| |
| |||||||
Log-Analyse und Auswertung: Sehr langsames System (HiJackThis Log-File)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.12.2007, 12:15
| #1 |
| |  Sehr langsames System (HiJackThis Log-File) Frohe Weihnachten euch allen! Ich habe die Befürchtung mein kleiner hat sich eine Wintergrippe zugezogen. Vielleicht kann mir ja einer von euch helfen und kennt die passenden Hausmittelchen. Vielen Dank im Vorraus! Seit einer Woche komme ich nicht mehr auf alle Internetseiten. "DNS Serverfehler" Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:39, on 26.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Notebook Hardware Control\nhc.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\Explorer.EXE C:\Programme\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://windowsupdate.microsoft.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.euro.dell.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programme\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SBCSTray] D:\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193691062000 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193695007453 O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Plug-in 1.4.2_12) - O17 - HKLM\System\CCS\Services\Tcpip\..\{93ABB671-FBD9-4B9F-8C14-E7C3E20D1329}: NameServer = 194.25.2.131,195.85.254.254 O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany, www.cherry.de - C:\Programme\Cherry\CDI\cdi.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Flexlm (lmgrd) - Unknown owner - D:\Programme\OrCad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11472 bytes Geändert von Tommo (26.12.2007 um 12:56 Uhr) |
|
26.12.2007, 16:54
| #2 |
| Administrator > Competence Manager  | Sehr langsames System (HiJackThis Log-File) Führ mal bitte folgende Tools bzw. Anleitungen aus und poste die Logfiles: * Blacklight
__________________ |
|
26.12.2007, 19:58
| #3 |
| | Sehr langsames System (HiJackThis Log-File) Ist es normal, dass in der combofix.exe die ich nutzen soll von escan ein Virus gefunden wird? Habe da meine bedenken die combofix auszuführen.
__________________ |
|
26.12.2007, 20:41
| #4 |
| | Sehr langsames System (HiJackThis Log-File) Die ersten Log-Files Blacklight: Code:
ATTFilter 12/26/07 17:34:05 [Info]: BlackLight Engine 1.0.67 initialized
12/26/07 17:34:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/26/07 17:34:06 [Note]: 7019 4
12/26/07 17:34:06 [Note]: 7005 0
12/26/07 17:34:14 [Note]: 7006 0
12/26/07 17:34:14 [Note]: 7011 3928
12/26/07 17:34:15 [Note]: 7026 0
12/26/07 17:34:15 [Note]: 7026 0
12/26/07 17:34:21 [Note]: FSRAW library version 1.7.1024
12/26/07 17:55:32 [Note]: 2000 1012
12/26/07 17:59:34 [Note]: 7007 0
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01
Microsoft Windows XP [Version 5.1.2600]
Bootmodus: NORMAL
eScan Version: 9.2.6
Sprache: German
Virus-Datenbank Datum: 5/28/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Object "grokster Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "grokster Spyware/Adware" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "Possible Fujacks-type Worm" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
Object "Possible Fujacks-type Worm" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Datei C:\scanner\3\ComboFix.exe infiziert von "Exe.Corrupted" Virus. Aktion vorgenommen: Keine Aktion vorgenommen.
Datei E:\AUTORUN.INF infiziert von "Fujack" Virus. Aktion vorgenommen: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Offending Key found: HKLM\Software\magnet !!!
Offending Key found: HKCU\\magnet !!!
Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E !!!
Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2540a52-6838-11da-86e8-806d6172696f} !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
E:\***\Install03.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt...
E:\***\Install03SE.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt...
