:09 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-11-26 23:09 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-26 23:08 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-26 23:08 --------- d-----w C:\Program Files\Microsoft Works
2007-11-26 22:51 97,792 ----a-w C:\Windows\System32\sdshext.dll
2007-11-26 22:51 727,040 ----a-w C:\Windows\System32\sdengin2.dll
2007-11-26 22:51 102,912 ----a-w C:\Windows\System32\sdrsvc.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-07_15.07.26,52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-07 14:01:16 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-11 16:01:30 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-05 13:24:08 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-01-09 06:15:57 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-01-06 18:23:56 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-01-10 06:17:52 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-01-05 13:35:07 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-01-09 07:38:06 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-01-06 18:23:56 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-01-10 06:17:52 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-01-09 07:43:51 7,598 ----a-r C:\Windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ARPPRODUCTICON.exe
+ 2008-01-09 07:43:52 7,598 ----a-r C:\Windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_desktop_shortcut_F557710133CC471182353A95BCD49DB0.exe
+ 2008-01-09 07:43:51 7,598 ----a-r C:\Windows\Installer\{EF7E931D-DC84-471B-8DB6-A83358095474}\ead_startmenu_shortc_F557710133CC471182353A95BCD49DB0.exe
+ 2008-01-10 06:26:23 292,878 ----a-r C:\Windows\Installer\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\ARPPRODUCTICON.exe
- 2008-01-07 14:02:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-11 17:01:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-07 14:03:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-11 05:16:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-11 05:16:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-07 14:02:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-11 16:07:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-07 14:03:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-11 05:16:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-11 05:16:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-07 13:52:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-11 16:01:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-07 13:52:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-11 16:01:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-07 13:52:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-11 16:01:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-07 14:04:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-11 17:38:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-11 17:38:46 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-01-09 06:03:53 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\aliide.sys
+ 2008-01-09 06:03:53 17,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\amdide.sys
+ 2008-01-09 06:03:53 21,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
+ 2008-01-09 06:03:53 109,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\ataport.sys
+ 2008-01-09 06:03:53 19,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\cmdide.sys
+ 2008-01-09 06:03:53 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\intelide.sys
+ 2008-01-09 06:03:53 25,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\msahci.sys
+ 2008-01-09 06:03:53 15,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\pciide.sys
+ 2008-01-09 06:03:53 45,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\pciidex.sys
+ 2008-01-09 06:03:53 20,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\viaide.sys
+ 2008-01-09 06:03:52 211,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
- 2008-01-05 13:26:19 302,920 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-01-11 05:14:18 320,456 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2006-11-02 09:46:11 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll
+ 2008-01-09 06:05:15 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll
- 2007-12-02 14:00:06 18,684,536 ----a-w C:\Windows\System32\mrt.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\Windows\System32\mrt.exe
- 2008-01-07 13:41:33 116,706 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-01-11 05:22:30 116,706 ----a-w C:\Windows\System32\perfc007.dat
- 2008-01-07 13:41:33 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-11 05:22:30 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-07 13:41:33 641,344 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-01-11 05:22:30 641,344 ----a-w C:\Windows\System32\perfh007.dat
- 2008-01-07 13:41:33 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-11 05:22:30 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-06 13:01:23 6,119,424 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-01-10 20:11:58 6,119,424 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-01-07 14:03:53 3,908 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2227462880-3420938934-2899272877-1000_UserData.bin
+ 2008-01-11 05:16:41 5,016 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2227462880-3420938934-2899272877-1000_UserData.bin
- 2008-01-07 14:03:53 53,896 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-11 05:16:41 56,996 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-07 14:03:50 30,248 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-11 05:16:39 32,470 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-09 06:04:05 2,143,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16581_none_09e8791bf5640942\AcGenral.dll
+ 2008-01-09 06:04:05 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20704_none_0acb980b0e3e12b0\AcGenral.dll
+ 2008-01-09 06:04:05 449,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16581_none_09e97965f5632299\AcSpecfc.dll
+ 2008-01-09 06:04:05 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20704_none_0acc98550e3d2c07\AcSpecfc.dll
+ 2008-01-09 06:04:04 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16581_none_09ea79aff5623bf0\AcLayers.dll
+ 2008-01-09 06:04:04 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16581_none_09ea79aff5623bf0\AcXtrnal.dll
+ 2008-01-09 06:04:04 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20704_none_0acd989f0e3c455e\AcLayers.dll
+ 2008-01-09 06:04:04 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20704_none_0acd989f0e3c455e\AcXtrnal.dll
+ 2008-01-09 06:04:03 1,686,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16581_none_3fc48f6cc4566c42\gameux.dll
+ 2008-01-09 06:04:04 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16581_none_3fc48f6cc4566c42\GameUXLegacyGDFs.dll
+ 2008-01-09 06:04:03 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20704_none_40a7ae5bdd3075b0\gameux.dll
+ 2008-01-09 06:04:03 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20704_none_40a7ae5bdd3075b0\GameUXLegacyGDFs.dll
+ 2008-01-09 06:03:52 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16588_none_4cd3eb749205a268\nwifi.sys
+ 2008-01-09 06:03:52 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20711_none_4da23793aaf0ca61\nwifi.sys
+ 2008-01-09 06:05:15 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.16615_none_0e42ce98545690c8\netcfg.exe
+ 2008-01-09 06:05:15 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.20739_none_0ebaccb36d80cdd0\netcfg.exe
+ 2008-01-09 06:05:15 216,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16567_none_547b4ec7b851524e\netio.sys
+ 2008-01-09 06:05:15 217,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20689_none_54f14c4ed17d5ca8\netio.sys
+ 2008-01-09 06:03:53 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
+ 2008-01-09 06:03:53 1,061,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
+ 2008-01-09 06:05:20 2,414,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16618_none_f09f0de26e54a8df\OESpamFilter.dat
+ 2008-01-09 06:05:20 2,414,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20743_none_f1033977878f1dc9\OESpamFilter.dat
+ 2008-01-09 06:03:30 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbdrop.dll
+ 2008-01-09 06:03:29 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sbunattend.exe
+ 2008-01-09 06:03:30 1,232,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.16615_none_ccf09e9d29852489\sidebar.exe
+ 2008-01-09 06:03:29 66,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbdrop.dll
+ 2008-01-09 06:03:29 11,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sbunattend.exe
+ 2008-01-09 06:03:29 1,232,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6000.20740_none_cd54ca3242bf9973\sidebar.exe
+ 2008-01-09 06:05:15 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\netiomig.dll
+ 2008-01-09 06:05:15 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\netiougc.exe
+ 2008-01-09 06:05:15 802,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
+ 2008-01-09 06:05:15 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpipcfg.dll
+ 2008-01-09 06:05:15 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\netiomig.dll
+ 2008-01-09 06:05:15 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\netiougc.exe
+ 2008-01-09 06:05:15 804,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
+ 2008-01-09 06:05:15 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpipcfg.dll
+ 2008-01-10 06:26:47 1,015,808 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0\msvcm80d.dll
+ 2008-01-10 06:26:47 1,028,096 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0\msvcp80d.dll
+ 2008-01-10 06:26:47 1,171,456 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0\msvcr80d.dll
+ 2008-01-10 06:26:39 2,375,680 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23\mfc80d.dll
+ 2008-01-10 06:26:39 2,379,264 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23\mfc80ud.dll
+ 2008-01-10 06:26:39 114,688 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23\mfcm80d.dll
+ 2008-01-10 06:26:39 102,400 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23\mfcm80ud.dll
+ 2008-01-10 06:26:46 102,400 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.debugopenmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_6f8aad028b2b822a\vcompd.dll
+ 2008-01-10 06:26:48 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087\vcomp.dll
+ 2008-01-09 06:03:53 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\aliide.sys
+ 2008-01-09 06:03:53 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\amdide.sys
+ 2008-01-09 06:03:53 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
+ 2008-01-09 06:03:53 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\ataport.sys
+ 2008-01-09 06:03:53 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\cmdide.sys
+ 2008-01-09 06:03:53 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\intelide.sys
+ 2008-01-09 06:03:53 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\msahci.sys
+ 2008-01-09 06:03:53 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\pciide.sys
+ 2008-01-09 06:03:53 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\pciidex.sys
+ 2008-01-09 06:03:53 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\viaide.sys
+ 2008-01-09 06:03:53 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\aliide.sys
+ 2008-01-09 06:03:53 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\amdide.sys
+ 2008-01-09 06:03:53 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
+ 2008-01-09 06:03:52 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\ataport.sys
+ 2008-01-09 06:03:52 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\cmdide.sys
+ 2008-01-09 06:03:52 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\intelide.sys
+ 2008-01-09 06:03:52 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\msahci.sys
+ 2008-01-09 06:03:53 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\pciide.sys
+ 2008-01-09 06:03:53 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\pciidex.sys
+ 2008-01-09 06:03:53 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\viaide.sys
+ 2008-01-09 06:03:52 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
+ 2008-01-09 06:03:52 211,000 ----a-w C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [2008-01-05 14:14 162744]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 14:34 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 14:27 4702208 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 07:02 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 14:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 13:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 11:12 671744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-26 22:57 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 08:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-05 14:53 249896]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 10:45 222208]
"UVS11 Preload"="D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-09-30 19:34]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 19:34]
R3 btwaudio;Bluetooth-Audiogerät;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 14:12]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 14:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 14:12]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 16:09]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 00:17]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-07-30 23:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs REG_MULTI_SZ BthServ

.
Inhalt des "geplante Tasks" Ordners
"2008-01-11 16:29:33 C:\Windows\Tasks\User_Feed_Synchronization-{60C00466-13F2-4B7B-9A58-3CA3FDE66926}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 18:40:42
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-11 18:41:16
ComboFix-quarantined-files.txt 2008-01-11 17:41:13
ComboFix2.txt 2008-01-07 14:07:49
ComboFix3.txt 2008-01-06 13:07:26
.
2008-01-11 16:08:53 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:20, on 11.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [UVS11 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10126 bytes

datfind.bat öffnet nur kurz und schließt dann wieder direkt?muß ich etwas bei meinen einstellungen ändern?
__________
Intel Core 2Duo 2,2GHz,2GB Ram
Nvidia GForce 8600M GS
Seitenanfang Seitenende
11.01.2008, 21:16
Pinguin
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#2 Piodre

das sind keine viren, es sind Anwendungen, eine z.b. von Combofix - dein Rechner ist sauber ;)
schreib mal an Antivirus und teile es mit, so können sie die Erkennung umstellen, um niemanden zu verunsichern.
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1