3x iexplore.exe, 1x explorer.exe Rechner lahm

#0
11.04.2009, 19:21
Member

Beiträge: 47
#1 Hallo,
Ich bin wieder zurück, so langsam wird mir das peinlich aber ich habe seit einer gewissen zeit ein komisches gefühl wenn ich am rechner sitze und zwar ist mein rechner sehr lahm und dadurch auch das Internet. Ich habe im Task Manager 3x iexplore.exe, 1x explorer.exe stehen. Ich denke das ist nicht okay oder? Überhaupt ich habe 41 einträge im Task Manager ist das nicht zuviel? Ich hoffe jemand kann mir weiterhelfen.

Zitat

Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1966
Windows 5.1.2600 Service Pack 3

11.04.2009 18:52:29
mbam-log-2009-04-11 (18-52-29).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 68775
Laufzeit: 10 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:31, on 11.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\Andere Dinge\Programme\PicUp\PicUp.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Andere Dinge\Programme\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: {E1A7ADA0-256A-11d3-9F09-00A0C98E9EA4} - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "c:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Bilder mit PicnickerPro laden... - C:\Dokumente und Einstellungen\JuLeZ\Desktop\PicnickerPro\GetCode.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Programme/Jojo's%20Fashion%20Show/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203496686359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206802374
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Programme/Jojo's%20Fashion%20Show/Images/armhelper.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8551 bytes

Zitat

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.3 - Deutsch
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5
Avira AntiVir Personal - Free Antivirus
AVM FRITZ!WLAN
CCleaner (remove only)
Choice Guard
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EVEREST Home Edition v2.20
FormatFactory
Free Video to Mp3 Converter version 3.1
Hervorhebe-Funktion (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix für Windows Internet Explorer 7 (KB947864)
ICQ Toolbar
ICQ6.5
IrfanView (remove only)
Java(TM) 6 Update 13
Last.fm 1.5.2.38918
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional mit FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero Suite
NVIDIA Drivers
Office Program Selector 6.0
PDF Settings
picture-shark 1.0
ProtectDisc Driver, Version 11
PSFtp Free
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Scribe! 1.6
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
ThumbsPlus 7x (deutsch)
TuneUp Utilities 2008
Ulead PhotoImpact 12
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB968220)
Viewpoint Media Player
VLC media player 0.9.8a
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live-Uploadtool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR
Zattoo 3.3.1 Beta

Zitat

ComboFix 09-04-04.01 - JuLeZ 2009-04-11 19:09:00.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.1023.661 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\JuLeZ\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2009-03-11 bis 2009-04-11 ))))))))))))))))))))))))))))))
.

2009-04-10 11:57 . 2009-04-10 11:57 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-04-10 11:57 . 2008-05-17 14:56 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-03-28 18:24 . 2009-03-28 18:24 <DIR> d--hs---- c:\dokumente und einstellungen\JuLeZ\PrivacIE
2009-03-28 18:24 . 2009-03-28 18:24 <DIR> d--hs---- c:\dokumente und einstellungen\JuLeZ\IECompatCache
2009-03-28 18:04 . 2009-03-28 18:04 <DIR> d--hs---- c:\dokumente und einstellungen\JuLeZ\IETldCache
2009-03-28 18:01 . 2009-03-28 18:01 <DIR> d-------- c:\windows\ie8updates
2009-03-28 17:59 . 2009-03-28 18:01 <DIR> d--h-c--- c:\windows\ie8
2009-03-28 17:56 . 2009-02-28 06:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 19:39 . 2009-03-23 19:39 <DIR> d-------- c:\programme\Avira
2009-03-23 14:08 . 2009-03-23 14:32 <DIR> d-------- c:\dokumente und einstellungen\JuLeZ\DoctorWeb
2009-03-23 12:11 . 2009-03-23 13:46 <DIR> d-------- C:\SDFix
2009-03-23 12:08 . 2009-03-23 12:08 1,882,786 --a------ C:\SDFix.zip
2009-03-22 22:00 . 2009-03-22 22:00 0 --a------ C:\23990098.$$$
2009-03-22 12:55 . 2009-03-22 12:55 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-22 12:55 . 2009-03-22 12:55 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-22 12:55 . 2008-04-14 04:22 153,600 --a------ c:\windows\R.COM
2009-03-22 12:55 . 2008-04-14 04:23 140,800 --a------ c:\windows\system32\T.COM
2009-03-22 12:55 . 2009-03-22 12:55 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-22 12:55 . 2005-09-23 00:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-22 12:55 . 2009-03-22 16:25 28 --a------ c:\windows\Lic.xxx
2009-03-22 12:54 . 2009-03-22 12:54 <DIR> d-------- c:\programme\Gemeinsame Dateien\MicroWorld
2009-03-22 12:54 . 2009-03-22 12:54 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MicroWorld
2009-03-20 12:14 . 2009-03-09 05:19 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-20 12:14 . 2009-03-09 02:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-18 08:32 . 2009-02-13 12:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-17 11:27 . 2009-03-29 18:08 <DIR> d-------- c:\programme\Windows Live Safety Center
2009-03-16 21:11 . 2009-03-16 21:11 <DIR> d-------- c:\programme\ICQ6Toolbar
2009-03-16 21:10 . 2009-03-16 21:11 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ICQ
2009-03-16 20:57 . 2009-03-16 21:24 <DIR> d-------- c:\programme\ICQ6.5
2009-03-12 10:06 . 2009-03-12 10:14 <DIR> d-------- c:\programme\eMule

