Mozilla läuft im Hintergrund weiter

laubinio · 13.04.2009, 17:03

Hi
hab ein Problem mit mozilla.
Wenn ich Mizilla beende und wieder starten möchte kommt einen fehlermeldung
dass Mozilla noch nicht beendet wurde.
in Task Manager läuft unter Prozesse firefox weiter. Ich muss dann immer den
Prozess erst beenden.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:46, on 13.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\dokumente und einstellungen\+++\lokale einstellungen\anwendungsdaten\mqkyw.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [mqkyw] "c:\dokumente und einstellungen\+++\lokale einstellungen\anwendungsdaten\mqkyw.exe" mqkyw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxkbhp.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5761 bytes

Würd mich freun wenn jemand was dazu sagt

Gruß Christian

john.doe · 13.04.2009, 17:20

Hallo und

1.) Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen:

Code:

ATTFilter

c:\dokumente und einstellungen\+++\lokale einstellungen\anwendungsdaten\mqkyw.exe
C:\WINDOWS\system32\qxkbhp.dll

Markiere jeweils eine Zeile, kopiere sie und füge sie bei Virustotal ein. Sollte die Meldung kommen, dass die Datei schon analysiert wurde, dann klicke trotzdem auf Analysieren.

2.) Lade beide Dateien gemäß dieser Anleitung (nur Punkt 2 der Anleitung) hoch.

3.) ZHPDiag von Nicolas Coolman

Klicke auf Téléchargement de ZHPDiag
Klicke auf der Seite auf FTP Zebulon.fr N°1.
Entpacke die geladene Datei auf den Desktop und starte ZHPDiag.exe mit Doppelklick.
Klicke auf All
Klicke auf General Analysis
Klicke auf Paste Clipboard
Wechsel zum Forum, klicke auf Antworten, klicke in den großen weißen Kasten
Drücke [Strg]v, [Strg]a
Klicke auf #

4.) Bitte lade Dir Navilog1 von IL-MAFIOSO herunter.

Doppelklicke auf navilog1.exe
Sollte das Programm nach Abschluß der Installation nicht automatisch gestartet werden, führe es bitte per Doppelklick auf das Navilog1-Shortcut auf deinem Desktop aus.
Wähle E für Englisch im Sprachenmenü
Wähle 1 im nächsten Menü um "Suche" auszuwählen. Bestätige mit Enter.
Die Dauer des Scans kann variieren, bitte abwarten. Wenn du aufgefordert wirst, eine Taste zu drücken, tue dies bitte.
Ein neues Dokument sollte erstellt und geöffnet werden: fixnavi.txt.
Bitte füge den Inhalt dieser Datei in deine nächste Antwort ein.

Der Bericht wird außerdem im Hauptverzeichnis (z.B.: "C:\") erstellt.

Hinweis:
Navilog1.exe wir von einigen Antivirenprogrammen als bösartig erkannt. Dies ist ein Fehlalarm. Die Nachricht bitte ignorieren.

ciao, andreas

laubinio · 13.04.2009, 17:47

So

soweit hat alles funtioniert.

Datei mqkyw.exe empfangen 2009.04.13 18:39:21 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 1/40 (2.5%)

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.13 -
AhnLab-V3 5.0.0.2 2009.04.13 -
AntiVir 7.9.0.138 2009.04.13 -
Antiy-AVL 2.0.3.1 2009.04.13 -
Authentium 5.1.2.4 2009.04.13 -
Avast 4.8.1335.0 2009.04.13 -
AVG 8.5.0.285 2009.04.13 -
BitDefender 7.2 2009.04.13 -
CAT-QuickHeal 10.00 2009.04.13 -
ClamAV 0.94.1 2009.04.13 -
Comodo 1112 2009.04.13 -
DrWeb 4.44.0.09170 2009.04.13 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6453 2009.04.13 -
F-Prot 4.4.4.56 2009.04.13 -
F-Secure 8.0.14470.0 2009.04.13 -
Fortinet 3.117.0.0 2009.04.13 -
GData 19 2009.04.13 -
Ikarus T3.1.1.49.0 2009.04.13 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.13 -
McAfee 5583 2009.04.13 -
McAfee+Artemis 5583 2009.04.13 -
McAfee-GW-Edition 6.7.6 2009.04.13 -
Microsoft 1.4502 2009.04.13 -
NOD32 4004 2009.04.13 -
Norman 6.00.06 2009.04.13 -
nProtect 2009.1.8.0 2009.04.13 -
Panda 10.0.0.14 2009.04.13 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.13 Medium Risk Malware
Rising 21.25.04.00 2009.04.13 -
Sophos 4.40.0 2009.04.13 -
Sunbelt 3.2.1858.2 2009.04.12 -
Symantec 1.4.4.12 2009.04.13 -
TheHacker 6.3.4.0.306 2009.04.12 -
TrendMicro 8.700.0.1004 2009.04.13 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.13.1690 2009.04.13 -
VirusBuster 4.6.5.0 2009.04.12 -
weitere Informationen
File size: 303104 bytes
MD5...: 4c97b140bba9572226d0249ecd61b74e

