C:\Windows\system32\svchost.exe.

adonisierend · 15.07.2009, 18:37

Hallo zusammen

ich habe glaube ich meine sychost.exe ausversehen gelöscht..
auf jeden fall bekomme ich beim start meines pcs die fehlermeldung..
aber angezeigt wird sie trotzdem.

hier mal mein hijack logfile

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\avgwdsvc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\avgemc.exe
D:\PROGRA~1\avgrsx.exe
D:\PROGRA~1\avgnsx.exe
D:\Programme\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
D:\PROGRA~1\avgtray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DNA\btdna.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Security Task Manager\taskman.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = httpx://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = httpx://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = httpx://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = httpx://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = httpx://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://icq.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9b90569457c0a) (gupdate1c9b90569457c0a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

--
End of file - 9681 bytes

wäre super wenn mal jemand seine augen drüber werfen würde..

danke

john.doe · 15.07.2009, 18:50

Hallo und

Zitat:

ich habe glaube ich meine sychost.exe ausversehen gelöscht..

Das war gut, denn das war ein Schädling.

Zitat:

auf jeden fall bekomme ich beim start meines pcs die fehlermeldung..

1.) Starte HJT => Do a system scan only => Markiere:

Code:

ATTFilter

Alle R0, R1, R3, F3, O2, O3, O8, O9 und O16-Einträge
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

=> Fix checked => Neustart

2.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

adonisierend · 15.07.2009, 22:33

UI das ging ja schnell.
dann fange ich mal an.
So, habe die dinger da gefixt.. und neustart da kahm so ne meldung:
vielleicht ohne bedeutung??
kann den screenshot leider hier grafisch nicht einfügen..

meine fehlermeldung beim start ist weg.

Punkt a) CCleaner ist erfolgreich erledigt.

Punkt b) Malwarebytes:

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2435
Windows 5.1.2600 Service Pack 3

15.07.2009 23:28:21
mbam-log-2009-07-15 (23-28-21).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 142300
Laufzeit: 45 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

So ich muss in 5 stunden arbeiten,
liefere Punkt c) morgen Nachmittag
Danke schonmal!!
liebe Grüße

adonisierend · 16.07.2009, 20:31

So, jetzt Punkt c) RSIT:

info.txt logfile of random's system information tool 1.06 2009-07-16 21:22:04

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Animated Waterfalls-->C:\WINDOWS\unins000.exe
AVG Free 8.5-->D:\Programme\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 deutsch-->"C:\Programme\DVD Shrink DE\unins000.exe"
foobar2000 v0.9.5.6-->"C:\Programme\foobar2000\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kikin Plugin (JDownloader Edition) 1.11-->C:\Programme\kikin\uninst.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Premium-->MsiExec.exe /I{42347B75-9660-2DA4-63FD-D35E344E1031}
Norton PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Punk O Rama IV-->C:\WINDOWS\uninst.exe -f"C:\Programme\Punk O Rama IV\DeIsL1.isu" -c"C:\Programme\Punk O Rama IV\_ISREG32.DLL"
Q-Dir-->C:\Programme\Q-Dir\Q-Dir.exe -uninstall
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roll-->C:\WINDOWS\UniFish3.exe C:\Programme\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x7
Security Task Manager 1.7h-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}
Spybot - Search & Destroy-->"D:\Spybot - Search & Destroy\unins000.exe"
T-DSL SpeedManager-->MsiExec.exe /I{1762C1BA-66BF-454A-8746-F921574CFF6C}
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe

=====HijackThis Backups=====

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2008-11-17]
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) [2008-11-17]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-11-17]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-07-15]
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe [2009-07-15]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-07-15]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-07-15]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-07-15]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ [2009-07-15]
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-15]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-07-15]
R3 - URLSearchHook: (no name) - - (no file) [2009-07-15]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\avgssie.dll [2009-07-15]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-07-15]
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2009-07-15]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll [2009-07-15]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-15]
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-07-15]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 [2009-07-15]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-15]
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-07-15]
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2009-07-15]
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-07-15]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html [2009-07-15]
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-07-15]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html [2009-07-15]
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-07-15]
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-07-15]
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2009-07-15]
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) [2009-07-15]
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll [2009-07-15]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll [2009-07-15]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-15]
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe [2009-07-15]
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe [2009-07-15]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab [2009-07-15]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-15]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-07-15]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-07-15]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\avgssie.dll [2009-07-15]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-07-15]
R3 - URLSearchHook: (no name) - - (no file) [2009-07-15]
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe [2009-07-15]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-07-15]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll [2009-07-15]
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-15]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-07-15]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-07-15]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ [2009-07-15]
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-07-15]
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-07-15]
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2009-07-15]
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2009-07-15]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-15]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 [2009-07-15]
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-07-15]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html [2009-07-15]
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2009-07-15]
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) [2009-07-15]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-15]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html [2009-07-15]
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-07-15]
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-07-15]
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-07-15]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-15]
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll [2009-07-15]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll [2009-07-15]
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe [2009-07-15]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab [2009-07-15]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-15]
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe [2009-07-15]
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://icq.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab [2009-07-15]