E:\***\Install05.cab nicht gescannt. Wahrscheinlich durch Passwort geschützt...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\WINDOWS\System32\drivers\etc\hosts :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gescannte Dateien: 162770
Gefundene Viren: 5
Anzahl der desinfizierten Dateien: 0
Umbenannte Dateien: 0
Anzahl der gelöschten Dateien: 0
Anzahl Fehler: 1085
Dauer des Scans bisher: 01:44:24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Specherüberprüfung: Aktiviert
Registry Überprüfung: Aktiviert
System-Ordner Überprüfung: Aktiviert
Überprüfung der Systembereiche: Deaktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Festplatten: Deaktiviert
Überprüfung aller Festplatten :Aktiviert
Batchstart: 20:31:51,76
Batchende: 20:32:31,90
|
|
26.12.2007, 21:06
| #5 |
| | Sehr langsames System (HiJackThis Log-File) Und die silentrunners datei: Code:
ATTFilter "Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IntelWireless" = "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"]
"Dell QuickSet" = "C:\Programme\Dell\QuickSet\quickset.exe" [empty string]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"ZoneAlarm Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"NotebookHardwareControl" = ""C:\Programme\Notebook Hardware Control\nhc.exe" -quiet" [null data]
"SpybotSnD" = ""C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"" ["Safer Networking Limited"]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{C91DBB77-D23C-4EC3-91B7-4E7FF914B194}" = "Windows CE Cabinet Extensions"
-> {HKLM...CLSID} = "Windows CE Cabinet Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\OCP Software\CeCabShellExt.dll" ["OCP Software, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\msohevi.dll" [MS]
"{D6613619-EDAA-451e-AA0C-671737CF6022}" = "ShellContextMenuHandler extension"
-> {HKLM...CLSID} = "ShellContextMenuHandler Class"
\InProcServer32\(Default) = "C:\Programme\GMX\GMX Upload-Manager\SHNDLERS.DLL" ["GMX GmbH"]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{3B13F43E-2872-47AD-A427-880C29694E31}" = "SxContextMenump3Tag"
-> {HKLM...CLSID} = "ShellPlus test context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\MP3TAG~1\tag_menu.dll" [null data]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\VISSHE.DLL" [MS]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office12\VISSHE.DLL" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> avgwlntf\DLLName = "avgwlntf.dll" ["GRISOFT, s.r.o."]
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
<<!>> IntelWireless\DLLName = "C:\Programme\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> application/xhtml+xml\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> application/xhtml+xml; charset=iso-8859-1\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> application/xhtml+xml; charset=utf-8\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
<<!>> text/xml; charset=iso-8859-1\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
<<!>> text/xml; charset=utf-8\CLSID = "{32F66A26-7614-11D4-BD11-00104BD3F987}"
-> {HKLM...CLSID} = "MathPlayer Mime Filter Class"
\InProcServer32\(Default) = "C:\Programme\Design Science\MathPlayer\MathMLMimer.dll" ["Design Science, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C91DBB77-D23C-4EC3-91B7-4E7FF914B194}\(Default) = "CAB file column extension"
-> {HKLM...CLSID} = "Windows CE Cabinet Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\OCP Software\CeCabShellExt.dll" ["OCP Software, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}"
-> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
\InProcServer32\(Default) = "E:\Sony Ericsson\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {HKLM...CLSID} = "LeechGet "Copy Here" Shell Extension"
\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
SxContextMenump3Tag\(Default) = "{3B13F43E-2872-47AD-A427-880C29694E31}"
-> {HKLM...CLSID} = "ShellPlus test context menu"
\InProcServer32\(Default) = "C:\PROGRA~1\MP3TAG~1\tag_menu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
GMX MediaCenter\(Default) = "{D6613619-EDAA-451e-AA0C-671737CF6022}"
-> {HKLM...CLSID} = "ShellContextMenuHandler Class"
\InProcServer32\(Default) = "C:\Programme\GMX\GMX Upload-Manager\SHNDLERS.DLL" ["GMX GmbH"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\In\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Startup items in "***" & "***" startup folders:
----------------------------------------------------
C:\Dokumente und Einstellungen\In\Startmenü\Programme\Autostart
"Rainmeter" -> shortcut to: "C:\Programme\Rainmeter\Rainmeter.exe" [file not found]
Enabled Scheduled Tasks:
------------------------
"FRU Task #Hewlett-Packard#hp officejet 6100 series#1173008672" -> launches: "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp officejet 6100 series#1173008672"" [empty string]
"ISP-Anmeldungserinnerung 1" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /i /n:1" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" [file not found]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG Firewall, AVGFwSrv, "C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Cisco Systems, Inc. VPN Service, CVPND, ""C:\Programme\Cisco Systems\VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
EvtEng, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NICCONFIGSVC, NICCONFIGSVC, "C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
RegSrvc, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Spectrum24 Event Monitor, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WLANKEEPER, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
Canon BJ Language Monitor BJC-85\Driver = "CNMLM27.DLL" ["CANON INC."]