Datei qagent.dll empfangen 2009.04.13 18:36:53 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/38 (0%)

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.13 -
AhnLab-V3 5.0.0.2 2009.04.13 -
AntiVir 7.9.0.138 2009.04.13 -
Antiy-AVL 2.0.3.1 2009.04.13 -
Authentium 5.1.2.4 2009.04.13 -
Avast 4.8.1335.0 2009.04.13 -
AVG 8.5.0.285 2009.04.13 -
BitDefender 7.2 2009.04.13 -
CAT-QuickHeal 10.00 2009.04.13 -
ClamAV 0.94.1 2009.04.13 -
Comodo 1112 2009.04.13 -
DrWeb 4.44.0.09170 2009.04.13 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6453 2009.04.13 -
F-Prot 4.4.4.56 2009.04.13 -
Fortinet 3.117.0.0 2009.04.13 -
GData 19 2009.04.13 -
Ikarus T3.1.1.49.0 2009.04.13 -
K7AntiVirus 7.10.700 2009.04.11 -
Kaspersky 7.0.0.125 2009.04.13 -
McAfee 5583 2009.04.13 -
McAfee+Artemis 5583 2009.04.13 -
McAfee-GW-Edition 6.7.6 2009.04.13 -
Microsoft 1.4502 2009.04.13 -
NOD32 4004 2009.04.13 -
Norman 6.00.06 2009.04.13 -
nProtect 2009.1.8.0 2009.04.13 -
Panda 10.0.0.14 2009.04.13 -
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.13 -
Rising 21.25.04.00 2009.04.13 -
Sophos 4.40.0 2009.04.13 -
Sunbelt 3.2.1858.2 2009.04.12 -
Symantec 1.4.4.12 2009.04.13 -
TheHacker 6.3.4.0.306 2009.04.12 -
TrendMicro 8.700.0.1004 2009.04.13 -
ViRobot 2009.4.13.1690 2009.04.13 -
VirusBuster 4.6.5.0 2009.04.12 -
weitere Informationen
File size: 151040 bytes

Search Navipromo version 3.7.6 began on 13.04.2009 at 18:43:09,51

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programme\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz )
BIOS : BIOS Date: 10/24/07 21:06:54 Ver: 5.13
USER : +++ ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.26 (Activated)

C:\ (Local Disk) - NTFS - Total:58 Go (Free:30 Go)
D:\ (Local Disk) - NTFS - Total:407 Go (Free:264 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

Search done in normal mode

*** Search folders in "C:\WINDOWS" ***

*** Search folders in "C:\Programme" ***

...\Live-Player found !

*** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" ***

*** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1" ***

*** Search folders in "c:\dokume~1\alluse~1\anwend~1" ***

*** Search folders in "C:\Dokumente und Einstellungen\+++\anwend~1" ***

*** Search folders in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" ***

*** Search folders in "C:\Dokumente und Einstellungen\+++\startm~1\progra~1" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : h+++p://www.gmer.net

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" *

*** Search files ***

*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mqkyw"="\"c:\\dokumente und einstellungen\\+++\\lokale einstellungen\\anwendungsdaten\\mqkyw.exe\" mqkyw"

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In "C:\WINDOWS\system32" :

* In "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" :

mqkyw.exe found !
mqkyw.dat found !
mqkyw_nav.dat found !
mqkyw_navps.dat found !