======Hosts File======

127.0.0.1 www.xnxx.com
127.0.0.1 xnxx.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOME-PC
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 8551
Source Name: Service Control Manager
Time Written: 20090610063704.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

adonisierend · 16.07.2009, 20:35

Computer Name: HOME-PC
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 8550
Source Name: Service Control Manager
Time Written: 20090610063704.000000+120
Event Type: Informationen
User:

Computer Name: HOME-PC
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Intelligenter Hintergrundübertragungsdienst" gesendet.

Record Number: 8549
Source Name: Service Control Manager
Time Written: 20090610063704.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: HOME-PC
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 8548
Source Name: Service Control Manager
Time Written: 20090610063704.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: HOME-PC
Event Code: 7036
Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 8547
Source Name: Service Control Manager
Time Written: 20090610063704.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: HOME-PC
Event Code: 1005
Message: Der Benutzer hat den Endbenutzer-Lizenzvertrag abgelehnt.

Record Number: 5
Source Name: WgaSetup
Time Written: 20090713131608.000000+120
Event Type: Informationen
User:

Computer Name: HOME-PC
Event Code: 0
Message:
Record Number: 4
Source Name: gupdate1c9b90569457c0a
Time Written: 20090713131600.000000+120
Event Type: Informationen
User:

Computer Name: HOME-PC
Event Code: 1004
Message: Der Benutzer hat den Endbenutzer-Lizenzvertrag akzeptiert.

Record Number: 3
Source Name: WgaSetup
Time Written: 20090713131559.000000+120
Event Type: Informationen
User:

Computer Name: HOME-PC
Event Code: 1002
Message: Starting interactive setup.

Record Number: 2
Source Name: WgaSetup
Time Written: 20090713131558.000000+120
Event Type: Informationen
User:

Computer Name: HOME-PC
Event Code: 1006
Message: Der Endbenutzer-Lizenzvertrag wurde zuvor akzeptiert.

Record Number: 1
Source Name: WgaSetup
Time Written: 20090713131557.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Gemeinsame Dateien\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

adonisierend · 16.07.2009, 20:40

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-16 21:21:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 580 MB (6%) free of 10 GB
Total RAM: 958 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:01, on 16.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\avgwdsvc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
D:\PROGRA~1\avgtray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DNA\btdna.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\PROGRA~1\avgemc.exe
D:\PROGRA~1\avgrsx.exe
D:\PROGRA~1\avgnsx.exe
D:\Programme\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Administrator.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

--
End of file - 4899 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2007-12-20 37376]
"HDAudDeck"=C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe [2007-02-01 778240]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"T-DSL SpeedMgr"=C:\Programme\T-DSL SpeedManager\SpeedMgr.exe [2006-02-09 765952]
"AVG8_TRAY"=D:\PROGRA~1\avgtray.exe [2009-06-25 1948440]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-04-09 198160]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Programme\DNA\btdna.exe [2008-12-16 342848]
"SpybotSD TeaTimer"=D:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2008-09-01 173304]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-25 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled

NA"
"C:\Programme\Valve\hl.exe"="C:\Programme\Valve\hl.exe:*

isabled:Half-Life Launcher"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"D:\Programme\avgemc.exe"="D:\Programme\avgemc.exe:*:Enabled:avgemc.exe"
"D:\Programme\avgupd.exe"="D:\Programme\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c37cd8e-58b5-11dd-8a0f-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c37cdae-58b5-11dd-8a0f-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ddafec3-6234-11dd-8a1d-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f86a52b-395b-11de-84f7-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835e367b-43c3-11dd-89eb-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b410c20d-34ec-11dd-89cb-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d17592-2f13-11dd-89bf-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddb39637-5b4e-11dd-8a10-00a0d1c4bb64}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

