probleme mit Firefox

Stefan H · 11.04.2009, 08:03

ich habe das Problem, das der Firefox explorer immer wieder abstürzt und das gesamte system langsamer geworden ist.

darum habe ich ein hjt durchführen lassen. Es kam auch prommt eine Fehlermeldung:

For some reason your system denied write access to the host files...
und ja, ich habe es unter vista als administrator durchgeführt:-)

wäre jemanden wirklich sehr danbkbar, mal über das L

og zu schauen und mir zu sagen, dass ich mit meiner vermutung daneben liege, das es sich um was boeses handelt

und hier das log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:25:27, on 11.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\*n\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\O2\o2DSLConnectionManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\Steam.exe
C:\Users\*n\AppData\Local\ywkke.exe
C:\Program Files\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\Stefan\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=5080813
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*n\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [o2DSLConnectionManager] "C:\Program Files\O2\o2DSLConnectionManager.exe" -autostart
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ywkke] "c:\users\*n\appdata\local\ywkke.exe" ywkke
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154data.lnk = C:\Program Files\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\AccVSSvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c986c8651b7c94) (gupdate1c986c8651b7c94) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10330 bytes

john.doe · 11.04.2009, 08:25

Hallo und

1.) Deinstalliere vorab:

BitTorrent DNA (Virenschleuder)
BitTorrent (Virenschleuder)
Google Toolbar (Datenkrake)
Google Update (Datenkrake)
Google Desktop (Datenkrake)
WinAmp Toolbar (bäh)
ICQ Toolbar (bäh)

2.) Start => Ausführen => msconfig (eintippeln) => OK =>
Karte: Tools => Benutzerkontoschutz deaktivieren => OK

3.) Mausklick rechts auf HJT => Ausführen als Administrator => Do a system scan only => Markiere:

Code:

ATTFilter

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&chan nel=de-smb&ibd=5080813
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\*n\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ywkke] "c:\users\*n\appdata\local\ywkke.exe" ywkke

=> Fix checked

4.) Bitte lade Dir Navilog1 von IL-MAFIOSO herunter.

Doppelklicke auf navilog1.exe
Sollte das Programm nach Abschluß der Installation nicht automatisch gestartet werden, führe es bitte per Doppelklick auf das Navilog1-Shortcut auf deinem Desktop aus.
Wähle E für Englisch im Sprachenmenü
Wähle 1 im nächsten Menü um "Suche" auszuwählen. Bestätige mit Enter.
Die Dauer des Scans kann variieren, bitte abwarten. Wenn du aufgefordert wirst, eine Taste zu drücken, tue dies bitte.
Ein neues Dokument sollte erstellt und geöffnet werden: fixnavi.txt.
Bitte füge den Inhalt dieser Datei in deine nächste Antwort ein.

Der Bericht wird außerdem im Hauptverzeichnis (z.B.: "C:\") erstellt.

Hinweis:
Navilog1.exe wir von einigen Antivirenprogrammen als bösartig erkannt. Dies ist ein Fehlalarm. Die Nachricht bitte ignorieren.

ciao, andreas

Stefan H · 11.04.2009, 10:29

Das navilog stürzt jedesmal an dem punkt, an dem ich "e" für englisch drücke, ab.
kennt jemand das problem?

(sonst habe ich bis hierher alles durchgeführt, lediglich

Start => Ausführen => msconfig (eintippeln) => OK =>
Karte: Tools => Benutzerkontoschutz deaktivieren => OK

habe ich den Benutzerkontoschutz nicht gefunden

john.doe · 11.04.2009, 10:38

Zitat:

habe ich den Benutzerkontoschutz nicht gefunden

Vielleicht ist das ja hier besser erklärt:

Versuche Navilog1 mit Mausklick rechts => Ausführen als Administrator zu starten.

ciao, andreas

Stefan H · 11.04.2009, 13:06

so, hier das log:

Search Navipromo version 3.7.6 began on 11.04.2009 at 12:27:19,75

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Program Files\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : S*** ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:455 Go (Free:310 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

Search done in normal mode

*** Search folders in "C:\Windows" ***

*** Search folders in "C:\Program Files" ***

*** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***

*** Search folders in "C:\ProgramData" ***

*** Search folders in "c:\users\s***\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Search folders in "C:\Users\S***\AppData\Local\virtualstore\Program Files" ***

*** Search folders in "C:\Users\S***\AppData\Local" ***

*** Search folders in "C:\Users\S***\AppData\Roaming" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : h***p://www.gmer.net

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

und noch mal ein hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:22, on 11.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\O2\o2DSLConnectionManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WinAce\WinAce.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mspaint.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\S***\Downloads\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [o2DSLConnectionManager] "C:\Program Files\O2\o2DSLConnectionManager.exe" -autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154data.lnk = C:\Program Files\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\AccVSSvc.exe
O23 - Service: Google Update Service (gupdate1c986c8651b7c94) (gupdate1c986c8651b7c94) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6335 bytes

john.doe · 11.04.2009, 13:24

Das Log von Navilog ist nicht vollständig gepostet, bitte nachholen.