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :

*** Search completed on 13.04.2009 at 18:45:01,64 ***

john.doe · 13.04.2009, 17:49

Navilog gleich nocheinmal starten, diesmal mit Option 2.

ciao, andreas

laubinio · 13.04.2009, 17:54

Hi

hab den 3. Punkt noch nicht gemacht soll ich dass noch machen ???

gruß Christian

john.doe · 13.04.2009, 17:55

Ja. Erst 3 dann navilog mit option 2.

ciao, andreas

laubinio · 13.04.2009, 18:05

[CODE]Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 13.04.2009 19:00:15
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.0.8)

---\\ Running Processes
RTHDCPL.EXE
ALCMTR.EXE
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
Logi_MwX.Exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
nwiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\services.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Internet Explorer Start Page (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

---\\ Internet Explorer Search Page (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects (O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe,1040
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe,1040

---\\ 'Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

O20 - AppInit_DLLs:qxkbhp.dll

---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1}
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Programme\Java\jre6\bin\jqs.exe -service -config C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ ActiveSetup Installed Components (040)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Browseranpassungen - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Vektorgrafik-Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: LightScribe Control Panel - {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe\Director\SwDir.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Adobe Shockwave Director 11.0 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML-Datenbindung für Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Erweitertes Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Adressbuch 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Windows Desktop-Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Taskplaner - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Drivers launched at startup (O41)
O41 - Driver: Microsoft Kernel-Echounterdrückung (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: 1394-ARP-Clientprotokoll (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Asynchroner RAS -Medientreiber (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protokoll für ATM ARP-Client (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Audiostubtreiber (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys
O41 - Driver: AVG Anti-Spyware Clean Driver (AvgAsCln) - C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
O41 - Driver: avgio (avgio) - C:\Programme\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\WINDOWS\system32\DRIVERS\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Treiber für die Verwaltung logischer Datenträger (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Microsoft Kernel-DLS-Synthesizer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Microsoft Kernel-DRM-Audioentschlüsselung (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 PCI Express Network Connection Driver (e1express) - C:\WINDOWS\system32\DRIVERS\e1e5132.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: Standardpaketklassifizierung (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Hamachi Network Interface (hamachi) - C:\WINDOWS\system32\DRIVERS\hamachi.sys
O41 - Driver: Microsoft UAA-Bustreiber für High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Microsoft HID Class-Treiber (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: i8042-Tastatur- und PS/2-Mausanschluss-Treiber (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: Intel-Prozessortreiber (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: IPv6-Windows-Firewalltreiber (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: Filtertreiber für IP-Verkehr (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP/IP-Tunneltreiber (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: IPSEC-Treiber (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: IR-Enumeratordienst (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Tastatur-HID-Treiber (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Microsoft Kernel-Waveaudiomixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Logitech PS/2 Mouse Filter Driver (L8042PR2) - C:\WINDOWS\System32\Drivers\l8042pr2.sys
O41 - Driver: Logitech HID/USB Mouse Filter Driver (LHidFlt2) - C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
O41 - Driver: Logitech USB Receiver device driver (LHidUsb) - C:\WINDOWS\System32\Drivers\LHidUsb.Sys
O41 - Driver: Logitech Mouse Class Filter Driver (LMouFlt2) - C:\WINDOWS\System32\Drivers\LMouFlt2.sys
O41 - Driver: Maus-HID-Treiber (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirector für WebDav-Client (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Proxy für Streaming Clock (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Proxy für Streaming Quality Manager (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft-Systemverwaltungs-BIOS-Treiber (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: RAS-NDIS-TAPI-Treiber (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS-Benutzermodus-E/A-Protokoll (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: RAS-NDIS-WAN-Treiber (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS-Schnittstelle (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBios über TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: 1394-Netzwerktreiber (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys
O41 - Driver: Netzwerkmonitortreiber (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys
O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
O41 - Driver: Filtertreiber für IPX-Verkehr (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Treiber für IPX-Verkehrsweiterleitung (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll (NwlnkIpx) - C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
O41 - Driver: NWLink-NetBIOS (NwlnkNb) - C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
O41 - Driver: NWLink SPX/SPXII-Protokoll (NwlnkSpx) - C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
O41 - Driver: OHCI-konformer IEEE 1394-Hostcontroller (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys
O41 - Driver: WAN-Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: QoS-Paketplaner (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Treiber für direkte Parallelverbindung (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Treiber für automatische RAS-Verbindung (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: WAN-Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Remotezugriff-PPPOE-Treiber (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallelanschluss (direkt) (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Treiber für Terminalserver-Geräteumleitung (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Filtertreiber für digitale CD-Audiowiedergabe (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Sentinel (Sentinel) - C:\WINDOWS\System32\Drivers\SENTINEL.SYS
O41 - Driver: Microsoft Kernel-Audiosplitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Filtertreiber für Systemwiederherstellung (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Software-Bus-Treiber (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Microsoft Kernel GS Wavetablesynthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Microsoft Kernel-Systemaudiogerät (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: TCP/IP-Protokolltreiber (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Microcode Updatetreiber (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Microsoft Standard-USB-Haupttreiber (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Microsoft USB-Standardhubtreiber (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Microsoft USB-Druckerklasse (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: USB-Scannertreiber (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: USB-Massenspeichertreiber (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Miniporttreiber für universellen Microsoft USB-Hostcontroller (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: RAS-IP-ARP-Treiber (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Treiber für Microsoft WINMM-WDM-Audiokompatibilität (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\system32\DRIVERS\wpdusb.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
O41 - Driver: zlportio (zlportio) - C:\Programme\UltraStar Deluxe\zlportio.sys