======List of files/folders created in the last 1 months======

2009-07-16 21:21:43 ----DC---- C:\rsit
2009-07-16 07:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-16 07:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-16 07:00:19 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 07:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-15 22:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-15 22:06:07 ----D---- C:\WINDOWS\Prefetch
2009-07-15 22:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-07-15 22:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-15 22:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-15 22:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-15 22:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-07-15 22:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-15 22:02:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-07-15 21:47:34 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-15 21:37:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-15 20:04:43 ----D---- C:\Programme\Messenger
2009-07-15 20:03:03 ----D---- C:\WINDOWS\system32\de
2009-07-15 20:03:03 ----D---- C:\WINDOWS\l2schemas
2009-07-15 20:03:01 ----D---- C:\WINDOWS\system32\bits
2009-07-15 19:49:48 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2009-07-15 19:49:48 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2009-07-15 19:49:48 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-07-15 19:49:48 ----A---- C:\WINDOWS\system32\fsquirt.exe
2009-07-15 19:49:48 ----A---- C:\WINDOWS\system32\bthserv.dll
2009-07-15 19:49:48 ----A---- C:\WINDOWS\system32\bthci.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2009-07-15 19:49:47 ----A---- C:\WINDOWS\system32\ir50_32.dll
2009-07-15 19:49:46 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-07-15 19:49:46 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-07-15 19:49:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-07-15 19:49:46 ----A---- C:\WINDOWS\system32\wshbth.dll
2009-07-15 19:49:46 ----A---- C:\WINDOWS\system32\verclsid.exe
2009-07-15 19:49:46 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-15 19:49:43 ----A---- C:\WINDOWS\system32\spiisupd.exe
2009-07-15 19:49:43 ----A---- C:\WINDOWS\system32\pidgen.dll
2009-07-15 19:49:43 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2009-07-15 19:49:42 ----A---- C:\WINDOWS\system32\dpcdll.dll
2009-07-15 19:49:40 ----A---- C:\WINDOWS\system32\secedit.exe
2009-07-15 19:49:40 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2009-07-15 19:49:40 ----A---- C:\WINDOWS\system32\kbdukx.dll
2009-07-15 19:49:40 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-07-15 19:49:40 ----A---- C:\WINDOWS\system32\dsprpres.dll
2009-07-15 19:49:39 ----A---- C:\WINDOWS\system32\wscntfy.exe
2009-07-15 19:49:39 ----A---- C:\WINDOWS\system32\w3ssl.dll
2009-07-15 19:49:39 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2009-07-15 19:49:39 ----A---- C:\WINDOWS\system32\p2psvc.dll
2009-07-15 19:49:39 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\msftedit.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2009-07-15 19:49:38 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\smbinst.exe
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\sbeio.dll
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\msdadiag.dll
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-07-15 19:49:37 ----A---- C:\WINDOWS\system32\fwcfg.dll
2009-07-15 19:49:36 ----A---- C:\WINDOWS\system32\winbrand.dll
2009-07-15 19:49:36 ----A---- C:\WINDOWS\system32\twext.dll
2009-07-15 19:49:36 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2009-07-15 19:49:36 ----A---- C:\WINDOWS\system32\mssap.dll
2009-07-15 19:49:36 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2009-07-15 19:49:36 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-07-15 19:49:35 ----A---- C:\WINDOWS\system32\spnpinst.exe
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\xmlprov.dll
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2009-07-15 19:49:32 ----A---- C:\WINDOWS\system32\btpanui.dll
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\wscsvc.dll
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\winshfhc.dll
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\powercfg.exe
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\encapi.dll
2009-07-15 19:49:31 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\p2p.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\kbdno1.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\kbdinben.dll
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\blastcln.exe
2009-07-15 19:49:30 ----A---- C:\WINDOWS\system32\auditusr.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\systeminfo.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\schtasks.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\openfiles.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\gpresult.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\eventcreate.exe
2009-07-15 19:49:29 ----A---- C:\WINDOWS\system32\driverquery.exe
2009-07-15 19:49:28 ----A---- C:\WINDOWS\system32\cipher.exe
2009-07-15 19:49:28 ----A---- C:\WINDOWS\system32\bootcfg.exe
2009-07-15 19:49:28 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2009-07-15 19:49:28 ----A---- C:\WINDOWS\system32\appmgr.dll
2009-07-15 19:49:28 ----A---- C:\WINDOWS\system32\appmgmts.dll
2009-07-15 19:49:28 ----A---- C:\WINDOWS\system32\adsnw.dll
2009-07-15 19:49:27 ----A---- C:\WINDOWS\system32\getmac.exe
2009-07-15 19:49:27 ----A---- C:\WINDOWS\system32\fdeploy.dll
2009-07-15 19:49:27 ----A---- C:\WINDOWS\system32\fde.dll
2009-07-15 19:49:27 ----A---- C:\WINDOWS\system32\efsadu.dll
2009-07-15 19:49:26 ----A---- C:\WINDOWS\system32\gptext.dll
2009-07-15 19:49:26 ----A---- C:\WINDOWS\system32\gpedit.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqise.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\mqad.dll
2009-07-15 19:49:25 ----A---- C:\WINDOWS\system32\logman.exe
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\rsnotify.exe
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\proxycfg.exe
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\nwwks.dll
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\nwapi32.dll
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\ntbackup.exe
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-07-15 19:49:24 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\tracerpt.exe
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-07-15 19:49:23 ----A---- C:\WINDOWS\system32\taskkill.exe
2009-07-15 19:49:22 ----A---- C:\WINDOWS\system32\wsecedit.dll
2009-07-15 19:48:47 ----A---- C:\WINDOWS\regedit.exe
2009-07-15 19:48:47 ----A---- C:\WINDOWS\hh.exe
2009-07-15 19:48:47 ----A---- C:\WINDOWS\explorer.exe
2009-07-15 19:48:46 ----A---- C:\WINDOWS\winhlp32.exe
2009-07-15 19:48:46 ----A---- C:\WINDOWS\twain_32.dll
2009-07-15 19:48:42 ----A---- C:\WINDOWS\system32\aclui.dll
2009-07-15 19:48:42 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-15 19:48:42 ----A---- C:\WINDOWS\system32\6to4svc.dll
2009-07-15 19:48:41 ----A---- C:\WINDOWS\system32\adsmsext.dll
2009-07-15 19:48:41 ----A---- C:\WINDOWS\system32\adsldpc.dll

