|
Log-Analyse und Auswertung: Hijackthisfile auswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.07.2009, 13:56 | #1 |
| Hijackthisfile auswertung Hey, also ich habe die sufu benutzt und nichts passendes zu meinem Anliegen gefunden, falls es doch etwas gab und ich das übersehen habe tut es mir leid. Also mein Problem ist folgendes: Wenn ich mich anmelden will bringt mir mein laptop die Meldung: Userinit-Anmeldeanwendung wird nicht richtig ausgeführt dann steht da noch Programm schließen wenn ich darauf klicke kommt ein schwarzer Bildschrim und das wars. Ich habe nach ein paar reboot versuchen den Taskmanager geöffnet bekommen und einfach mal den task explorer.exe gestartet und dann bekam ich auch mein normalen Desktop usw. nur das problem ist mein rechner ist jetzt sau mäßig langsam geworden und ich kann mein antivir nicht mehr starten. Ich habe mal ein HijackThis File erstellt und wollte fragen habe ich irgendwelche Viren darauf und wenn ja kann ich das irgendwie beheben??Mein Betriebssystem ist Vista. Falls ich irgend etwas flasch gemacht habe oder etwas vergessen habe sagt mir das bite ich bin neu hier!Schon ein mal viel dank für die antworten in voraus! Hier meine HijackThis auswertung: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:37:01, on 24.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Update] C:\Windows\system32\winupd.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [X0@] X0@ O4 - HKLM\..\RunOnce: [ N@] N@ O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Cognac] C:\Users\mirco\AppData\Local\Temp\b.exe O4 - HKCU\..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [pridl] "C:\Windows\system32\config\systemprofile\AppData\Roaming\pridl\pridl.exe" no (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [pridl] "C:\Windows\system32\config\systemprofile\AppData\Roaming\pridl\pridl.exe" no (User 'Default user') O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9dec6b05c43ff) (gupdate1c9dec6b05c43ff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11045 bytes |
24.07.2009, 16:26 | #2 | |
Gast | Hijackthisfile auswertung Hallo RiseAgainst,
__________________Bitte Fixe mit HijackThis folgende Einträge: Zitat:
Voo.Doo |
24.07.2009, 16:30 | #3 |
Gast | Hijackthisfile auswertung !!!ACHTUNG!!!
__________________Nicht auf die Links im gelb makierten Bereich klicken!!! Diese Seiten sind von Kaspersky als Phishing-Seite eingetragen! |
24.07.2009, 16:56 | #4 |
| Hijackthisfile auswertung Vielen Dank für die schnelle Antwort also die Einträge habe ich gefixt und CCleaner habe ich auch drüber laufen lassen hier das ergebnis: Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Fehlende gemeinsamgenutzte DLLs C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls Ungenutzte Datei-Endungen OISbmpfile HKCR\OISbmpfile Ungenutzte Datei-Endungen OISemffile HKCR\OISemffile Ungenutzte Datei-Endungen OISgiffile HKCR\OISgiffile Ungenutzte Datei-Endungen OISjpegfile HKCR\OISjpegfile Ungenutzte Datei-Endungen OISpngfile HKCR\OISpngfile Ungenutzte Datei-Endungen OIStiffile HKCR\OIStiffile Ungenutzte Datei-Endungen OISwmffile HKCR\OISwmffile Ungenutzte Datei-Endungen .2 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.2 Ungenutzte Datei-Endungen .813 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.813 Ungenutzte Datei-Endungen .Brown-Illuminati-hoerspiele HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Brown-Illuminati-hoerspiele Ungenutzte Datei-Endungen .ccf HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccf Ungenutzte Datei-Endungen .de-de HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.de-de Ungenutzte Datei-Endungen .nrg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrg Ungenutzte Datei-Endungen .sfv HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfv Ungenutzte Datei-Endungen .svg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg Ungenutzte Datei-Endungen .torrent HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent Ungenutzte Datei-Endungen .wild HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wild Ungenutzte