---\\ Software installed (O42)
O42 - Logiciel: 1&1 EasyLogin
O42 - Logiciel: 7-Zip 4.57
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Agfa ScanWise 1.50
O42 - Logiciel: AIMP2
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: HP Wireless Keyboard Driver V1.0
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: EVEREST Home Edition v2.20
O42 - Logiciel: Hamachi 1.0.1.5
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Command & Conquer(TM) Generäle
O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
O42 - Logiciel: Call of Duty(R) 4 - Modern Warfare(TM)
O42 - Logiciel: Command and Conquer(TM) Generäle Die Stunde Null
O42 - Logiciel: High Definition Audio Driver Package - KB888111
O42 - Logiciel: Update für Windows XP (KB898461)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB936782)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB938464)
O42 - Logiciel: Hotfix für Windows Media Player 11 (KB939683)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB941569)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950762)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB950974)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951066)
O42 - Logiciel: Update für Windows XP (KB951072-v2)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951376-v2)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951698)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB951748)
O42 - Logiciel: Update für Windows XP (KB951978)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player (KB952069)
O42 - Logiciel: Hotfix für Windows XP (KB952287)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB952954)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB953838)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB953839)
O42 - Logiciel: Sicherheitsupdate für Windows Media Player 11 (KB954154)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954211)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954459)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB954600)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB955069)
O42 - Logiciel: Update für Windows XP (KB955839)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956390)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956391)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956802)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956803)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB956841)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957095)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB957097)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958644)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958687)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB958690)
O42 - Logiciel: Wichtiges Update für Windows Media Player 11 (KB959772)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960225)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
O42 - Logiciel: Sicherheitsupdate für Windows XP (KB960715)
O42 - Logiciel: Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
O42 - Logiciel: Update für Windows XP (KB967715)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: MediaMonkey 3.0
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Mozilla Firefox (3.0.8)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Navilog1 3.7.6
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: ObjectDock
O42 - Logiciel: OpenAL
O42 - Logiciel: Die Siedler IV
O42 - Logiciel: TeamSpeak 2 RC2
O42 - Logiciel: TmNationsForever
O42 - Logiciel: VLC media player 0.9.6
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: WinRAR
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Xilisoft DVD Creator
O42 - Logiciel: Zattoo 3.3.3 Beta
O42 - Logiciel: ANNO 1602 Königs-Edition
O42 - Logiciel: Counter-Strike 1.6
O42 - Logiciel: Company of Heroes - FAKEMSI
O42 - Logiciel: Google Earth
O42 - Logiciel: Intel(R) Network Connections 13.0.42.0
O42 - Logiciel: Java(TM) 6 Update 11
O42 - Logiciel: MSXML 4.0
O42 - Logiciel: TuneUp Utilities 2008
O42 - Logiciel: GRID
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: ICQ6.5
O42 - Logiciel: Stronghold Legends
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Battlefield 1942
O42 - Logiciel: Windows Media Player Firefox Plugin
O42 - Logiciel: Sentinel Protection Installer 7.2.2
O42 - Logiciel: Nero 7 Premium
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Garena
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: NVIDIA PhysX
O42 - Logiciel: LightScribe System Software
O42 - Logiciel: QuickTime
O42 - Logiciel: Google SketchUp 6
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Adobe Reader 8.1.4
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Battlefield 1942: Secret Weapons of WWII
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Power Manager
O42 - Logiciel: OpenOffice.org 2.4
O42 - Logiciel: Battlefield 1942: The Road To Rome
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: PDFPrintuMailSbe 0.8.0