john.doe · 16.07.2009, 20:43

Da fehlt noch log.txt.

Start => Ausführen => c:\rsit\log.txt => Ok

Kompletten Inhalt hier posten oder in den Anhang packen (nach unten rollen => Anhänge verwalten).

ciao, andreas

adonisierend · 16.07.2009, 20:43

2009-07-15 19:48:41 ----A---- C:\WINDOWS\system32\adsldp.dll
2009-07-15 19:48:41 ----A---- C:\WINDOWS\system32\actxprxy.dll
2009-07-15 19:48:41 ----A---- C:\WINDOWS\system32\actmovie.exe
2009-07-15 19:48:41 ----A---- C:\WINDOWS\system32\activeds.dll
2009-07-15 19:48:40 ----A---- C:\WINDOWS\system32\apphelp.dll
2009-07-15 19:48:40 ----A---- C:\WINDOWS\system32\amstream.dll
2009-07-15 19:48:40 ----A---- C:\WINDOWS\system32\alrsvc.dll
2009-07-15 19:48:40 ----A---- C:\WINDOWS\system32\alg.exe
2009-07-15 19:48:40 ----A---- C:\WINDOWS\system32\ahui.exe
2009-07-15 19:48:40 ----A---- C:\WINDOWS\system32\adsnt.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\basesrv.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\autolfn.exe
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\autofmt.exe
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\authz.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\audiosrv.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\attrib.exe
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\atmlib.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\atmfd.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\atmadm.exe
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\at.exe
2009-07-15 19:48:39 ----A---- C:\WINDOWS\system32\asycfilt.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\capesnpn.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\camocx.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\cabview.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\cabinet.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\browsewm.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\browseui.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\browser.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\browselc.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\bidispl.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-15 19:48:38 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cliconfg.exe
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cliconfg.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cisvc.exe
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\ciodm.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cic.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\certmgr.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\certcli.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cdosys.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-15 19:48:37 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmutil.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmstp.exe
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmmon32.exe
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmdl32.exe
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\clusapi.dll
2009-07-15 19:48:36 ----A---- C:\WINDOWS\system32\clipsrv.exe
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\comres.dll
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\compstui.dll
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\compatui.dll
2009-07-15 19:48:35 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\csrss.exe
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cscui.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cscript.exe
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cscdll.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cryptui.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cryptnet.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cryptext.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cryptdll.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\crypt32.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\credui.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\conime.exe
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\confmsp.dll
2009-07-15 19:48:34 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dciman32.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dbghelp.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\davclnt.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\datime.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\dataclen.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\danim.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\d3dim700.dll
2009-07-15 19:48:33 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dinput8.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dinput.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\digest.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\diantz.exe
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dgnet.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dfrgui.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\devmgr.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\devenum.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\defrag.exe
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\ddrawex.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-07-15 19:48:32 ----A---- C:\WINDOWS\system32\ddeshare.exe
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\dmcompos.dll
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\dmband.dll
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\dmadmin.exe
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\dllhost.exe
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\dispex.dll
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\diskpart.exe
2009-07-15 19:48:31 ----A---- C:\WINDOWS\system32\diskcopy.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmstyle.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmserver.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmscript.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmremote.exe
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmloader.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmime.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2009-07-15 19:48:30 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\ersvc.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\els.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dxmasf.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dx8vb.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dx7vb.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dwwin.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\duser.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dumprep.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dswave.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsuiext.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dssenh.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dssec.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsquery.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsprop.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsound3d.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsound.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dskquoui.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dskquota.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dsdmo.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\ds32gt.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\drprov.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpvvox.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpvoice.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpvacm.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpnet.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\docprop2.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dnsapi.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-07-15 19:48:29 ----A---- C:\WINDOWS\system32\dmsynth.dll
2009-07-15 19:48:28 ----A---- C:\WINDOWS\system32\eudcedit.exe
2009-07-15 19:48:28 ----A---- C:\WINDOWS\system32\esent.dll
2009-07-15 19:48:28 ----A---- C:\WINDOWS\system32\es.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\hid.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\hhsetup.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\help.exe