Datei-Endungen .XViD-DOLLHEAD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XViD-DOLLHEAD Ungültiges Standardsymbol C:\Program Files\Adobe\Reader 9.0\Acrobat\AcroRd32.exe HKCR\acrobat\DefaultIcon Öffne mit Anwendung Problem "C:\Users\mirco\Desktop\Rar$EX01.813\JDownloader.exe" "%1" HKCR\dlc_auto_file\shell\open ActiveX/COM Fehler GoogleDesktop.ContentItemHelper - {E622966D-28A0-43C2-A5B8-0CAF622A6711} HKCR\GoogleDesktop.ContentItemHelper ActiveX/COM Fehler GoogleDesktop.ContentItemHelper.1 - {E622966D-28A0-43C2-A5B8-0CAF622A6711} HKCR\GoogleDesktop.ContentItemHelper.1 ActiveX/COM Fehler GoogleDesktop.DetailsViewHelper - {FACE4234-6A8F-48AB-898A-237F6529C70E} HKCR\GoogleDesktop.DetailsViewHelper ActiveX/COM Fehler GoogleDesktop.DetailsViewHelper.1 - {FACE4234-6A8F-48AB-898A-237F6529C70E} HKCR\GoogleDesktop.DetailsViewHelper.1 Ungültige oder leere Datei Klasse GoogleGadgetManifest HKCR\GoogleGadgetManifest ActiveX/COM Fehler GoogleTalk.TalkFriend - {A8F086C3-2497-4229-82FE-586F2D326F95} HKCR\GoogleTalk.TalkFriend ActiveX/COM Fehler GoogleTalk.TalkFriend.1 - {A8F086C3-2497-4229-82FE-586F2D326F95} HKCR\GoogleTalk.TalkFriend.1 Ungültige oder leere Datei Klasse InfoPath.TemplatePart.2 HKCR\InfoPath.TemplatePart.2 ActiveX/COM Fehler JavaPlugin.FamilyVersionSupport - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} HKCR\JavaPlugin.FamilyVersionSupport ActiveX/COM Fehler MailFileAtt - {00020D05-0000-0000-C000-000000000046} HKCR\MailFileAtt ActiveX/COM Fehler mapifvbx.object - {41116C00-8B90-101B-96CD-00AA003B14FC} HKCR\mapifvbx.object ActiveX/COM Fehler mapifvbx.object.1 - {41116C00-8B90-101B-96CD-00AA003B14FC} HKCR\mapifvbx.object.1 ActiveX/COM Fehler OfficeAddin.OPSE4 - {3EEEE583-885C-4fa7-9DCE-49AC4D8EE5A0} HKCR\OfficeAddin.OPSE4 Ungültige oder leere Datei Klasse Valve.Source HKCR\Valve.Source Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.config.8.0\shell\Open Ungültiges Standardsymbol C:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\csproj.dll,1 HKCR\VSTA.cs.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.cs.8.0\shell\Open Ungültiges Standardsymbol C:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\csproj.dll,0 HKCR\VSTA.csproj.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1" HKCR\VSTA.csproj.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-215 HKCR\VSTA.datasource.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.datasource.8.0\shell\Open Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.disco.8.0\shell\Open Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.dtd.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-210 HKCR\VSTA.resx.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.sdl.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-211 HKCR\VSTA.settings.8.0\DefaultIcon Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-214 HKCR\VSTA.snippet.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.snippet.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-217 HKCR\VSTA.snk.8.0\DefaultIcon Ungültiges Standardsymbol C:\Program Files\Microsoft Visual Studio 8\Common7\Packages\dirprj.dll,-317 HKCR\VSTA.user.8.0\DefaultIcon Ungültiges Standardsymbol C:\Program Files\Microsoft Visual Studio 8\VB\Bin\msvbprj.dll,1 HKCR\VSTA.vb.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.vb.8.0\shell\Open Ungültiges Standardsymbol C:\Program Files\Microsoft Visual Studio 8\VB\Bin\msvbprj.dll,0 HKCR\VSTA.vbproj.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1" HKCR\VSTA.vbproj.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-212 HKCR\VSTA.vssettings.8.0\DefaultIcon Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-213 HKCR\VSTA.vstemplate.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.vstemplate.8.0\shell\Open Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.wsdl.8.0\shell\Open Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.xdr.8.0\shell\Open Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.xml.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-219 HKCR\VSTA.xsc.8.0\DefaultIcon Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.xsl.8.0\shell\Open Öffne mit Anwendung Problem "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde HKCR\VSTA.xslt.8.0\shell\Open Ungültiges Standardsymbol "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-218 HKCR\VSTA.xss.8.0\DefaultIcon Ungültiges Standardsymbol C:\WINNT\System32\msiexec.exe,0 HKCR\WLANImportFile\DefaultIcon Öffne mit Anwendung Problem C:\Program Files\Intel\bin\iWrap.exe /CMD:7 %1 HKCR\WLANImportFile\shell\Open ActiveX/COM Fehler LocalServer32\"c:\PROGRA~1\mcafee\msc\mcoemmgr.exe" HKCR\CLSID\{D859E279-0112-4e2b-BA62-89F79C0817B7} ActiveX/COM Fehler InProcServer32\c:\PROGRA~1\mcafee\msc\mcndsv.dll HKCR\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2} ActiveX/COM Fehler InProcServer32\c:\PROGRA~1\mcafee\msc\mcndsv.dll HKCR\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB} Fehlender TypeLib Verweis ICPSSearch - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{02B4A867-F963-48E0-887A-7EF5406B2E76} Fehlender TypeLib Verweis ICPSSecretWordsManager - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{0B1C078B-C0AB-43BE-A360-C8F10BB0606A} Fehlender TypeLib Verweis ICPSLibrary - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{16B47EDE-AE76-4062-A339-021EB9137E52} Fehlender TypeLib Verweis ICPSItemEnumerator - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{1CE3D422-83A6-4EEE-A97B-89E80B9584D3} Fehlender TypeLib Verweis ICPSKeywords - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{259AAED8-DF96-44D0-9A67-324C47A91D22} Fehlender TypeLib Verweis ISearch - {47A7A4B0-2723-41BA-865E-EBBB7081A602} HKCR\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Fehlender TypeLib Verweis ICPSItemDateEnumerator - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{40543E98-EA26-4D45-8F1B-D32412C9D106} Fehlender TypeLib Verweis ICPSUserFields - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{43C956D1-A972-4F8F-99E2-5EBF0F2328DA} Fehlender TypeLib Verweis ICPSDeviceItem - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{4B97CD9C-FD24-49B4-A49D-EE22D5AD33B9} Fehlender TypeLib Verweis ICPSDeviceAlbum - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{64244257-0238-4DAF-A5A4-674906611D07} Fehlender TypeLib Verweis ICPSAlbum - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{7EB93B5C-3FCF-49F1-9211-313CA8C80551} Fehlender TypeLib Verweis ICPSCustomInit - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{8344FD27-887E-4873-9372-BE5F699C52DE} Fehlender TypeLib Verweis ICPSLibFactory - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{838AFA96-7BEF-4AD5-A701-10AEDDA95EA3} Fehlender TypeLib Verweis ICPSUPnPShareManager - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{8413B5F2-3DEC-43F3-BE11-3B0EECE759AF} Fehlender TypeLib Verweis ICPGenericTypeDescriptor - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{84E3E29C-5B61-4D2E-B2BD-30764A8AF6EA} Fehlender TypeLib Verweis ICPSThumbnailGenerator - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{873CFAD5-FEB6-4FDD-854C-F790B46CBAF5} Fehlender TypeLib Verweis ICPSItemCollection - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{8BA9B2DF-10DE-4839-968A-80EF34E5AD09} Fehlender TypeLib Verweis IUserHelper - {19D52A9A-379C-4720-BA00-3D396ECD24D7} HKCR\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB} Fehlender TypeLib Verweis ICPSAlbumCoreEvents - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{9594ACAA-C1F7-4ABA-A5E2-DC3FCD020AB5} Fehlender TypeLib Verweis ICPSAlbumSpecificEvents - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{A2A969C8-56CD-4744-8D47-399A941FDD72} Fehlender TypeLib Verweis ICPSPhotoItem - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{BEAAA310-1C6D-4856-81BF-1C28BFF2B424} Fehlender TypeLib Verweis ICPTypePropertiesDescriptor - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{C7D571EA-C5C9-45D9-BBFB-45E2B06442EA} Fehlender TypeLib Verweis ICPSItem - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{CC5AF67A-A315-4B8B-A045-6F4D3CEB7FFC} Fehlender TypeLib Verweis IiPodManagerUI - {19D52A9A-379C-4720-BA00-3D396ECD24D7} HKCR\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA} Fehlender TypeLib Verweis ICPSSmartViewManager - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{E3FD756D-D0EF-41A2-AEBA-593EC30870FD} Fehlender TypeLib Verweis IMALDataObject - {1E85D1A3-21C1-4146-BDDA-489B90E5B46D} HKCR\Interface\{F4A5C3C8-CDCC-42D2-9DA7-70B8B832DA07} Öffne mit Anwendung Problem "C:\Users\mirco\Desktop\Rar$EX01.813\JDownloader.exe" "%1" HKCR\Applications\JDownloader.exe\shell\open Öffne mit Anwendung Problem Applications\left4dead.exe\shell HKCR\Applications\left4dead.exe Öffne mit Anwendung Problem Applications\moviemk.exe\shell HKCR\Applications\moviemk.exe Anwendungspfad Fehler MAMV.exe - C:\ProgramData\Sony Corporation\Software Info for Me&My VAIO\MAMV.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MAMV.exe Anwendungspfad Fehler OmgStartup.Exe - C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.Exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OmgStartup.Exe Anwendungspfad Fehler Sony Shared Library - C:\Program Files\Common Files\Sony Shared\Sony Shared Library\Sony Shared Library HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Sony Shared Library Anwendungspfad Fehler SPUBrowser.exe - C:\Program Files\Sony\Sony Picture Utility\SPUBrowser.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SPUBrowser.exe Anwendungspfad Fehler VAIO Media plus Extension - C:\Program Files\Common Files\Sony Shared\SOHLib\Extension\VAIO Media plus Extension HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VAIO Media plus Extension Anwendungspfad Fehler VMp.exe - C:\Program Files\Sony\VAIO Media plus Opening Movie\VMp.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VMp.exe Anwendungspfad Fehler YourApp.exe - C:\Program Files\Common Files\Sony Shared\SOHLib\YourApp.exe HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe Hilfe-Datei Fehler \nwindcs9.cnt HKLM\Software\Microsoft\Windows\Help Hilfe-Datei Fehler \nwind9.cnt HKLM\Software\Microsoft\Windows\Help Hilfe-Datei Fehler \nwind9.hlp HKLM\Software\Microsoft\Windows\Help Hilfe-Datei Fehler \nwindcs9.hlp HKLM\Software\Microsoft\Windows\Help Hilfe-Datei Fehler %SystemRoot%\IME\IMETC10\HELP\IMTCTC.CHM HKLM\Software\Microsoft\Windows\HTML Help Hilfe-Datei Fehler %SystemRoot%\IME\IMETC10\HELP\IMTCEN.CHM HKLM\Software\Microsoft\Windows\HTML Help Installer-Verweis Fehler C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{46D7A7FB-305B-F77D-60F8-8FAE1C432374} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders Installer-Verweis Fehler C:\Users\Administrator\AppData\Roaming\Microsoft\Installer HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders Installer-Verweis Fehler C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders Veralteter Software-Schlüssel SecuROM HKCU\Software\SecuROM Veralteter Software-Schlüssel Yahoo HKLM\Software\Yahoo Naja das andere Logfile dauert noch ein wenig das läuft noch....das poste ich dann gleich aber noch mals danke für die Antwort. |
24.07.2009, 17:23 | #5 |
| Hijackthisfile auswertung So das andere file ist jetzt nach 3 stunden auch endlich fertig... Malwarebytes' Anti-Malware 1.39 Datenbank Version: 2492 Windows 6.0.6001 Service Pack 1 24.07.2009 18:21:43 mbam-log-2009-07-24 (18-21-33).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 317911 Laufzeit: 3 hour(s), 3 minute(s), 20 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 20 Infizierte Speicherprozesse: C:\Windows\msb.exe (Trojan.Agent) -> No action taken. C:\Users\mirco\AppData\Local\Temp\b.exe (Trojan.Downloader) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken. C:\Users\mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken. Infizierte Dateien: C:\Windows\msb.exe (Trojan.Agent) -> No action taken. C:\Users\mirco\AppData\Local\Temp\b.exe (Trojan.Downloader) -> No action taken. c:\Users\mirco\AppData\Local\Temp\c.exe (Trojan.Agent) -> No action taken. c:\Users\mirco\AppData\Local\Temp\6369.tmp (Trojan.Agent) -> No action taken. c:\Users\mirco\AppData\Local\Temp\a.exe (Trojan.Dropper) -> No action taken. c:\Windows\msa.exe (Trojan.Agent) -> No action taken. c:\Windows\Temp\torB0F6.tmp (Trojan.Dropper) -> No action taken. c:\Windows\Temp\VRT4AD6.tmp (Trojan.Inject) -> No action taken. c:\Windows\Temp\VRTCDEB.tmp (Trojan.Inject) -> No action taken. c:\Windows\Temp\VRTE281.tmp (Trojan.Inject) -> No action taken. c:\Windows\Temp\VRTE37B.tmp (Trojan.Inject) -> No action taken. c:\Windows\Temp\VRTF2A7.tmp (Trojan.Inject) -> No action taken. c:\Windows\Temp\VRTF758.tmp (Trojan.Inject) -> No action taken. c:\program files\protection system\mal.db (Rogue.ProtectionSystem) -> No action taken. c:\program files\protection system\psystem.exe (Rogue.ProtectionSystem) -> No action taken. c:\Users\mirco\AppData\Roaming\microsoft\Windows\start menu\Programs\protection system\Live Support.lnk (Rogue.ProtectionSystem) -> No action taken. c:\Users\mirco\AppData\Roaming\microsoft\Windows\start menu\Programs\protection system\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken. c:\Users\mirco\AppData\Roaming\microsoft\Windows\start menu\Programs\protection system\Uninstall.lnk (Rogue.ProtectionSystem) -> No action taken. c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken. C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken. |
24.07.2009, 17:32 | #6 |
| Hijackthisfile auswertung Ich weiß jetzt zwar nicht ob das etwas bringt aber ich habe auch noch das 3 programm das in der Anleitung stand geladen und poste auch mal dieses Logfile Logfile of random's system information tool 1.06 (written by random/random) Run by mirco at 2009-07-24 18:24:36 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 145 GB (39%) free of 371 GB Total RAM: 3038 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25:04, on 24.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\msb.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\ctfmon.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\mirco\Downloads\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\mirco.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [pridl] "C:\Windows\system32\config\systemprofile\AppData\Roaming\pridl\pridl.exe" no (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [pridl] "C:\Windows\system32\config\systemprofile\AppData\Roaming\pridl\pridl.exe" no (User 'Default user') O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9dec6b05c43ff) (gupdate1c9dec6b05c43ff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10789 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-10 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-10 761840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-10 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-10 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-01-06 6703648] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-10 856064] "ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2008-12-18 317288] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 81920] "MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2009-03-31 46592] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 434176] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"=C:\Program Files\Sony\Network Utility\LANUtil.exe [2008-12-21 294912] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 146432] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-27 39408] "Protection System"=C:\Program Files\Protection System\psystem.exe [2009-07-22 1264640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe [2009-05-30 1217784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon] C:\Windows\system32\VESWinlogon.dll [2009-01-19 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1" "C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f6e6d62-6810-11de-8b48-0022fb0b8888}] shell\AutoRun\command - H:\WDSetup.exe ======List of files/folders created in the last 1 months====== 2009-07-24 18:24:36 ----D---- C:\rsit 2009-07-24 15:16:41 ----D---- C:\Users\mirco\AppData\Roaming\Malwarebytes 2009-07-24 15:16:34 ----D---- C:\ProgramData\Malwarebytes 2009-07-24 15:16:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-24 14:35:37 ----D---- C:\Program Files\Trend Micro 2009-07-22 19:22:36 ----A---- C:\Windows\msb.exe 2009-07-22 16:14:06 ----D---- C:\Program Files\Protection System 2009-07-22 16:13:33 ----A---- C:\Windows\msa.exe 2009-07-22 16:08:54 ----A---- C:\Windows\Robota.INI 2009-07-22 16:08:33 ----D---- C:\Users\mirco\AppData\Roaming\MAGIX 2009-07-22 16:07:20 ----A---- C:\Windows\system32\msxml4a.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\TTIC32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\TTI32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\STRING32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\MXRestore.exe 2009-07-22 16:07:19 ----A---- C:\Windows\system32\mgxcdr.txt 2009-07-22 16:07:19 ----A---- C:\Windows\system32\mgxasio2.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLTPO32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLRES32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLRD32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLPTL32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLPRJ32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLPRF32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLPNT32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLMSC32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLIX.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLISO32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLIO32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLIMG32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLDRV32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLDIR32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLDEV32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLCPY32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLCDF32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLCDA32.dll 2009-07-22 16:07:19 ----A---- C:\Windows\system32\DLLAV32.dll 2009-07-22 16:05:50 ----D---- C:\ProgramData\MAGIX 2009-07-22 16:05:16 ----D---- C:\Program Files\MAGIX 2009-07-22 16:05:16 ----A---- C:\Windows\system32\DLLDEV32i.dll 2009-07-22 16:04:58 ----D---- C:\Windows\system32\MAGIX 2009-07-22 16:04:58 ----A---- C:\Windows\system32\mgxoschk.dll 2009-07-22 16:04:58 ----A---- C:\Windows\mgxoschk.ini 2009-07-20 16:56:09 ----D---- C:\ProgramData\Tages 2009-07-20 16:50:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2009-07-20 16:50:35 ----A---- C:\Windows\system32\D3DX9_41.dll 2009-07-20 16:50:35 ----A---- C:\Windows\system32\d3dx10_41.dll 2009-07-20 16:50:35 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2009-07-20 16:50:34 ----A---- C:\Windows\system32\XAudio2_4.dll 2009-07-20 16:50:34 ----A---- C:\Windows\system32\xactengine3_4.dll 2009-07-20 16:50:34 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2009-07-20 16:50:33 ----A---- C:\Windows\system32\d3dx10_40.dll 2009-07-20 16:50:33 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2009-07-20 16:50:31 ----A---- C:\Windows\system32\D3DX9_40.dll 2009-07-20 16:50:22 ----A---- C:\Windows\system32\xactengine2_9.dll 2009-07-20 16:50:22 ----A---- C:\Windows\system32\d3dx10_35.dll 2009-07-20 16:50:22 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2009-07-20 16:42:11 ----D---- C:\Program Files\Ubisoft 2009-07-20 14:26:28 ----D---- C:\ProgramData\Adobe Systems 2009-07-20 14:21:26 ----D---- C:\Program Files\Common Files\Adobe Systems Shared 2009-07-19 22:14:31 ----D---- C:\Program Files\iPod 2009-07-19 22:14:30 ----D---- C:\Program Files\iTunes 2009-07-15 12:10:28 ----A---- C:\Windows\system32\t2embed.dll 2009-07-15 12:10:28 ----A---- C:\Windows\system32\fontsub.dll 2009-07-15 12:10:28 ----A---- C:\Windows\system32\dciman32.dll 2009-07-15 12:10:28 ----A---- C:\Windows\system32\atmfd.dll 2009-07-11 18:07:43 ----A---- C:\Windows\system32\PnkBstrB.exe 2009-07-11 18:07:43 ----A---- C:\Windows\system32\PnkBstrA.exe 2009-07-11 18:07:43 ----A---- C:\Windows\system32\pbsvc.exe 2009-07-11 17:19:25 ----D---- C:\Program Files\EA Games 2009-07-11 16:06:51 ----D---- C:\ProgramData\FLEXnet 2009-07-11 15:42:55 ----D---- C:\Program Files\Adobe Media Player 2009-07-11 15:41:27 ----D---- C:\Program Files\Common Files\Adobe AIR 2009-07-11 15:38:15 ----D---- C:\Program Files\Common Files\Macrovision Shared 2009-07-09 18:40:10 ----D---- C:\Users\mirco\AppData\Roaming\Download Manager 2009-07-05 16:10:20 ----D---- C:\ProgramData\Media Center Programs 2009-07-05 16:10:18 ----D---- C:\Program Files\Common Files\BioWare 2009-07-05 15:56:18 ----D---- C:\Program Files\Mass Effect 2009-07-05 15:13:28 ----A---- C:\Windows\system32\xactengine2_8.dll 2009-07-05 15:13:28 ----A---- C:\Windows\system32\d3dx9_34.dll 2009-07-05 15:13:28 ----A---- C:\Windows\system32\d3dx10_34.dll 2009-07-05 15:13:28 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2009-07-05 15:13:27 ----A---- C:\Windows\system32\xinput1_3.dll 2009-07-05 15:13:26 ----A---- C:\Windows\system32\xactengine2_7.dll 2009-07-05 15:13:26 ----A---- C:\Windows\system32\d3dx9_33.dll 2009-07-05 15:13:26 ----A---- C:\Windows\system32\d3dx10_33.dll 2009-07-05 15:13:26 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2009-07-05 15:13:25 ----A---- C:\Windows\system32\x3daudio1_1.dll 2009-07-03 22:36:59 ----D---- C:\ProgramData\Google 2009-07-03 22:34:46 ----D---- C:\Program Files\Western Digital 2009-07-03 12:45:42 ----D---- C:\Users\mirco\AppData\Roaming\NASA 2009-07-03 12:44:49 ----D---- C:\Program Files\NASA 2009-06-29 19:15:38 ----D---- C:\Program Files\Audible 2009-06-26 18:18:19 ----A---- C:\Users\mirco\AppData\Roaming\AutoGK.ini 2009-06-25 15:55:46 ----D---- C:\Program Files\DF CrcSfv |
24.07.2009, 17:34 | #7 |
| Hijackthisfile auswertung So hier der rest da es nicht in eines passte: ======List of files/folders modified in the last 1 months====== 2009-07-24 18:25:04 ----D---- C:\Windows\Prefetch 2009-07-24 18:25:03 ----D---- C:\Windows\Temp 2009-07-24 17:37:36 ----D---- C:\Program Files\Mozilla Firefox 2009-07-24 16:44:18 ----D---- C:\Windows\system32\Tasks 2009-07-24 16:44:17 ----D---- C:\Windows\Tasks 2009-07-24 15:16:37 ----D---- C:\Windows\system32\drivers 2009-07-24 15:16:34 ----RD---- C:\Program Files 2009-07-24 15:16:34 ----HD---- C:\ProgramData 2009-07-24 14:41:04 ----D---- C:\Windows 2009-07-24 14:36:38 ----SHD---- C:\System Volume Information 2009-07-24 14:30:28 ----D---- C:\Windows\System32 2009-07-24 14:30:28 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-07-24 14:30:27 ----D---- C:\Windows\inf 2009-07-23 13:05:11 ----D---- C:\ProgramData\Roxio 2009-07-22 16:08:28 ----SHD---- C:\Windows\Installer 2009-07-22 16:08:28 ----D---- C:\Windows\Help 2009-07-22 16:08:28 ----D---- C:\Program Files\Common Files\microsoft shared 2009-07-22 16:07:23 ----RSD---- C:\Windows\Fonts 2009-07-20 17:21:53 ----SD---- C:\Users\mirco\AppData\Roaming\Microsoft 2009-07-20 17:21:27 ----D---- C:\Windows\system32\catroot2 2009-07-20 16:50:14 ----RSD---- C:\Windows\assembly 2009-07-20 16:42:10 ----HD---- C:\Program Files\InstallShield Installation Information 2009-07-20 14:26:37 ----D---- C:\Users\mirco\AppData\Roaming\Adobe 2009-07-20 14:21:26 ----D---- C:\Program Files\Common Files 2009-07-20 14:21:22 ----D---- C:\Program Files\Common Files\Adobe 2009-07-20 14:19:33 ----D---- C:\ProgramData\Adobe 2009-07-20 14:19:33 ----D---- C:\Program Files\Adobe 2009-07-19 22:14:31 ----D---- C:\Program Files\Common Files\Apple 2009-07-18 19:53:20 ----D---- C:\Program Files\Bonjour 2009-07-18 13:28:44 ----A---- C:\Windows\system32\CmdLineExt.dll 2009-07-15 22:10:29 ----RSD---- C:\Windows\Media 2009-07-15 14:57:16 ----D---- C:\Windows\Debug 2009-07-15 13:40:54 ----D---- C:\Windows\winsxs 2009-07-15 13:13:46 ----D---- C:\Windows\system32\catroot 2009-07-15 13:13:44 ----D---- C:\Program Files\Windows Mail 2009-07-15 13:13:29 ----D---- C:\ProgramData\Microsoft Help 2009-07-13 17:06:21 ----D---- C:\Program Files\Electronic Arts 2009-07-13 16:57:02 ----D---- C:\Program Files\Left 4 Dead 2009-07-11 18:07:43 ----D---- C:\Windows\system32\LogFiles 2009-07-10 21:57:59 ----D---- C:\Program Files\Google 2009-07-08 16:35:35 ----D---- C:\Users\mirco\AppData\Roaming\ArcSoft 2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe 2009-07-05 18:00:15 ----D---- C:\Windows\LiveKernelReports 2009-06-25 14:38:12 ----D---- C:\Windows\Logs 2009-06-25 14:17:17 ----D---- C:\Windows\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2008-11-25 10216] R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2009-02-10 82320] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-20 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-20 25888] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-01-25 12672] R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-10-23 68608] R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2008-10-23 46592] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-01-25 8192] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-06 3847168] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-01-25 985600] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-01-25 207360] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-01-06 2254880] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-07-13 38160] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384] R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-10 181560] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-01-25 659968] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-28 310272] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-10-23 937984] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-05-29 39424] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-06-07 131000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-06 692224] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 NSUService;NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [2008-12-21 303104] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-11 75064] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944] R2 uCamMonitor;CamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] R2 VAIO Event Service;VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [2009-01-19 203624] R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592] R2 VCFw;VAIO Content Folder Watcher; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872] R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536] R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2009-01-21 192512] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-01-25 386560] R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2009-01-21 313264] S2 gupdate1c9dec6b05c43ff;Google Update Service (gupdate1c9dec6b05c43ff); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-27 183280] S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-20 93184] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1548380] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-11 655624] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2009-01-08 135168] S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104] S3 SOHDBSvr;VAIO Media plus Database Manager; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952] S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440] S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048] S3 SOHPlMgr;VAIO Media plus Playlist Manager; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-05-30 322032] S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [2009-01-21 90112] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-16 83240] -----------------EOF----------------- |
27.07.2009, 14:10 | #8 |
| Hijackthisfile auswertung so es wird immer bunter Ich verzweifel langsam, jetzt bombadiert mich der pc zusätzlich mit Werbung und ich kann die meisten Programme nicht ausführen weil immer wieder die Fehler Meldung kommt: Sie haben nicht genügnd Berechtigung um dieses Programm auszuführen....!! Muss ich das System neuaufsetzen?? Bin sehr dankbar für eure Hilfe! |
Themen zu Hijackthisfile auswertung |
antivir, antivir guard, avgnt, avgnt.exe, avira, bho, browser, desktop, firefox, frage, google, google update, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, langsam, local\temp, magix, mozilla, plug-in, problem, programm, realtek, registry, senden, server, software, starten., taskmanager, viren, windows |