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 16:40 --------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-04-11 14:58 --------- d-----w c:\programme\ThumbsPlus 7x deutsch
2009-04-11 13:38 --------- d-----w c:\programme\PSFtp Free
2009-04-10 09:57 --------- d-----w c:\programme\TuneUp Utilities 2008
2009-04-10 09:54 --------- d-----w c:\programme\GetPicturesList
2009-04-10 09:52 --------- d-----w c:\programme\mIRC
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 22:00 --------- d-----w c:\dokumente und einstellungen\JuLeZ\Anwendungsdaten\dvdcss
2009-03-31 16:01 --------- d-----w c:\programme\Java
2009-03-23 22:44 --------- d-----w c:\programme\Alawar
2009-03-23 17:39 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-03-22 09:40 --------- d-----w c:\programme\Kaspersky Lab
2009-03-22 06:30 --------- d-----w c:\programme\CCleaner
2009-03-20 06:31 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2009-03-16 19:09 --------- d-----w c:\programme\ICQ6
2009-03-10 07:24 --------- d-----w c:\programme\Windows Live SkyDrive
2009-03-10 07:24 --------- d-----w c:\programme\Microsoft
2009-03-10 07:23 --------- d-----w c:\programme\Windows Live
2009-03-10 07:17 --------- d-----w c:\programme\Gemeinsame Dateien\Windows Live
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-28 13:53 --------- d-----w c:\programme\QuickTime
2009-02-24 22:31 --------- d-----w c:\dokumente und einstellungen\JuLeZ\Anwendungsdaten\vlc
2009-02-24 22:10 --------- d-----w c:\programme\KMPlayer
2009-02-17 18:59 --------- d-----w c:\programme\Stripper
2009-02-12 19:59 --------- d-----w c:\programme\Messenger Plus! Live
2009-02-09 14:04 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-11-22 06:11 279,144 ----a-w c:\dokumente und einstellungen\JuLeZ\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-04-28 17:26 156,154 ----a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat
2008-02-26 22:53 0 ----a-w c:\programme\temp01
2007-10-23 14:15 396 ----a-w c:\dokumente und einstellungen\JuLeZ\Anwendungsdaten\wklnhst.dat
2008-06-21 10:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008062120080622\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_11.40.41.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2008-11-28 17:42:08 16,879,616 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-03-23 10:44:42 18,030,592 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-11-28 17:42:08 229,376 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-03-23 10:44:42 241,664 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-08-13 16:39:20 71,680 -c----w c:\windows\ie8\admparse.dll
+ 2008-12-20 22:30:52 124,928 -c----w c:\windows\ie8\advpack.dll
+ 2008-04-14 02:22:08 35,328 -c----w c:\windows\ie8\corpol.dll
+ 2008-12-20 22:30:52 347,136 -c----w c:\windows\ie8\dxtmsft.dll
+ 2008-12-20 22:30:52 214,528 -c----w c:\windows\ie8\dxtrans.dll
+ 2007-08-13 16:18:02 60,416 -c----w c:\windows\ie8\hmmapi.dll
+ 2008-12-20 22:30:52 63,488 -c----w c:\windows\ie8\icardie.dll
+ 2008-12-19 09:09:51 70,656 -c----w c:\windows\ie8\ie4uinit.exe
+ 2008-12-20 22:30:53 153,088 -c----w c:\windows\ie8\ieakeng.dll
+ 2008-12-20 22:30:53 230,400 -c----w c:\windows\ie8\ieaksie.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\ie8\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie8\ieapfltr.dat
+ 2008-12-20 22:30:53 383,488 -c----w c:\windows\ie8\ieapfltr.dll
+ 2008-12-20 22:30:54 384,512 -c----w c:\windows\ie8\iedkcs32.dll
+ 2008-04-14 02:22:12 81,920 -c----w c:\windows\ie8\ieencode.dll
+ 2008-12-20 22:30:57 6,066,688 -c----w c:\windows\ie8\ieframe.dll
+ 2007-08-13 16:54:10 191,488 -c----w c:\windows\ie8\iepeers.dll
+ 2007-08-13 16:54:10 287,744 -c----w c:\windows\ie8\ieproxy.dll
+ 2008-12-20 22:30:57 44,544 -c----w c:\windows\ie8\iernonce.dll
+ 2008-12-20 22:30:58 267,776 -c----w c:\windows\ie8\iertutil.dll
+ 2007-08-13 16:39:12 55,296 -c----w c:\windows\ie8\iesetup.dll
+ 2007-08-13 16:54:10 180,736 -c----w c:\windows\ie8\ieui.dll
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\ie8\iexplore.exe
+ 2007-08-13 16:36:06 36,352 -c----w c:\windows\ie8\imgutil.dll
+ 2007-08-13 16:39:02 92,672 -c----w c:\windows\ie8\inseng.dll
+ 2008-05-09 10:54:09 512,000 -c----w c:\windows\ie8\jscript.dll
+ 2008-12-20 22:30:59 27,648 -c----w c:\windows\ie8\jsproxy.dll
+ 2007-08-13 16:44:18 40,960 -c----w c:\windows\ie8\licmgr10.dll
+ 2008-12-20 22:31:00 459,264 -c----w c:\windows\ie8\msfeeds.dll
+ 2008-12-20 22:31:00 52,224 -c----w c:\windows\ie8\msfeedsbs.dll
+ 2007-08-13 16:36:40 12,288 -c----w c:\windows\ie8\msfeedssync.exe
+ 2007-08-13 16:32:30 45,568 -c----w c:\windows\ie8\mshta.exe
+ 2009-01-16 20:01:34 3,594,752 -c----w c:\windows\ie8\mshtml.dll
+ 2008-12-20 22:31:05 477,696 -c----w c:\windows\ie8\mshtmled.dll
+ 2007-08-13 16:01:12 48,128 -c----w c:\windows\ie8\mshtmler.dll
+ 2007-08-13 16:54:10 156,160 -c----w c:\windows\ie8\msls31.dll
+ 2008-12-20 22:31:05 193,024 -c----w c:\windows\ie8\msrating.dll
+ 2008-12-20 22:31:06 671,232 -c----w c:\windows\ie8\mstime.dll
+ 2008-12-20 22:31:06 102,912 -c----w c:\windows\ie8\occache.dll
+ 2008-12-20 22:31:06 44,544 -c----w c:\windows\ie8\pngfilt.dll
+ 2006-09-06 15:42:32 217,312 -c----w c:\windows\ie8\spuninst.exe
+ 2009-03-08 18:18:34 58,464 -c----w c:\windows\ie8\spuninst\iecustom.dll
+ 2009-01-07 17:20:28 235,040 -c----w c:\windows\ie8\spuninst\spuninst.exe
+ 2009-01-07 17:20:28 388,640 -c----w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-12-20 22:31:06 105,984 -c----w c:\windows\ie8\url.dll
+ 2008-12-20 22:31:07 1,160,192 -c----w c:\windows\ie8\urlmon.dll
+ 2008-05-09 10:54:10 430,080 -c----w c:\windows\ie8\vbscript.dll
+ 2007-07-12 23:30:56 765,952 -c----w c:\windows\ie8\vgx.dll
+ 2008-12-20 22:31:08 233,472 -c----w c:\windows\ie8\webcheck.dll
+ 2007-08-13 16:45:16 206,336 -c----w c:\windows\ie8\winfxdocobj.exe
+ 2008-12-20 22:31:09 826,368 -c----w c:\windows\ie8\wininet.dll
+ 2009-03-08 03:35:04 2,048 -c----w c:\windows\ie8updates\KB968220-IE8\iecompat.dll
+ 2007-11-30 12:39:14 234,872 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe
+ 2007-11-30 12:39:15 388,984 -c----w c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-12-20 22:30:52 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2009-03-08 03:32:48 128,512 ----a-w c:\windows\system32\advpack.dll
