| |  Problem mit Programmen
Log Teil 2 Zitat:
12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-14 21:29 . 2008-09-14 21:29 236 --a------ C:\sqmdata10.sqm
2008-09-14 21:29 . 2008-09-14 21:29 200 --a------ C:\sqmnoopt10.sqm
2008-09-14 21:26 . 2008-09-15 21:26 1,298,725 ---hs---- C:\WINDOWS\system32\kypdyolc.ini
2008-09-14 20:36 . 2008-09-14 20:36 236 --a------ C:\sqmdata09.sqm
2008-09-14 20:36 . 2008-09-14 20:36 200 --a------ C:\sqmnoopt09.sqm
2008-09-14 11:50 . 2008-09-14 11:50 <DIR> d-------- C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\Megaupload
2008-09-14 11:49 . 2008-09-14 11:49 <DIR> d-------- C:\Programme\Megaupload
2008-09-13 21:23 . 2008-09-14 21:26 1,298,545 ---hs---- C:\WINDOWS\system32\vvxweoii.ini
2008-09-12 21:24 . 2008-09-12 22:11 1,296,127 ---hs---- C:\WINDOWS\system32\bnontiof.ini
2008-09-11 21:20 . 2008-09-12 21:21 1,308,288 ---hs---- C:\WINDOWS\system32\nherwngl.ini
2008-09-11 20:01 . 2008-09-11 20:01 <DIR> d-------- C:\Programme\Die Gilde 2 - Gold Edition
2008-09-10 21:27 . 2008-09-11 15:47 1,344,966 ---hs---- C:\WINDOWS\system32\xpedseci.ini
2008-09-09 21:27 . 2008-09-09 21:27 1,303,286 ---hs---- C:\WINDOWS\system32\suhbbohi.ini
2008-09-09 21:21 . 2008-09-09 21:21 121,856 --a------ C:\WINDOWS\system32\mknabc.dll
2008-09-09 21:21 . 2008-09-09 21:21 121,856 --a------ C:\WINDOWS\system32\gxnsegjm.dll
2008-09-09 21:18 . 2008-09-09 21:18 105,472 --a------ C:\WINDOWS\system32\mkyfofao.dll
2008-09-08 21:26 . 2008-09-09 21:26 1,303,226 ---hs---- C:\WINDOWS\system32\ovcbhhny.ini
2008-09-07 21:22 . 2008-09-08 21:23 1,303,106 ---hs---- C:\WINDOWS\system32\jpjreadb.ini
2008-09-06 22:59 . 2003-02-21 14:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-09-06 21:19 . 2008-09-06 21:20 1,504,697 ---hs---- C:\WINDOWS\system32\jwiimbac.ini
2008-09-06 20:00 . 2008-09-11 19:49 <DIR> d-------- C:\Programme\cFlyFF
2008-09-05 21:19 . 2008-09-05 21:20 1,504,637 ---hs---- C:\WINDOWS\system32\nwytaojj.ini
2008-09-04 21:22 . 2008-09-04 21:24 1,504,577 ---hs---- C:\WINDOWS\system32\jlopobhl.ini
2008-09-04 21:13 . 2008-09-04 21:13 105,472 --a------ C:\WINDOWS\system32\xtfbvrce.dll
2008-09-03 21:22 . 2008-09-03 21:23 1,449,837 ---hs---- C:\WINDOWS\system32\krhgubsh.ini
2008-09-02 21:22 . 2008-09-02 21:23 1,449,777 ---hs---- C:\WINDOWS\system32\yehhkngy.ini
2008-09-01 21:13 . 2008-09-02 21:15 1,449,717 ---hs---- C:\WINDOWS\system32\stssrvle.ini
2008-08-31 21:22 . 2008-08-31 21:22 110,592 --a------ C:\WINDOWS\system32\vayskawa.dll
2008-08-31 21:22 . 2008-08-31 21:22 110,592 --a------ C:\WINDOWS\system32\swlymp.dll
2008-08-31 21:16 . 2008-09-01 17:24 1,449,657 ---hs---- C:\WINDOWS\system32\lvpwevjs.ini
2008-08-30 21:22 . 2008-08-31 13:07 1,449,537 ---hs---- C:\WINDOWS\system32\glnjmbci.ini
2008-08-30 00:02 . 2008-08-30 00:02 <DIR> d-------- C:\nDoors
2008-08-29 21:21 . 2008-08-29 21:21 110,592 --a------ C:\WINDOWS\system32\vrtuyqsv.dll
2008-08-29 21:21 . 2008-08-29 21:21 110,592 --a------ C:\WINDOWS\system32\qflkun.dll
2008-08-29 21:12 . 2008-08-29 21:13 1,433,705 ---hs---- C:\WINDOWS\system32\nljxqqlr.ini
2008-08-28 21:11 . 2008-08-29 21:13 1,454,813 ---hs---- C:\WINDOWS\system32\xydvwnxc.ini
2008-08-27 20:49 . 2008-08-27 20:49 1,496,897 ---hs---- C:\WINDOWS\system32\jhipfphw.ini
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 15:51 518,800 --sha-w C:\WINDOWS\system32\lnnmp.ini2
2008-09-27 13:41 --------- d-----w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\Free Download Manager
2008-09-27 09:44 --------- d-----w C:\Programme\DivX
2008-09-26 12:24 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-09-24 14:13 --------- d-----w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\IGN_DLM
2008-09-24 13:31 --------- d-----w C:\Programme\Müllabfuhr-Simulator 2008 DEMO
2008-09-22 20:44 --------- d-----w C:\Programme\ICQ6
2008-09-20 19:44 --------- d-----w C:\Programme\AGEIA Technologies