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
hpzlnt07\Driver = "hpzlnt07.dll" ["HP"]
KML10001\Driver = "KML10001.DLL" ["KYOCERA MITA Corporation"]
Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."]
---------- (launch time: 2007-12-26 20:58:19)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 18 seconds for message boxes)
|
|
27.12.2007, 13:37
| #6 |
| | Sehr langsames System (HiJackThis Log-File) und zuletzt die log-datei von combofix: Code:
ATTFilter ComboFix 07-12-21.4 - In 2007-12-27 13:01:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.625 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Timo\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((( Dateien erstellt von 2007-11-27 bis 2007-12-27 ))))))))))))))))))))))))))))))
.
2007-12-27 02:41 . 2007-12-27 02:50 <DIR> d-------- C:\Miranda
2007-12-27 01:10 . 2007-12-27 02:01 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Miranda
2007-12-27 00:52 . 2007-12-27 02:09 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Miranda
2007-12-27 00:50 . 2007-12-27 02:40 <DIR> d-------- C:\Programme\Miranda IM
2007-12-26 20:31 . 2007-12-26 20:31 0 --a------ C:\23990098.$$$
2007-12-26 19:23 . 2007-12-26 19:24 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
2007-12-26 18:29 . 2007-12-26 18:29 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-12-26 18:29 . 2007-12-26 18:29 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-12-26 18:29 . 2007-12-26 18:29 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-12-26 18:29 . 2007-12-26 18:29 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-12-26 18:29 . 2007-12-26 18:29 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-12-26 18:29 . 2007-12-26 18:29 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-12-26 18:25 . 2004-08-04 15:00 153,600 --a------ C:\WINDOWS\R.COM
2007-12-26 18:25 . 2004-08-04 15:00 140,800 --a------ C:\WINDOWS\system32\T.COM
2007-12-26 18:25 . 2007-12-26 18:40 26 --a------ C:\WINDOWS\Lic.xxx
2007-12-26 17:32 . 2007-12-26 17:32 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sunbelt Software
2007-12-26 17:32 . 2007-12-27 12:57 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG7
2007-12-26 17:27 . 2007-12-26 20:35 <DIR> d-------- C:\scanner
2007-12-23 11:01 . 2007-12-23 11:01 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2007-12-22 17:00 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2007-12-21 12:17 . 2007-12-21 12:17 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-12-21 12:17 . 2007-12-21 12:17 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-21 12:07 . 2007-12-21 12:07 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2007-12-21 11:48 . 2007-12-21 11:48 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sunbelt Software
2007-12-20 22:54 . 2007-12-21 09:30 2 --a------ C:\keks.xml
2007-12-20 10:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-20 10:35 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-15 17:38 . 2007-12-15 17:38 924 --a------ C:\bar.emf
2007-12-07 14:19 . 2007-12-07 14:19 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG7
2007-12-07 12:30 . 2007-12-27 10:40 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG7
2007-12-07 12:30 . 2007-12-07 12:30 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-12-07 12:30 . 2007-12-07 12:30 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-12-07 12:29 . 2007-12-08 02:25 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\avg7
2007-12-04 18:31 . 2007-12-26 13:48 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
2007-12-03 12:08 . 2007-12-19 17:03 418 --a------ C:\WINDOWS\Comp60.ini
2007-11-28 11:17 . 2007-11-28 11:17 <DIR> d-------- C:\Programme\LISTool
2007-11-28 10:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-27 19:50 . 2007-11-27 19:54 <DIR> d-------- C:\Programme\Proxomitron
2007-11-27 19:09 . 2007-11-27 19:10 <DIR> d-------- C:\Programme\JAP
2007-11-27 17:18 . 2007-12-07 12:29 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Grisoft
2007-11-27 13:09 . 2007-11-27 13:09 <DIR> d-------- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