- 2007-08-13 16:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2009-03-08 03:32:56 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-12-20 22:30:52 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2009-03-08 03:32:48 128,512 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2009-01-07 17:20:26 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2009-03-08 03:33:40 18,944 -c----w c:\windows\system32\dllcache\corpol.dll
- 2008-12-20 22:30:52 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 03:31:44 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-12-20 22:30:52 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 03:31:38 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 16:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 03:24:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-12-20 22:30:52 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2009-03-08 03:31:52 59,904 -c--a-w c:\windows\system32\dllcache\icardie.dll
- 2008-12-19 09:09:51 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 03:32:54 173,056 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-12-20 22:30:53 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 03:33:02 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-12-20 22:30:53 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 03:33:08 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 03:32:52 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-02-06 20:07:58 3,698,584 -c--a-w c:\windows\system32\dllcache\ieapfltr.dat
- 2008-12-20 22:30:53 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-08 03:11:12 445,952 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-12-20 22:30:54 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 13:09:26 391,536 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-12-20 22:30:57 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2009-03-08 03:39:48 11,063,808 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2007-08-13 16:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 03:31:56 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-12-20 22:30:57 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 03:32:50 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-12-20 22:30:58 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-08 03:32:22 1,985,024 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 16:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 03:32:50 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-08 13:09:26 638,816 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2007-08-13 16:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 03:31:38 34,816 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2007-08-13 16:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 03:32:46 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-05-09 10:54:09 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 03:33:16 726,528 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-12-20 22:30:59 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 03:33:26 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 16:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:34:30 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-12-20 22:31:00 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-08 03:32:26 594,432 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-12-20 22:31:00 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 03:31:52 55,296 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 03:31:02 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2009-01-16 20:01:34 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-08 03:41:16 5,937,152 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-12-20 22:31:05 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 03:31:26 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 03:31:18 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 16:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2009-03-08 03:22:38 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-12-20 22:31:05 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 03:34:18 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-12-20 22:31:06 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 03:32:04 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-12-20 22:31:06 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 03:34:18 109,568 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-12-20 22:31:06 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 03:31:36 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-07 17:20:26 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2009-01-07 17:20:26 474,624 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 17:20:54 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll
- 2008-12-20 22:31:06 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2009-03-08 03:34:28 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-12-20 22:31:07 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 03:34:56 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-05-09 10:54:10 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2009-03-08 03:33:06 420,352 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-07-12 23:30:56 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2009-03-08 03:33:48 759,296 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-12-20 22:31:08 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 03:34:48 236,544 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-12-20 22:31:09 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 03:34:58 914,944 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2009-02-13 10:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2009-02-13 10:29:07 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2009-02-13 13:22:50 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2008-12-20 22:30:52 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2009-03-08 03:31:44 348,160 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-12-20 22:30:52 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2009-03-08 03:31:38 216,064 ----a-w c:\windows\system32\dxtrans.dll
- 2008-12-20 22:30:52 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2009-03-08 03:31:52 59,904 ----a-w c:\windows\system32\icardie.dll
- 2006-06-29 06:05:44 26,112 ------w c:\windows\system32\idndl.dll
+ 2009-01-07 17:20:36 26,112 ----a-w c:\windows\system32\idndl.dll