Das Log von HJT sieht schon viel freundlicher aus.

ciao, andreas

Stefan H · 11.04.2009, 14:23

Search Navipromo version 3.7.6 began on 11.04.2009 at 12:27:19,75

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Program Files\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : S*** ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:455 Go (Free:310 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

Search done in normal mode

*** Search folders in "C:\Windows" ***

*** Search folders in "C:\Program Files" ***

*** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***

*** Search folders in "C:\ProgramData" ***

*** Search folders in "c:\users\s***\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Search folders in "C:\Users\S***\AppData\Local\virtualstore\Program Files" ***

*** Search folders in "C:\Users\S***\AppData\Local" ***

*** Search folders in "C:\Users\S***\AppData\Roaming" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : h***p://www.gmer.net

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\Windows\system32" *

* Scan in "C:\Users\S***\AppData\Local\Microsoft" *

* Scan in "C:\Users\S***\AppData\Local" *

*** Search files ***

*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!

HKEY_CURRENT_USER\Software\Lanconfig

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In "C:\Windows\system32" :

* In "C:\Users\S***\AppData\Local\Microsoft" :

* In "C:\Users\S***\AppData\Local" :

ywkke.exe found !
ywkke.dat found !
ywkke_nav.dat found !
ywkke_navps.dat found !

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :

*** Search completed on 11.04.2009 at 12:37:54,75 ***

john.doe · 11.04.2009, 14:28

Gleich noch einmal laufen lassen, diesmal mit Option 2 und wieder das vollständige Log posten.

ciao, andreas

Stefan H · 11.04.2009, 15:25

der startet dann neu und sagt dann "zugriff verweigert" und erstellt kein log .-(

john.doe · 11.04.2009, 15:33

Du musst es immer mit Mausklick rechts => Ausführen als Administrator starten.

ciao, andreas

Stefan H · 11.04.2009, 16:44

so hoffe das log ist besser:

Navipromo Removal version 3.7.6 started on 11.04.2009 at 17:35:15,13

Fix running from C:\Program Files\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : S*** ( Administrator )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:455 Go (Free:313 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

Automatic removal
with Catchme and GNS results

Cleanning stage done on Reboot

*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)

*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\Windows\System32" *

* Deletion in "C:\Users\S***\AppData\Local\Microsoft" *

* Deletion in "C:\Users\S***\AppData\Local" *

*** Deleting folders in "C:\Windows" ***

*** Deleting folders in "C:\Program Files" ***

*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" ***

*** Deleting folders in "C:\ProgramData" ***

*** Deleting folders in c:\users\s***\appdata\roaming\micros~1\windows\startm~1\programs ***

*** Deleting folders in "C:\Users\S***\AppData\Local\virtualstore\Program Files" ***

*** Deleting folders in "C:\Users\S***\AppData\Local" ***

*** Deleting folders in "C:\Users\S***\AppData\Roaming" ***

*** Deleting files ***

*** Deleting temporary files ***

Cleaning of C:\Windows\Temp done !
Cleaning of C:\Users\S***\AppData\Local\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :

* In "C:\Windows\system32" *

* In "C:\Users\S***\AppData\Local\Microsoft" *

* In "C:\Users\S***\AppData\Local" *

ywkke.exe found !
Copy ywkke.exe done !
ywkke.exe deleted !

ywkke.dat found !
Copy ywkke.dat done !
ywkke.dat deleted !

ywkke_nav.dat found !
Copy ywkke_nav.dat done !
ywkke_nav.dat deleted !

ywkke_navps.dat found !
Copy ywkke_navps.dat done !
ywkke_navps.dat deleted !

C:\Windows\prefetch\ywkke*.pf found !
Copy C:\Windows\prefetch\ywkke*.pf done !
C:\Windows\prefetch\ywkke*.pf deleted !

*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned

*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate deleted !
Montorgueil Certificate not found !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***

*** Cleaning stage complete on 11.04.2009 at 17:41:05,56 ***

john.doe · 11.04.2009, 16:47

Zitat:

so hoffe das log ist besser:

Viel besser.

Den bist du los. Navilog kannst du deinstallieren.

Jetzt klicke in meiner Signatur auf "Für alle Neuen", lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. Jedes Programm mit Mausklick rechts => Ausführen als Administrator starten.

ciao, andreas

Stefan H · 11.04.2009, 18:14

so hier mal die ergebnisse:

1.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:46, on 11.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\O2\o2DSLConnectionManager.exe
C:\Program Files\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\S***\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h***://start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [o2DSLConnectionManager] "C:\Program Files\O2\o2DSLConnectionManager.exe" -autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154data.lnk = C:\Program Files\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0023011239465002) (0023011239465002mcinstcleanup) - McAfee, Inc. - C:\Users\S***\AppData\Local\Temp\002301~1.EXE
O23 - Service: AccSys WLAN Control Service (accvssvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\AccVSSvc.exe
O23 - Service: Google Update Service (gupdate1c986c8651b7c94) (gupdate1c986c8651b7c94) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5371 bytes

2.

Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1966
Windows 6.0.6001 Service Pack 1

11.04.2009 19:11:20
mbam-log-2009-04-11 (19-11-20).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 192968
Laufzeit: 1 hour(s), 12 minute(s), 49 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

john.doe · 11.04.2009, 18:24

Deine Startseite gefällt mir nicht sonderlich:

Zitat:

Während unserer Tests hat dieses Download versucht, die Startseite unseres Webbrowsers zu ändern. start.qip.ru counter.yadro.ru secure-it.imrworldwide.com count.rbc.ru

Hast du dir die freiwillig eingestellt?

Die Uninstallliste fehlt noch.

ZHPDiag von Nicolas Coolman

Klicke auf Téléchargement de ZHPDiag
Klicke auf der Seite auf FTP Zebulon.fr N°1.
Entpacke die geladene Datei auf den Desktop und starte ZHPDiag.exe mit Doppelklick.
Klicke auf All
Klicke auf General Analysis
Klicke auf Paste Clipboard
Wechsel zum Forum, klicke auf Antworten, klicke in den großen weißen Kasten
Drücke [Strg]v, [Strg]a
Klicke auf #

ciao, andreas

Stefan H · 11.04.2009, 18:33

Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 11.04.2009 19:31:23
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.8)

---\\ Running Processes
%ProgramFiles%\Windows Defender\MSASCui.exe
C:\Dell\E-Center\EULALauncher.exe
RtHDVCpl.exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\ehome\ehTray.exe
C:\
C:\Program Files\Common Files\AccSys\AccVSSvc.exe
C:\Windows\system32\svchost.exe
%windir%\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\SearchIndexer.exe

---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Internet Explorer Start Page (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

---\\ Hosts file redirection (O1)
O1 - Hosts: ::1 localhost

---\\ Browser Helper Objects (O2)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [o2DSLConnectionManager] "C:\Program Files\O2\o2DSLConnectionManager.exe" -autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe,1040

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: C:\Windows\System32\igfxdev.dll

---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: McAfee Application Installer Cleanup (0023011239465002) (0023011239465002mcinstcleanup) - C:\Users\Stefan\AppData\Local\Temp\002301~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: AccSys WLAN Control Service (accvssvc) - C:\Program Files\Common Files\AccSys\AccVSSvc.exe
O23 - Service: Google Update Service (gupdate1c986c8651b7c94) (gupdate1c986c8651b7c94) - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
O23 - Service: StarWind AE Service (StarWindServiceAE) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\\ ActiveSetup Installed Components (040)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: .NET Framework - {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Drivers launched at startup (O41)
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32000 (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: T-Sinus 154data Driver (DT154_A02) - C:\WINDOWS\system32\DRIVERS\TS154USB.sys
O41 - Driver: Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber (e1express) - C:\WINDOWS\system32\DRIVERS\e1e6032.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: (no object) (igfx) - C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Link-Layer Topology Discovery Mapper I/O Driver (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) - C:\WINDOWS\system32\drivers\mfehidk.sys
O41 - Driver: Microsoft Monitor-Klassenfunktionstreiber-Dienst (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: MPFP (MPFP) - C:\WINDOWS\System32\Drivers\Mpfp.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: NativeWiFi-Filter (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS Usermode I/O Protocol (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetGroup Packet Filter Driver (NPF) - C:\WINDOWS\system32\drivers\npf.sys
O41 - Driver: (no object) (nvlddmkm) - C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32006 (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32005 (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERS\rassstp.sys
O41 - Driver: Link-Layer Topology Discovery Responder (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
O41 - Driver: Realtek 8169 NT Driver (RTL8169) - C:\WINDOWS\system32\DRIVERS\Rtlh86.sys
O41 - Driver: Realtek NDIS Protocol Driver (RtNdPt60) - C:\WINDOWS\system32\DRIVERS\RtNdPt60.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Microsoft IPv6 Protocol Driver (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Microsoft Tun-Miniportadaptertreiber (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Microsoft-IPv6-Tunnelminiport-Adaptertreiber (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
O41 - Driver: USB-Audiotreiber (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: (no object) (VSTHWBS2) - C:\WINDOWS\system32\DRIVERS\VSTBS23.SYS
O41 - Driver: (no object) (VST_DPV) - C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS
O41 - Driver: w32n5223 Protocol Driver (w32n5223) - C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (winachsf) - C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: McAfee Inc. mfeavfk (mfeavfk) - C:\WINDOWS\system32\drivers\mfeavfk.sys
O41 - Driver: McAfee Inc. mfebopk (mfebopk) - C:\WINDOWS\system32\drivers\mfebopk.sys
O41 - Driver: McAfee Inc. mferkdk (mferkdk) - C:\WINDOWS\system32\drivers\mferkdk.sys
O41 - Driver: McAfee Inc. mfesmfk (mfesmfk) - C:\WINDOWS\system32\drivers\mfesmfk.sys

---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player Plugin
O42 - Logiciel: AVIcodec (remove only)
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Diablo II
O42 - Logiciel: Google Chrome
O42 - Logiciel: Half-Life
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: T-Sinus 154data
O42 - Logiciel: jv16 PowerTools 2008
O42 - Logiciel: LucasArts' Curse of Monkey Island
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: mIRC
O42 - Logiciel: mm.BOT
O42 - Logiciel: MobMap 3.03
O42 - Logiciel: Mozilla Firefox (3.0.8)
O42 - Logiciel: Navilog1 3.7.6
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: Winamp Remote
O42 - Logiciel: PokerStars
O42 - Logiciel: RealPlayer
O42 - Logiciel: ScummVM 0.12.0
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: Kaminfeuer Titanium Edition
O42 - Logiciel: Counter-Strike
O42 - Logiciel: Day of Defeat
O42 - Logiciel: TeamSpeak 2 RC2
O42 - Logiciel: VideoLAN VLC media player 0.8.6i
O42 - Logiciel: Favorit
O42 - Logiciel: WinAce Archiver
O42 - Logiciel: Winamp
O42 - Logiciel: Winamp Toolbar for Firefox
O42 - Logiciel: World of Warcraft
O42 - Logiciel: XP Codec Pack
O42 - Logiciel: Zattoo 3.3.2 Beta
O42 - Logiciel: Roxio Creator Tools
O42 - Logiciel: Steam
O42 - Logiciel: Roxio Activation Module
O42 - Logiciel: Roxio Creator Data
O42 - Logiciel: Realtek Ethernet Network Card Diagnostic tool for Windows Vista
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: Microsoft Works
O42 - Logiciel: Virtual Earth 3D (Beta)
O42 - Logiciel: Sacred 2 Demo
O42 - Logiciel: DSL Connection Manager
O42 - Logiciel: Google Earth
O42 - Logiciel: neroxml
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: ICQ6.5
O42 - Logiciel: Roxio Creator Copy
O42 - Logiciel: Browser Address Error Redirector
O42 - Logiciel: Roxio Express Labeler 3
O42 - Logiciel: EDocs
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: DivX Codec
O42 - Logiciel: Roxio Creator Audio
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Roxio Creator BDAV Plugin
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: DivX Player
O42 - Logiciel: Sonic CinePlayer Decoder Pack
O42 - Logiciel: Compatibility Pack für 2007 Office System
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (German)
O42 - Logiciel: AGEIA PhysX v7.11.13
O42 - Logiciel: Nero 9 Trial
O42 - Logiciel: Google Update Helper
O42 - Logiciel: Adobe Reader 8.1.3 - Deutsch
O42 - Logiciel: DivX Converter
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Roxio Creator DE
O42 - Logiciel: Dell Support Center (Support Software)
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: Dell Handbuch zum Einstieg

---\\ Contents of the Common Files folders (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\AccSys
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Blizzard Entertainment
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\McAfee
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Nero
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PX Storage Engine
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Real
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Roxio Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sonic Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\supportsoft
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SureThing Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\xing shared

---\\ Last modified or created files under System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->11.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->25.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\null -->05.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc007.dat -->11.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->11.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh007.dat -->11.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->11.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->11.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->15.01.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06.04.2009

probleme mit Firefox

Log-Analyse und Auswertung: probleme mit Firefox