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\h323msp.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\grpconv.exe
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\glu32.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\gdi32.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\framebuf.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\forcedos.exe
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\fontview.exe
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\fontext.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\findstr.exe
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\filemgmt.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\feclient.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\faultrep.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\exts.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\extrac32.exe
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\expsrv.dll
2009-07-15 19:48:27 ----A---- C:\WINDOWS\system32\eventlog.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipxwan.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipxroute.exe
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipv6.exe
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ippromon.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipmontr.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ipconfig.exe
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\input.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\initpki.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\inetppui.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\inetpp.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\inetmib1.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\imm32.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\imeshare.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\imapi.exe
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\ifmon.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\iexpress.exe
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\idq.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\icmp.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\icm32.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\iccvid.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\iasrad.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\htui.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2009-07-15 19:48:26 ----A---- C:\WINDOWS\system32\hlink.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mmcbase.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mmc.exe
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mlang.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mimefilt.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\miglibnt.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\midimap.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mfc42.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mfc40u.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mf3216.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mdminst.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mciwave.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mciseq.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mciavi32.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\mcastmib.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\makecab.exe
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\magnify.exe
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\lsass.exe
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\lprhelp.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\lpk.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\logonui.exe
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\localui.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\localsec.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\loadperf.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\lmrt.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\linkinfo.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\licdll.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\kd1394.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\kbdnec.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\jgpl400.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\jgdw400.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\ixsso.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\itss.dll
2009-07-15 19:48:25 ----A---- C:\WINDOWS\system32\itircl.dll
2009-07-15 19:48:24 ----A---- C:\WINDOWS\system32\mobsync.dll
2009-07-15 19:48:24 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-15 19:48:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-15 19:48:24 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-15 19:48:24 ----A---- C:\WINDOWS\system32\mmcshext.dll
2009-07-15 19:48:24 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2009-07-15 19:48:23 ----A---- C:\WINDOWS\system32\moricons.dll
2009-07-15 19:48:23 ----A---- C:\WINDOWS\system32\more.com
2009-07-15 19:48:23 ----A---- C:\WINDOWS\system32\modemui.dll
2009-07-15 19:48:23 ----A---- C:\WINDOWS\system32\mobsync.exe
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msgina.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdmo.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msdart.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msctfp.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msctf.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mscms.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msapsspc.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msafd.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\msacm32.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mprdim.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mprapi.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mpr.dll
2009-07-15 19:48:22 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msimg32.dll
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msieftp.dll
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msidle.dll
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msident.dll
2009-07-15 19:48:21 ----A---- C:\WINDOWS\system32\msi.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msrle32.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msprivs.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\mspatcha.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msorcl32.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msorc32r.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msnsspc.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\mslbui.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msisip.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msimtf.dll
2009-07-15 19:48:20 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msw3prt.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msvfw32.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msvcrt.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msvcp60.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msvcirt.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2009-07-15 19:48:19 ----A---- C:\WINDOWS\system32\msutb.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netsh.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netsetup.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netrap.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netplwiz.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netman.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netlogon.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netid.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netdde.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netcfgx.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\net1.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\net.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\nddenb32.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\nddeapir.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\nddeapi.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\ncobjapi.dll