- 2008-12-19 09:09:51 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2009-03-08 03:32:54 173,056 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-12-20 22:30:53 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2009-03-08 03:33:02 125,952 ----a-w c:\windows\system32\ieakeng.dll
- 2008-12-20 22:30:53 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2009-03-08 03:33:08 229,376 ----a-w c:\windows\system32\ieaksie.dll
- 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
+ 2009-03-08 03:32:52 163,840 ----a-w c:\windows\system32\ieakui.dll
- 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2009-02-06 20:07:58 3,698,584 ----a-w c:\windows\system32\ieapfltr.dat
- 2008-12-20 22:30:53 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2009-03-08 03:11:12 445,952 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-12-20 22:30:54 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2009-03-08 13:09:26 391,536 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-12-20 22:30:57 6,066,688 ----a-w c:\windows\system32\ieframe.dll
+ 2009-03-08 03:39:48 11,063,808 ----a-w c:\windows\system32\ieframe.dll
- 2007-08-13 16:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
+ 2009-03-08 03:31:56 183,808 ----a-w c:\windows\system32\iepeers.dll
- 2008-12-20 22:30:57 44,544 ------w c:\windows\system32\iernonce.dll
+ 2009-03-08 03:32:50 55,808 ----a-w c:\windows\system32\iernonce.dll
- 2008-12-20 22:30:58 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2009-03-08 03:32:22 1,985,024 ----a-w c:\windows\system32\iertutil.dll
- 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2009-03-08 03:32:52 36,864 ----a-w c:\windows\system32\ieudinit.exe
- 2007-08-13 16:54:10 180,736 ------w c:\windows\system32\ieui.dll
+ 2009-03-08 03:22:46 164,352 ----a-w c:\windows\system32\ieui.dll
- 2007-08-13 16:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
+ 2009-03-08 03:32:46 94,720 ----a-w c:\windows\system32\inseng.dll
- 2009-03-20 10:13:48 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-09 03:19:11 144,792 ----a-w c:\windows\system32\java.exe
- 2009-03-20 10:13:48 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-09 03:19:13 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-03-20 10:13:48 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-09 03:19:13 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-05-09 10:54:09 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2009-03-08 03:33:16 726,528 ----a-w c:\windows\system32\jscript.dll
- 2008-12-20 22:30:59 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2009-03-08 03:33:26 25,600 ----a-w c:\windows\system32\jsproxy.dll
+ 2009-01-07 17:20:18 265,720 ----a-w c:\windows\system32\msdbg2.dll
- 2008-12-20 22:31:00 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2009-03-08 03:32:26 594,432 ----a-w c:\windows\system32\msfeeds.dll
- 2008-12-20 22:31:00 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 03:31:52 55,296 ----a-w c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
+ 2009-03-08 03:31:54 13,312 ----a-w c:\windows\system32\msfeedssync.exe
- 2009-01-16 20:01:34 3,594,752 ----a-w c:\windows\system32\mshtml.dll
+ 2009-03-08 03:41:16 5,937,152 ----a-w c:\windows\system32\mshtml.dll
- 2008-12-20 22:31:05 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2009-03-08 03:31:26 66,560 ----a-w c:\windows\system32\mshtmled.dll
- 2008-12-20 22:31:05 193,024 ------w c:\windows\system32\msrating.dll
+ 2009-03-08 03:34:18 193,536 ----a-w c:\windows\system32\msrating.dll
- 2008-12-20 22:31:06 671,232 ------w c:\windows\system32\mstime.dll
+ 2009-03-08 03:32:04 611,840 ----a-w c:\windows\system32\mstime.dll
- 2006-06-28 15:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2009-01-07 17:20:38 24,576 ----a-w c:\windows\system32\nlsdl.dll
- 2006-06-29 06:05:44 23,552 ------w c:\windows\system32\normaliz.dll
+ 2009-01-07 17:20:36 23,552 ----a-w c:\windows\system32\normaliz.dll
- 2008-12-20 22:31:06 102,912 ------w c:\windows\system32\occache.dll
+ 2009-03-08 03:34:18 109,568 ----a-w c:\windows\system32\occache.dll
- 2008-10-26 05:23:36 77,104 ----a-w c:\windows\system32\perfc007.dat
+ 2009-03-31 16:01:21 77,104 ----a-w c:\windows\system32\perfc007.dat
- 2008-10-26 05:23:36 63,664 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-31 16:01:21 63,664 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 05:23:36 421,948 ----a-w c:\windows\system32\perfh007.dat
+ 2009-03-31 16:01:21 421,948 ----a-w c:\windows\system32\perfh007.dat
- 2008-10-26 05:23:36 406,464 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-31 16:01:21 406,464 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-20 22:31:06 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2009-03-08 03:31:36 46,592 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:18:34 18,808 ------w c:\windows\system32\spmsg.dll
+ 2009-01-07 17:20:28 18,464 ------w c:\windows\system32\spmsg.dll
- 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2009-01-07 17:20:28 26,144 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-12-20 22:31:06 105,984 ----a-w c:\windows\system32\url.dll
+ 2009-03-08 03:34:28 105,984 ----a-w c:\windows\system32\url.dll
- 2008-12-20 22:31:07 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2009-03-08 03:34:56 1,206,784 ----a-w c:\windows\system32\urlmon.dll
- 2008-12-20 22:31:08 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2009-03-08 03:34:48 236,544 ----a-w c:\windows\system32\webcheck.dll
- 2007-08-13 16:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
+ 2009-03-08 03:34:48 208,384 ----a-w c:\windows\system32\WinFXDocObj.exe
- 2008-04-14 02:22:33 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2009-01-07 17:21:04 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2009-04-11 17:02:55 16,384 ----atw c:\windows\temp\Perflib_Perfdata_244.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2009-03-02 13:08 209153 c:\programme\Avira\AntiVir Desktop\avgnt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programme\\Steam\\SteamApps\\xxjulezxx\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Steam\\SteamApps\\xxjulezxx\\counter-strike\\hl.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Zattoo\\zattood.exe"=
"c:\\Programme\\Zattoo\\Zattoo2.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Zattoo\\Zattoo.exe"=
"c:\\Programme\\Java\\jre1.6.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=