2008-09-20 08:57 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-09-20 08:32 --------- d-----w C:\Programme\Silkroad
2008-09-19 16:42 --------- d--h--w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\ijjigame
2008-09-17 18:27 --------- d-----w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\teamspeak2
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-15 19:11 --------- d-----w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\Hamachi
2008-09-14 08:55 --------- d-----w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\Skype
2008-09-12 15:09 --------- d-----w C:\Programme\gPotato
2008-09-03 17:31 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Google Updater
2008-08-29 22:24 --------- d-----w C:\Programme\Outspark
2008-08-28 22:39 --------- d-----w C:\Programme\Download Manager
2008-08-26 19:38 --------- d-----w C:\Programme\MHTC
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-20 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-08-20 11:15 --------- d-----w C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\skypePM
2008-08-18 09:55 103,936 ----a-w C:\WINDOWS\system32\naidcgav.dll
2008-08-17 12:34 --------- d-----w C:\Programme\Gameforge4D
2008-08-17 09:56 106,496 ----a-w C:\WINDOWS\system32\wvqohmet.dll
2008-08-16 09:59 120,832 ----a-w C:\WINDOWS\system32\vcxvjntj.dll
2008-08-16 09:59 120,832 ----a-w C:\WINDOWS\system32\ezycjb.dll
2008-08-14 10:00 111,616 ----a-w C:\WINDOWS\system32\ugirnw.dll
2008-08-14 10:00 111,616 ----a-w C:\WINDOWS\system32\tlvtekqx.dll
2008-08-10 09:50 105,472 ----a-w C:\WINDOWS\system32\uvlpihqk.dll
2008-08-09 09:49 105,472 ----a-w C:\WINDOWS\system32\wldpmytc.dll
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-08-04 15:56 --------- d-----w C:\Programme\Avira
2008-08-04 15:56 --------- d-----w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira
2008-08-01 22:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-01 22:25 --------- d-----w C:\Programme\DANCE!ONLINE
2008-07-31 18:02 113,152 ----a-w C:\WINDOWS\system32\gyajascy.dll
2008-07-31 18:02 113,152 ----a-w C:\WINDOWS\system32\eqwhjt.dll
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-30 17:59 110,592 ----a-w C:\WINDOWS\system32\ofksjmaw.dll
2008-07-30 17:59 110,592 ----a-w C:\WINDOWS\system32\khpabc.dll
2008-07-30 17:56 107,520 ----a-w C:\WINDOWS\system32\xjuqkjnf.dll
2008-07-28 17:58 111,616 ----a-w C:\WINDOWS\system32\xmioekdd.dll
2008-07-28 17:58 111,616 ----a-w C:\WINDOWS\system32\ftrltt.dll
2008-07-27 21:13 --------- d-----w C:\Programme\Opera
2008-07-27 13:30 --------- d-----w C:\Programme\JoWooD
2008-07-25 17:51 281,088 ----a-w C:\WINDOWS\system32\pmnnl.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-21 15:56 466,792 --sha-w C:\WINDOWS\system32\wyadd.ini2
2008-07-18 14:18 49,152 ----a-w C:\WINDOWS\system32\apache.dll
2008-07-17 12:38 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-07-14 05:54 112,704 ----a-w C:\WINDOWS\system32\lorcws.dll
2008-07-14 05:54 112,704 ----a-w C:\WINDOWS\system32\iymeuwod.dll
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-06 11:49 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-10 18:02 5,767 ----a-w C:\Programme\install.log
2007-11-30 11:56 23 ----a-w C:\Dokumente und Einstellungen\Silkroad\silkcfg.dat
2007-11-29 21:16 778,240 ----a-w C:\Dokumente und Einstellungen\Silkroad\silkroad.exe
2007-11-29 20:55 2,598,912 ----a-w C:\Dokumente und Einstellungen\Silkroad\sro_client.exe
2007-11-29 20:52 227,767 ----a-w C:\Dokumente und Einstellungen\Silkroad\Remove.Exe
2007-11-18 18:57 22,328 ----a-w C:\Dokumente und Einstellungen\Thorge\Anwendungsdaten\PnkBstrK.sys
2006-08-12 22:54 458,752 ----a-w C:\Dokumente und Einstellungen\Silkroad\GFXFileManager.dll
2006-07-11 19:40 319,488 ----a-w C:\Dokumente und Einstellungen\Silkroad\replacer.exe
2005-06-24 13:31 243 ----a-w C:\Dokumente und Einstellungen\Silkroad\Remove.dat
.
------- Sigcheck -------
2002-08-29 02:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\SoftwareDistribution\Download\28401d44e28d5fe988966badd69aee22\sp2gdr\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\SoftwareDistribution\Download\28401d44e28d5fe988966badd69aee22\sp2qfe\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC5BE8F5-B2A8-4F9A-90E4-EE6FEE23ED90}]
2008-07-25 19:51 281088 --a------ C:\WINDOWS\system32\pmnnl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e889fde4-c57e-4c72-869d-32a5fb36105b}]
2008-09-27 17:24 121344 --a------ C:\WINDOWS\system32\qfhkxn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programme\Windows Live\Messenger\msnmsgr.exe" [2008-07-17 3300352]
"igndlm.exe"="C:\Programme\Download Manager\dlm.exe" [2008-08-01 1103216]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="C:\Programme\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 160768]
"BM27cb0b5e"="C:\WINDOWS\system32\qohcdjmy.dll" [2008-09-27 115712]
"24f838c2"="C:\WINDOWS\system32\mgxjnuec.dll" [2008-09-27 84480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
C:\Dokumente und Einstellungen\Thorge\Startmen�\Programme\Autostart\
hamachi.lnk - C:\Programme\Hamachi\hamachi.exe [2007-12-02 624416]
Xfire.lnk - C:\Programme\Xfire\xfire.exe [2008-05-14 3007824]
C:\Dokumente und Einstellungen\Lowfyr\Startmen�\Programme\Autostart\
AM772CFG.lnk - C:\Programme\Wireless LAN Utility\Am772cfg.exe [2004-01-07 145808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qfhkxn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Google Updater.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Lowfyr^Startmenü^Programme^Autostart^GameSpot Download Manager.lnk]
path=C:\Dokumente und Einstellungen\Lowfyr\Startmenü\Programme\Autostart\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Lowfyr^Startmenü^Programme^Autostart^hamachi.lnk]
path=C:\Dokumente und Einstellungen\Lowfyr\Startmenü\Programme\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24f838c2]
--a------ 2008-09-26 17:25 84480 C:\WINDOWS\system32\ybrecfjn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 01:57 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 11:29 2007088 C:\Programme\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-01-01 00:05 2449455 C:\Programme\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 17:08 173304 C:\Programme\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 13:36 1103216 C:\Programme\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:58 1667584 C:\Programme\messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-07-17 14:42 3300352 C:\Programme\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2002-08-28 22:39 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2002-08-28 22:39 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-30 17:17 22058792 C:\Programme\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-21 14:19 68856 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-05-10 19:08 16342528 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-05-07 19:51 1826816 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\FlashGet\\flashget.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
R0 zcbiwyxl;zcbiwyxl;C:\WINDOWS\system32\drivers\bmccpugs.dat [ ]
R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 13696]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R3 Am772;AMD Alchemy(tm) Solutions Wireless 802.11 Adapter;C:\WINDOWS\system32\DRIVERS\Am772.sys [2003-10-27 168518]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys [ ]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys [ ]
S3 XDva132;XDva132;C:\WINDOWS\system32\XDva132.sys [ ]
S3 XDva164;XDva164;C:\WINDOWS\system32\XDva164.sys [ ]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{03665797-2FCF-4499-AA61-0F9B0981AC55} - C:\WINDOWS\system32\dxxrefmo.dll
BHO-{056EE822-A508-4F68-A63F-F3684E353653} - (no file)
BHO-{1A830389-3B31-42B9-BC36-93C66C3A1B40} - (no file)
BHO-{1E657EF7-8919-4555-96A1-D38DB533EB9D} - (no file)
BHO-{2193f2c1-f080-4748-8878-3f6a72b5ab0c} - (no file)
BHO-{21e90683-c8b1-4e59-a2e7-28e64ae89b34} - (no file)
BHO-{3d507f29-c260-4fdb-b631-4272f17cde15} - (no file)
BHO-{3f8bf0aa-9c19-473d-afc6-f066e5f945c0} - (no file)
BHO-{43926538-8ba2-4262-a2a0-9b4a39cb0b3d} - (no file)
BHO-{4540F9C6-38BC-4A99-8BA2-01EF7FF672BA} - (no file)
BHO-{4D218E33-71DE-447F-89F0-068984D6A006} - C:\WINDOWS\system32\ddayw.dll
BHO-{4ead65f2-f80e-48a5-9b4c-405bb097e635} - (no file)
BHO-{55FC6EA9-7E48-48BD-A9DA-8507F37459FD} - (no file)
BHO-{5916DD33-9FF1-41D0-A7B1-7102D803A5A2} - (no file)
BHO-{621c02a9-f895-4589-bf30-cc483063cb59} - (no file)
BHO-{62baa633-1c6c-43d4-97d8-b1e85486f866} - (no file)
BHO-{77da5b8d-99a8-4151-a6f3-793c02e3757f} - (no file)
BHO-{831590D1-1758-42A2-87DC-6BA7640BA962} - (no file)
BHO-{8B1D2234-5B7A-456B-8104-A4D6BAC70E31} - (no file)
BHO-{9D0740E2-8BDA-435F-9B78-7D975808C23C} - (no file)
BHO-{9DAD5565-DFAE-4F18-80CF-98BFF922A25E} - (no file)
BHO-{A1C10965-C291-4FE3-AF42-27160D1ECD22} - (no file)
BHO-{a93ebd5b-b5c2-4127-9994-552891f62faf} - (no file)
BHO-{BC077D5B-B730-44AA-98F8-1828028D24F0} - (no file)
BHO-{C1E5149F-A9E4-44C5-B4C8-05B78DAEAA0D} - C:\Dokumente und Einstellungen\Lowfyr\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S1QJ4PA3\silent.dll[1].bak
BHO-{C76C67A5-D0E9-4381-ACBD-DB69E199EF82} - (no file)
BHO-{C78553C8-8C82-4023-9B12-81A088E23DDB} - (no file)
BHO-{cb4886d0-f338-4c74-9c37-7cc717a94d99} - (no file)
BHO-{cd758852-2520-4413-b15a-6457200f262c} - (no file)
BHO-{D083B946-7AE5-449D-944C-3B5832E003FA} - (no file)
BHO-{d0c397df-6899-4dca-9089-1dc96a4ed82c} - (no file)
BHO-{D20DF282-C766-4147-AEA8-FB32DFF6238B} - (no file)
BHO-{d55fa674-9307-46bb-9543-d0ae1ad7eafc} - (no file)
BHO-{D995E5C1-2FCF-4499-AA61-0F9B0981AC55} - C:\WINDOWS\system32\dxxrefmo.dll
BHO-{ded4b747-2a73-4374-8677-d5b29e20ca36} - (no file)
BHO-{E7260287-4D5F-4651-B681-FC6C3147E63B} - (no file)
BHO-{F3FFB861-6AC1-4FF9-A92E-729D00550754} - (no file)
BHO-{F76FE645-0E73-4344-BB5F-496BBE45DBE9} - (no file)
BHO-{faebe209-005c-4fc5-8fba-b2908bbb46f6} - (no file)
BHO-{FE53B020-1FDE-4D2B-ABDA-B5FD8F6A9F8E} - (no file)
Notify-ljjhhfg - ljjhhfg.dll
MSConfigStartUp-BM27cb0b5e - C:\WINDOWS\system32\qlfvebny.dll
MSConfigStartUp-PlayNC Launcher - C:\programme\ncsoft\launcher\NCLauncher.exe
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\Mozilla\Firefox\Profiles\3vneq6h5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://de.google.mozilla.com/firefox&client=firefox-a&rls=com.google:de fficial
FF -: plugin - C:\Dokumente und Einstellungen\Lowfyr\Anwendungsdaten\Tenderfoot Games\Gunfighter\npTFGLaunchPlugin.dll
FF -: plugin - C:\Programme\Download Manager\npfpdlm.dll
FF -: plugin - C:\Programme\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Programme\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - C:\Programme\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Programme\Opera\program\plugins\npmmaud.dll
FF -: plugin - C:\Programme\Opera\program\plugins\npmmprog.dll
FF -: plugin - C:\Programme\Opera\program\plugins\npmmvid.dll
FF -: plugin - C:\Programme\Opera\program\plugins\npmmzip.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 18:06:02
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\zcbiwyxl]
"ImagePath"="system32\drivers\bmccpugs.dat"
.
------------------------ Weitere laufende Prozesse ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\update.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-09-27 18:19:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-09-27 16:19:10
Vor Suchlauf: 3.821.993.984 Bytes frei
Nach Suchlauf: 4,799,475,712 Bytes frei
460 --- E O F --- 2008-01-15 19:43:29
|
|
27.09.2008, 11:42
Linear-Darstellung