laubinio · 13.04.2009, 18:06

---\\ Last modified or created files under System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->12.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\GdiPlus.dll -->28.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\keystone.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mfc70.dll -->28.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->25.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->16.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msvcp70.dll -->28.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nv4_disp.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapi.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvappbar.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapps.nvb -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapps.xml -->13.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcod.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcodins.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcolor.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcpl.cpl -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcpl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcplui.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcpluir.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvcuda.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdisp.nvu -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdisps.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdispsr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvdspsch.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvgames.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvgamesr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nview.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccs.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccsrs.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccss.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmccssr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmctray.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmobls.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvmoblsr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvModes.dat -->11.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvoglnt.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\NvPVEnc.ax -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsar.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrscs.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsda.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsde.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsel.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrseng.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrses.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsesm.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsfi.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsfr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrshe.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrshu.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsit.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsja.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsko.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsnl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsno.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrspl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrspt.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsptb.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsru.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrssk.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrssl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrssv.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrsth.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrstr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrszhc.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvrszht.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvshell.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvsvc32.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvtuicpl.cpl -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvudisp.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvvitvs.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvvitvsr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwddi.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwdmcpl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwimg.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsar.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrscs.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsda.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsde.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsel.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrseng.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrses.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsesm.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsfi.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsfr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrshe.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrshu.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsit.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsja.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsko.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsnl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsno.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrspl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrspt.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsptb.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsru.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrssk.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrssl.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrssv.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrsth.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrstr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrszhc.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwrszht.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwss.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvwssr.dll -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nwiz.exe -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\OpenAL32.dll -->22.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc007.dat -->02.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->02.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh007.dat -->02.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->02.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->02.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TUKernel.exe -->13.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13.04.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wrap_oal.dll -->22.03.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntdd.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntflt.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avgntmgr.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avipbb.sys -->13.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\hamachi.sys -->16.02.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\nv4_mini.sys -->15.01.2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ssmdrv.sys -->13.02.2009

---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\7ZG.EXE-189F3F41.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AIMP2.EXE-14097106.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-1D2DB8A2.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGNT.EXE-39CD89BF.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-31D7686A.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVSCAN.EXE-25724B6E.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-24612965.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-3AC95876.pf -->19.03.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CATCHME.EXE-0B06868A.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCLEANER.EXE-065E2F3F.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHKNTFS.EXE-31921D64.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FROZEN THRONE.EXE-04CB1895.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GARENA.EXE-1A7DE003.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GETPATHS.EXE-10B311CA.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GNC.EXE-0546FBD8.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GNC.EXE-298006C5.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->09.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-39024128.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INTEGRATOR.EXE-328E2F5A.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IS-2EVT8.TMP-38E43101.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IS-BTV21.TMP-097EDAC7.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IW3MP.EXE-0220B50C.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\KOPIE VON GRID.EXE-09CE7A61.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MEMOPTIMIZER.EXE-36FE2832.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NAVILOG1.EXE-12D4D873.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OBJECTDOCK.EXE-200AFFC9.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OEM2ANSI.EXE-04B221CA.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSV.EXE-2688F3F3.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PROCESSMANAGER.EXE-2A611132.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-1EA4C8B2.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGISTRYCLEANER.EXE-2E8CD085.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1619A94E.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1857459C.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2BF3472E.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3029594F.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SHUTDOWN.EXE-12DAD820.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1D495A65.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\STARTUPMANAGER.EXE-336AE2DE.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYSTEMOPTIMIZER.EXE-15555041.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-3398FCD6.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WAR3.EXE-1423285C.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-3588DFE8.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->13.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOO.EXE-0C7AC94E.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOO1.EXE-2EA1ADA4.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOOD.EXE-1AC5C517.pf -->12.04.2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZHPDIAG.EXE-00214859.pf -->13.04.2009

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export authorized application key (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
O47 - AAKE:Key Export - "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
O47 - AAKE:Key Export - "D:\Spiele\Race Driver GRID\GRID.exe"="D:\Spiele\Race Driver GRID\GRID.exe:*:Enabled:GRID"
O47 - AAKE:Key Export - "D:\Spiele\C o D 4\iw3mp.exe"="D:\Spiele\C o D 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

End of the scan:
[/CODE]

laubinio · 13.04.2009, 18:15

so

Navipromo Removal version 3.7.6 started on 13.04.2009 at 19:10:16,28

Fix running from C:\Programme\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz )
BIOS : BIOS Date: 10/24/07 21:06:54 Ver: 5.13
USER : +++ ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.26 (Activated)

C:\ (Local Disk) - NTFS - Total:58 Go (Free:30 Go)
D:\ (Local Disk) - NTFS - Total:407 Go (Free:264 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

Automatic removal
with Catchme and GNS results

Cleanning stage done on Reboot

*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)

*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *

* Deletion in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" *

*** Deleting folders in "C:\WINDOWS" ***

*** Deleting folders in "C:\Programme" ***

*** Deleting folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" ***

*** Deleting folders in "C:\Dokumente und Einstellungen\All Users\startm~1" ***

*** Deleting folders in "c:\dokume~1\alluse~1\anwend~1" ***

*** Deleting folders in "C:\Dokumente und Einstellungen\+++\anwend~1" ***

*** Deleting folders in "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" ***

*** Deleting folders in "C:\Dokumente und Einstellungen\+++\startm~1\progra~1" ***

*** Deleting files ***

*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Dokumente und Einstellungen\+++\lokale~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :

* In "C:\WINDOWS\system32" *

* In "C:\Dokumente und Einstellungen\+++\lokale~1\anwend~1" *

*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned

*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***

*** Cleaning stage complete on 13.04.2009 at 19:12:10,54 ***

gruß Christian

john.doe · 13.04.2009, 18:18

Kann es sein, dass du navilog zweimal mit option 2 gestartet hast?

Poste bitte ein neues HJT-Log.

ciao, andreas

laubinio · 13.04.2009, 18:25

ja hab ich vor das mit den punkt 3 und dann danach nochmal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:48, on 13.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxkbhp.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5490 bytes

gruß christian

john.doe · 13.04.2009, 18:33

Firefox sollte wieder funktionieren.

1.) Deinstalliere:
Spybot (Schrott)

2.) Starte HJT => Do a system scan only => Markiere:

Code:

ATTFilter

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O20 - AppInit_DLLs: qxkbhp.dll

=> Fix checked

3.) http://www.trojaner-board.de/51187-a...i-malware.html

4.) http://www.trojaner-board.de/51871-a...tispyware.html (Nur Punkt 1-3)

ciao,
andreas

laubinio · 13.04.2009, 19:42

so

SUPERAntiSpyware Scan Log
h+++p://w++w.superantispyware.com

Generated 04/13/2009 at 08:20 PM

Application Version : 4.26.1000

Core Rules Database Version : 3841
Trace Rules Database Version: 1796

Scan type : Complete Scan
Total Scan Time : 00:33:52

Memory items scanned : 533
Memory threats detected : 0
Registry items scanned : 5091
Registry threats detected : 30
File items scanned : 15838
File threats detected : 5

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\+++\Cookies\laubi@doubleclick[1].txt
C:\Dokumente und Einstellungen\+++\Cookies\laubi@adserver.71i[1].txt
C:\Dokumente und Einstellungen\+++\Cookies\laubi@statse.webtrendslive[2].txt
C:\Dokumente und Einstellungen\+++\Cookies\laubi@atwola[1].txt

Trojan.DNSChanger-Codec
HKU\S-1-5-21-1343024091-1592454029-839522115-1003\Software\uninstall

Rogue.Component/Trace
HKLM\Software\Microsoft\BC8387C8
HKLM\Software\Microsoft\BC8387C8#bc8387c8
HKLM\Software\Microsoft\BC8387C8#Version
HKLM\Software\Microsoft\BC8387C8#bc832a48
HKLM\Software\Microsoft\BC8387C8#bc8343ad
HKU\S-1-5-21-1343024091-1592454029-839522115-1003\Software\Microsoft\CS41275
HKU\S-1-5-21-1343024091-1592454029-839522115-1003\Software\Microsoft\FIAS4018

Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#start
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#type
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#imagepath
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys#group
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSserv
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSl
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssservers
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssmain
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsslog
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssadw
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssinit
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdssurls
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsspanels
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#tdsserrors
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules#TDSSproc
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\Enum#INITSTARTFAILED

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\TDSSWGQE.DAT

Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1439
Windows 5.1.2600 Service Pack 3

13.04.2009 20:33:50
mbam-log-2009-04-13 (20-33-50).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 94897
Laufzeit: 14 minute(s), 24 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

gruß Christian

john.doe · 13.04.2009, 19:45

Eieiei, das TDSSdingens. Wie geht es dem Rechner?

Er sollte spürbar schneller sein. Poste ein letztes HJT-Log.

ciao, andreas

laubinio · 13.04.2009, 19:49

so

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:50, on 13.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5211 bytes

Von der schnelligkeit merkt man keinen unterschied war vorher schon so schnell wie immer..

gruß christian

Mozilla läuft im Hintergrund weiter

Log-Analyse und Auswertung: Mozilla läuft im Hintergrund weiter