R0 Si3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2005-05-04 97920]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-23 108289]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2009-03-16 222456]
S2 P0250BUK;Creative PC-CAM 550 (Still);c:\windows\system32\Drivers\p0250Buk.sys --> c:\windows\system32\Drivers\p0250Buk.sys [?]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-12-30 4352]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2007-12-30 265088]
S3 HIDKbFlt;Dritek USB Keyboard HID Filter;c:\windows\system32\drivers\HIDKbFlt.sys [2004-12-14 21120]
S3 P0250VID;Creative PC-CAM 550 (Video);c:\windows\system32\DRIVERS\p0250v2k.sys --> c:\windows\system32\DRIVERS\p0250v2k.sys [?]
S3 RTLWUSB;802.11g USB2.0 WLAN Dongle;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-07-26 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-07-26 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-07-26 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-07-26 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-07-26 86368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1b46972-b8b1-11dd-a62f-00055d4f6abf}]
\Shell\AutoRun\command - M:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Bilder mit PicnickerPro laden... - c:\dokumente und einstellungen\JuLeZ\Desktop\PicnickerPro\GetCode.htm
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206802374
FF - ProfilePath - c:\dokumente und einstellungen\JuLeZ\Anwendungsdaten\Mozilla\Firefox\Profiles\mvh1qcbm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 19:13:33
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2000478354-839522115-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,02,97,c0,ea,51,ee,62,d7,11,2c,bf,86,8d,83,5a,58,3d,db,ce,3b,0c,fc,
ac,8a,8f,08,5a,40,ba,32,a4,e9,12,4e,46,03,a1,d2,7a,d2,52,fb,03,16,02,0f,54,\
"??"=hex:7c,d4,c3,02,51,af,67,b9,80,64,c1,81,e9,24,cf,ac