2007-11-27 13:01 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-27 09:09 . 2007-11-28 17:24 13,855 --a------ C:\WINDOWS\EXPERIM.INI
2007-11-27 09:09 . 2007-11-28 17:32 7,897 --a------ C:\WINDOWS\POWDER.INI
2007-11-27 09:09 . 2007-11-28 17:24 7,003 --a------ C:\WINDOWS\DAY.INI
2007-11-27 09:09 . 2007-11-28 17:32 4,550 --a------ C:\WINDOWS\SSC42.INI
2007-11-27 09:09 . 2007-11-28 17:31 2,891 --a------ C:\WINDOWS\VIEWTOOL.INI
2007-11-27 09:09 . 2007-11-28 17:24 2,593 --a------ C:\WINDOWS\SIMEDIT.INI
2007-11-27 09:09 . 2007-11-28 17:24 1,106 --a------ C:\WINDOWS\SED.INI
2007-11-27 09:09 . 2007-11-28 17:24 663 --a------ C:\WINDOWS\LSYS.INI
2007-11-27 09:09 . 2007-11-28 17:24 61 --a------ C:\WINDOWS\DAYOPTIM.INI
2007-11-27 09:02 . 2007-11-29 14:03 14 --a------ C:\WINDOWS\Client.INI
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:57 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2007-12-27 11:31 --------- d-----w C:\Programme\Mozilla Thunderbird
2007-12-26 16:42 --------- d-----w C:\Programme\SopCast
2007-12-26 12:53 --------- d-----w C:\Programme\Microsoft ActiveSync
2007-12-26 12:47 --------- d-----w C:\Programme\SFTP
2007-12-26 12:44 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-12-26 12:43 --------- d-----w C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft
2007-12-21 11:07 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-12-08 11:35 --------- d-----w C:\Dokumente und Einstellungen\***\Anwendungsdaten\temp
2007-11-29 13:17 75,088 ----a-w C:\Dokumente und Einstellungen\***\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2007-11-28 10:07 --------- d-----w C:\Programme\ElcomSoft
2007-11-28 09:27 --------- d-----w C:\Programme\Java
2007-11-27 17:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2007-11-26 14:12 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2007-11-26 14:09 --------- d-----w C:\Programme\Microsoft Works
2007-11-26 14:08 --------- d-----w C:\Programme\Microsoft.NET
2007-11-26 13:23 --------- d-----w C:\Programme\Siemens
2007-11-26 13:23 --------- d-----w C:\Programme\Gemeinsame Dateien\Siemens
2007-11-26 13:15 --------- d-----w C:\Programme\Gemeinsame Dateien\OCP Software
2007-11-15 19:20 73,216 ----a-w C:\WINDOWS\cadkasdeinst01.exe
2007-11-14 21:27 --------- d-----w C:\Programme\Convar
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:48 --------- d-----w C:\Programme\mp3Tag 5
2007-11-08 20:18 --------- d-----w C:\Programme\Elaborate Bytes
2007-11-05 00:59 --------- d-----w C:\Programme\WinRar2
2007-10-29 21:59 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-10-29 21:23 --------- d-----w C:\Programme\Picasa2
1998-04-27 18:15 570,128 ------w C:\Programme\Gemeinsame Dateien\dao350.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"Dell QuickSet"="C:\Programme\Dell\QuickSet\quickset.exe" [2005-08-01 17:00]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"NotebookHardwareControl"="C:\Programme\Notebook Hardware Control\nhc.exe" [2007-05-04 17:16]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 10:23]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-07 12:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-07 12:30 9216 C:\WINDOWS\system32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programme\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programme\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^officejet 6100.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^In^Startmenü^Programme^Autostart^desktop.ini]
path=C:\Dokumente und Einstellungen\In\Startmenü\Programme\Autostart\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 02:12 483328 --a------ C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
C:\Programme\BySoft FreeRAM\FreeRAM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CherryKeyMan]
2006-08-02 15:08 237620 --a------ C:\Programme\Cherry\KeyMan\KeyMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chkhbci]
C:\WINDOWS\system32\chkhbcin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 15:00 15360 --------- C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Programme\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Programme\D-Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 02:02 86016 --a------ C:\Programme\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Programme\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Programme\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 14:46 77824 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 14:50 114688 --a------ C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 14:49 94208 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Programme\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-11-30 12:36 1945600 --------- C:\Programme\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
C:\Programme\Notebook Hardware Control\nhc.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programme\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
C:\Programme\Gemeinsame Dateien\Siemens\S7ubtoox\s7ubtstx.exe -StartDB
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]
RunDll32 sbusbdll.dll,RCMonitor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 --a------ C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
2006-05-28 08:07 36864 --a------ C:\Programme\VisualTaskTips\VisualTaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-03-10 18:45 35328 --a------ C:\Programme\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe
"Launcher"=C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
"SbUsb AudCtrl"=RunDll32 sbusbdll.dll,RCMonitor
R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 10:05]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-21 13:09]
R1 uigxrdr;uigxrdr;C:\WINDOWS\system32\DRIVERS\uigxrdr.sys [2007-01-22 11:49]
R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2003-12-18 14:18]
R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2003-12-18 14:18]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 Ch2kPS2;Cherry PS/2 Tastatur Treiber (CDI);C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys [2005-10-26 13:48]
R3 Ch2kPS2M;Cherry PS/2 Maus Treiber (CDI);C:\WINDOWS\system32\DRIVERS\Ch2kPS2M.sys [2006-02-13 15:21]
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-17 12:43]
S2 lmgrd;Flexlm;"D:\Programme\OrCad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe" []
S2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys []
S3 Ch2kUSB;Cherry USB Treiber für CDI;C:\WINDOWS\system32\drivers\Ch2kUSB.sys [2006-06-29 17:18]
S3 Ch2kUSBM;Cherry USB Maus Treiber für CDI;C:\WINDOWS\system32\drivers\Ch2kUSBm.sys [2006-04-28 08:59]
S3 Cherry Device Interface;Cherry Device Interface;C:\Programme\Cherry\CDI\cdi.exe [2006-06-27 14:02]
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2007-02-28 08:38]
S3 DTVFW;DVB-T USB adapter firmware;C:\WINDOWS\system32\DRIVERS\dtvfw.sys [2005-11-30 09:51]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-21 12:07]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOKUME~1\***\Desktop\AIRCRA~1.41\AIRCRA~1.41\win32\PEEK5.SYS []
S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;C:\WINDOWS\system32\DRIVERS\s7oupc2x.sys [2004-01-21 15:57]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 10:31]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys []
S3 usbdtv;DVB-T TV Tuner;C:\WINDOWS\system32\Drivers\usbdtv.sys [2005-11-30 09:51]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys []
.
Inhalt des "geplante Tasks" Ordners
"2007-03-04 11:45:32 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1173008672.job"
- C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2005-12-08 14:30:00 C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 13:11:58
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2007-12-27 13:16:14 - machine was rebooted
.
2007-12-23 10:01:47 --- E O F ---
|
|
| Themen zu Sehr langsames System (HiJackThis Log-File) |
| alert, antispyware, avg, bho, dateien, e-mail, excel, explorer, firefox, firewall, helfen, hijack, hijackthis, hijackthis log-file, hkus\s-1-5-18, internet explorer, log-file, logfile, micro, monitor, mozilla, mozilla firefox, notebook, plug-in, programme, s-1-5-18, software, system, trend micro, vielen dank, windows, windows xp |
Linear-Darstellung