adonisierend · 16.07.2009, 20:44

2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\narrator.exe
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mtxclu.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\msxml2.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\msxml.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mswsock.dll
2009-07-15 19:48:18 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\ntmarta.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\ntlanman.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\npptools.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\notepad.exe
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\nlhtml.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\newdev.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\netui1.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\netui0.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\netstat.exe
2009-07-15 19:48:17 ----A---- C:\WINDOWS\system32\netshell.dll
2009-07-15 19:48:17 ----A---- C:\WINDOWS\notepad.exe
2009-07-15 19:48:16 ----A---- C:\WINDOWS\system32\objsel.dll
2009-07-15 19:48:16 ----A---- C:\WINDOWS\system32\oakley.dll
2009-07-15 19:48:16 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2009-07-15 19:48:16 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-07-15 19:48:16 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\offfilt.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odtext32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odpdx32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odfox32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odexl32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\oddbse32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbctrac.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcji32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcint.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbccu32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbccr32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbccp32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcconf.exe
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcconf.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbcad32.exe
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\odbc32.dll
2009-07-15 19:48:15 ----A---- C:\WINDOWS\system32\ocmanage.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qedwipes.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qedit.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qdv.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\qcap.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\pstorec.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\psbase.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\psapi.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\proquota.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\progman.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\profmap.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\polstore.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\ping.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\pid.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\photowiz.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\perfproc.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\perfos.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\perfnet.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\perfmon.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\perfdisk.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\pdh.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\pautoenr.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\packager.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\osuninst.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\osk.exe
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\opengl32.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\olepro32.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\oleprn.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\oledlg.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\olecli32.dll
2009-07-15 19:48:14 ----A---- C:\WINDOWS\system32\ole32.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rcimlby.exe
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rastls.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rassapi.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rasppp.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rasphone.exe
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rasmans.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\raschap.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\query.dll
2009-07-15 19:48:12 ----A---- C:\WINDOWS\system32\quartz.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\riched20.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rexec.exe
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\resutils.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\regwizc.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\regsvr32.exe
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\regsvc.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\regapi.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\reg.exe
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdpdd.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-15 19:48:11 ----A---- C:\WINDOWS\system32\rcp.exe
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\scecli.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\sccsccp.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\scarddlg.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\runonce.exe
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rundll32.exe
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rtutils.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rtcshare.exe
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rsmps.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rsh.exe
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rsaenh.dll
2009-07-15 19:48:10 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sfc_os.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sfc.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\setup.exe
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sethc.exe
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sensapi.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sens.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sendmail.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\security.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\secur32.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\seclogon.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sdbinst.exe
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\scrrun.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\scrobj.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-15 19:48:09 ----A---- C:\WINDOWS\system32\scesrv.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\spoolsv.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\spoolss.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\sort.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\snmpapi.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\slbiop.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\slayerxp.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\skeys.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\sigverif.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\sigtab.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shutdown.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shsvcs.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shscrap.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shrpubw.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shmgrate.exe
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shmedia.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shimeng.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shgina.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shfolder.dll
2009-07-15 19:48:02 ----A---- C:\WINDOWS\system32\shell32.dll
2009-07-15 19:48:01 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2009-07-15 19:48:01 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\syncui.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\synceng.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\sxs.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\svchost.exe
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\stobject.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\stimon.exe
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\sti_ci.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\sti.dll
2009-07-15 19:48:00 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tsddd.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\trkwks.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tree.com
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tracert.exe
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tourstart.exe
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\themeui.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\termmgr.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\telnet.exe
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tcpmon.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tcpmib.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tapisrv.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tapi32.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\tapi3.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-15 19:47:59 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\upnphost.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\upnpcont.exe
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\upnp.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\uniplat.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\unimdmat.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\umandlg.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\udhisapi.dll
2009-07-15 19:47:58 ----A---- C:\WINDOWS\system32\txflog.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\vbajet32.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\utilman.exe
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\usp10.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\userenv.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\user32.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\usbmon.dll
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\ups.exe
2009-07-15 19:47:57 ----A---- C:\WINDOWS\system32\upnpui.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wow32.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wmstream.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wmpui.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wmpcore.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wmpcd.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wmi.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wlnotify.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wldap32.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winver.exe
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wintrust.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winsta.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winscard.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winrnr.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winntbbu.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winmm.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\winipsec.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiavideo.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiaservc.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiascr.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiadss.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiadefui.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wextract.exe
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\webvw.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\webclnt.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\wavemsp.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\w32time.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\vssvc.exe
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\vssapi.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\version.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\verifier.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\vdmredir.dll
2009-07-15 19:47:56 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wsock32.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wshrm.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wship6.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wshext.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wshcon.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wscript.exe
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\ws2help.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\ws2_32.dll
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2009-07-15 19:47:55 ----A---- C:\WINDOWS\system32\wpabaln.exe
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\zipfldr.dll
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\xcopy.exe
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\xactsrv.dll
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-07-15 19:47:54 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\cmd.exe
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\cacls.exe
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\autochk.exe
2009-07-15 19:47:53 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\services.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\schannel.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\savedump.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\samlib.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\rasman.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\rasdlg.dll

adonisierend · 16.07.2009, 20:45

2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\printui.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\locator.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\localspl.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\ftp.exe
2009-07-15 19:47:52 ----A---- C:\WINDOWS\system32\format.com
2009-07-15 19:47:51 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-07-15 19:47:51 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-07-15 19:47:51 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-07-15 19:47:51 ----A---- C:\WINDOWS\system32\smss.exe
2009-07-15 19:47:51 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-07-15 19:47:50 ----A---- C:\WINDOWS\system32\userinit.exe
2009-07-15 19:47:50 ----A---- C:\WINDOWS\system32\untfs.dll
2009-07-15 19:47:50 ----A---- C:\WINDOWS\system32\ulib.dll
2009-07-15 19:47:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-07-15 19:47:49 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-07-15 19:47:47 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-07-15 19:47:47 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-07-15 19:47:47 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-07-15 19:12:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-07-15 19:11:56 ----D---- C:\Programme\Security Task Manager
2009-07-15 19:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 19:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 18:58:45 ----D---- C:\WINDOWS\ie8updates
2009-07-15 18:54:58 ----HDC---- C:\WINDOWS\ie8
2009-07-15 18:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 16:04:48 ----D---- C:\Programme\ICQ6.5
2009-07-15 15:55:46 ----D---- C:\Programme\ICQLite
2009-07-14 16:44:44 ----D---- C:\Programme\ICQ6Toolbar
2009-07-14 16:44:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2009-06-24 18:31:05 ----A---- C:\Programme\wmp11-windowsxp-x86-DE-DE.exe
2009-06-20 17:36:43 ----DC---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\kikin
2009-06-20 17:36:43 ----D---- C:\Programme\kikin
2009-06-20 16:20:06 ----DC---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3

======List of files/folders modified in the last 1 months======

2009-07-16 21:21:25 ----DC---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\foobar2000
2009-07-16 21:19:33 ----DC---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DNA
2009-07-16 20:51:25 ----D---- C:\Programme\Mozilla Firefox
2009-07-16 19:01:38 ----D---- C:\WINDOWS\Temp
2009-07-16 18:59:18 ----D---- C:\Programme\DNA
2009-07-16 17:50:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-16 16:43:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-16 14:15:14 ----SHD---- C:\WINDOWS\Installer
2009-07-16 09:49:01 ----D---- C:\WINDOWS\system32
2009-07-16 09:15:28 ----D---- C:\WINDOWS
2009-07-16 07:00:31 ----HD---- C:\WINDOWS\inf
2009-07-16 07:00:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 07:00:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 22:39:42 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-07-15 22:39:38 ----D---- C:\WINDOWS\system32\drivers
2009-07-15 22:34:02 ----D---- C:\WINDOWS\Debug
2009-07-15 22:33:55 ----D---- C:\WINDOWS\Minidump
2009-07-15 22:19:20 ----D---- C:\WINDOWS\system32\wbem
2009-07-15 22:17:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-15 22:16:22 ----D---- C:\WINDOWS\WinSxS
2009-07-15 22:05:40 ----RSD---- C:\WINDOWS\Fonts
2009-07-15 22:05:40 ----D---- C:\WINDOWS\system32\Setup
2009-07-15 22:05:40 ----D---- C:\WINDOWS\AppPatch
2009-07-15 22:02:49 ----D---- C:\WINDOWS\security
2009-07-15 22:02:20 ----SD---- C:\WINDOWS\Tasks
2009-07-15 22:01:51 ----D---- C:\Programme\Google
2009-07-15 21:59:24 ----D---- C:\WINDOWS\ehome
2009-07-15 21:59:22 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-15 21:59:22 ----D---- C:\WINDOWS\network diagnostic
2009-07-15 21:59:21 ----D---- C:\WINDOWS\ime
2009-07-15 21:59:21 ----D---- C:\WINDOWS\Help
2009-07-15 21:57:38 ----D---- C:\WINDOWS\system32\usmt
2009-07-15 21:57:38 ----D---- C:\WINDOWS\system32\de-de
2009-07-15 21:57:15 ----D---- C:\WINDOWS\PeerNet
2009-07-15 21:57:14 ----D---- C:\Programme\Movie Maker
2009-07-15 21:55:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-15 21:47:05 ----D---- C:\WINDOWS\system32\Restore
2009-07-15 21:47:05 ----D---- C:\WINDOWS\system32\npp
2009-07-15 21:47:04 ----D---- C:\WINDOWS\msagent
2009-07-15 21:47:01 ----D---- C:\WINDOWS\srchasst
2009-07-15 21:46:59 ----D---- C:\Programme\NetMeeting
2009-07-15 21:46:57 ----D---- C:\WINDOWS\system32\Com
2009-07-15 21:46:52 ----D---- C:\Programme\Windows NT
2009-07-15 21:46:52 ----D---- C:\Programme\Outlook Express
2009-07-15 21:46:44 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-07-15 21:46:24 ----D---- C:\WINDOWS\system32\oobe
2009-07-15 21:46:20 ----D---- C:\WINDOWS\system
2009-07-15 21:40:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-15 20:04:43 ----D---- C:\Programme
2009-07-15 20:03:05 ----D---- C:\Programme\MSN
2009-07-15 19:06:16 ----D---- C:\WINDOWS\Media
2009-07-15 19:06:16 ----D---- C:\Programme\Internet Explorer
2009-07-15 15:56:51 ----DC---- C:\Program Files
2009-07-14 16:44:37 ----HD---- C:\Programme\InstallShield Installation Information
2009-07-13 12:04:25 ----HDC---- C:\$AVG8.VAULT$
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-30 00:31:29 ----AC---- C:\WINDOWS\Q-Dir.ini
2009-06-26 14:07:28 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-25 09:36:56 ----A---- C:\WINDOWS\system32\avgrsstx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-25 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-13 108552]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-06-01 42496]
R3 HdAudAddService;VIA High Definition Audio Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2007-01-16 192256]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-06-01 12288]
R3 TSMPacket;T-DSL SpeedManager Service; C:\WINDOWS\system32\DRIVERS\tsmpkt.sys [2005-12-01 13184]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS []
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; D:\PROGRA~1\avgemc.exe [2009-06-25 906520]
R2 avg8wd;AVG Free8 WatchDog; D:\PROGRA~1\avgwdsvc.exe [2009-06-25 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R3 TSMService;T-DSL SpeedManager; C:\Programme\T-DSL SpeedManager\TSMSvc.exe [2006-02-09 270336]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-31 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2008-05-31 68096]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-06-01 89136]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe [2005-08-24 118272]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

WOW.. ich bin durcheinander..
Das wäre alles.. danke schonmal!!!

adonisierend · 16.07.2009, 21:14

Zitat:

Zitat von john.doe

Da fehlt noch log.txt.

Start => Ausführen => c:\rsit\log.txt => Ok

hab ich zugefügt..
sorry is unübersichtlich, wusste nicht, dass man anhänge machen kann

john.doe · 16.07.2009, 21:32

Poste beide Logs nochmal in den Anhang. Sich da durchzuwühlen ist eine Qual. Zudem haut die Forensoftware immer Leerzeichen rein.

Einige Einträge hast du nicht gefixt. Warum nicht?

Code:

ATTFilter

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

BitTorrent ist eine Virenschleuder und gehört deinstalliert. Spybot hat seine besten Tage hinter sich und gehört auch deinstalliert, nimm Malwarebytes zum Scannen. Die anderen sind schlichtweg überflüssig.

ciao, andreas

adonisierend · 17.07.2009, 17:43

Moin

ui die hab ich wohl übersehen.. fixe ich sofort nach..

hier noch mal die logs im anhang

gruß

john.doe · 17.07.2009, 17:56

1.) Deinstalliere:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Google Update Helper
ICQ6
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 7
TuneUp Utilities 2006 (deshalb => http://www.trojaner-board.de/448557-post7.html)

2.) Installiere (Toolbars immer abwählen, Haken weg):

3.) Poste ein neues HJT-Log.

ciao, andreas

adonisierend · 17.07.2009, 19:07

Hey..

service pack 3 kann ich nicht installieren..
somit auch kein icq 6.5..

ach ja, google update helper habe ich nicht gefunden somit auch nicht deinstalliert

neuer hj logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:25, on 17.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
D:\PROGRA~1\avgtray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\avgemc.exe
D:\PROGRA~1\avgrsx.exe
D:\PROGRA~1\avgnsx.exe
D:\Programme\avgcsrvx.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Pidgin\pidgin.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{402C8658-B4D6-4094-813B-087D1CF45731}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe

--
End of file - 4394 bytes

C:\Windows\system32\svchost.exe.

Plagegeister aller Art und deren Bekämpfung: C:\Windows\system32\svchost.exe.