[HKEY_USERS\S-1-5-21-2000478354-839522115-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,6a,64,30,1c,8f,66,9f,a9,c1,1f,5c,f6,e9,6c,e2,03,c2,71,99,7a,
5e,cf,f5,93,07,67,2f,78,04,72,a7,69,e7,46,0c,5f,5c,a8,46,39,f8,50,d3,7f,92,\
"rkeysecu"=hex:f6,75,65,7b,f9,f3,97,26,78,31,e9,4c,ef,4e,4d,28
.
Zeit der Fertigstellung: 2009-04-11 19:18:07
ComboFix-quarantined-files.txt 2009-04-11 17:18:00
ComboFix2.txt 2009-03-23 10:01:42
ComboFix3.txt 2009-03-20 22:27:36
ComboFix4.txt 2009-03-20 10:42:56
ComboFix5.txt 2009-04-11 17:07:51

Vor Suchlauf: 23 Verzeichnis(se), 45.557.207.040 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 45,562,253,312 Bytes frei

458 --- E O F --- 2009-03-15 14:04:08
Seitenanfang Seitenende
16.04.2009, 15:56
Member

Themenstarter

Beiträge: 47
#2 kann keiner mir helfen?
Seitenanfang Seitenende
16.04.2009, 17:02
Moderator

Beiträge: 7805
#3 Kannst du eingrenzen, seit wann das Problem besteht? Erstelle bitte einen Gmer Report

Lade es von hier
http://www.gmer.net/download.php

Es wird eine Datei mit sich aenderndem Dateinamen zum Download angeboten. Diese Datei starten, scan druecken und danach mit Hilfe von Copy, den Report in einer Antwort hier einfuegen.

Ein Kontrollsccan mit Kaspersky kann auch nicht schaden:
http://dnl-eu14.kaspersky-labs.com/devbuilds/AVPTool/
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: