Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus/Trojaner oder von allem etwas?

Virus/Trojaner oder von allem etwas?


Log-Analyse und Auswertung: Virus/Trojaner oder von allem etwas?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 3 von 4 12 3 4
Alt 08.08.2009, 15:24   #1
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"CTSysVol"="c:\programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Hochfahren.bat [2008-4-28 65]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2007-11-3 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SATARAID5.lnk
backup=c:\windows\pss\SATARAID5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk
backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Spiele\\Worms World Party\\wwp.exe"=
"c:\\Programme\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17010:TCP"= 17010:TCP:worms world party
"17011:TCP"= 17011:TCP:Worms world Party
"17012:TCP"= 17012:TCP:Worms world party

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [31.07.2009 16:04 108289]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26.05.2009 01:38 15840]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [04.04.2009 17:23 562176]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [04.04.2009 17:23 15616]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.02.2009 17:07 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.02.2009 17:07 8320]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNMp50.sys --> c:\windows\system32\drivers\PDNMp50.sys [?]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNSp50.sys --> c:\windows\system32\drivers\PDNSp50.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = about:blank
TCP: {7D12C82E-EF19-40E1-A2F1-469F20F0A96E} = 213.191.74.19 62.109.123.197
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.de
FF - prefs.js: keyword.enabled - false
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: browser.history_expire_days - 3
FF - user.js: browser.history_expire_days_min - 3
FF - user.js: browser.history_expire_sites - 40000
FF - user.js: dom.storage.enabled - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: privacy.item.offlineApps - false
FF - user.js: browser.safebrowsing.malware.enabled - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: network.http.pipelining - true
FF - user.js: network.prefetch-next - true
FF - user.js: config.trim_on_minimize - true
FF - user.js: browser.sessionhistory.max_total_viewers - 0
FF - user.js: browser.cache.memory.capacity - 18432
FF - user.js: browser.cache.disk.capacity - 20000
FF - user.js: browser.cache.offline.capacity - 25000
FF - user.js: browser.sessionstore.interval - 30000000
FF - user.js: browser.sessionstore.max_tabs_undo - 10
FF - user.js: browser.urlbar.maxRichResults - 0
FF - user.js: keyword.enabled - false
FF - user.js: browser.fixup.alternate.suffix - .com
FF - user.js: browser.urlbar.doubleClickSelectsAll - false
FF - user.js: browser.urlbar.clickSelectsAll - true
FF - user.js: browser.zoom.siteSpecific - false
FF - user.js: browser.search.openintab - true
FF - user.js: browser.tabs.loadDivertedInBackground - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.download.manager.useWindow - true
FF - user.js: browser.download.manager.retention - 1
FF - user.js: browser.download.manager.closeWhenDone - true
FF - user.js: extensions.checkCompatibility - true
FF - user.js: extensions.hideInstallButton - true
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-08 15:39
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\dokumente und einstellungen\User\Anwendungsdaten\Skype
c:\dokumente und einstellungen\User\Anwendungsdaten\Skype\shared.lck 0 bytes
c:\dokumente und einstellungen\User\Anwendungsdaten\Skype\shared.xml 353 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 3

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7876)
c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.exe
c:\programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-08 15:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-08 13:46
ComboFix2.txt 2009-08-08 00:39

Vor Suchlauf: 11 Verzeichnis(se), 36.938.526.720 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 36.800.950.272 Bytes frei

3935 --- E O F --- 2009-08-07 02:15


Fertig, mann das war aber viel!
Puh...
Alt 08.08.2009, 21:56   #2
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


beziehungsweise umbenannt wurde zu einem zufälligen code?
Soll ich den in den Befehl einsetzen?
__________________
Alt 08.08.2009, 22:10   #3
john.doe
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Dann lass ihn da, den hau ich mit ComboFix weg. Ich lösche sowieso für mein Leben gern.

ciao, andreas
__________________
__________________
Alt 08.08.2009, 22:12   #4
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Hier der Log von SysProt:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: pxscan.sys
Service Name: pxscan
Module Base: F75DC000
Module End: F75E5000
Hidden: Yes

Module Name: pxsec.sys
Service Name: pxsec
Module Base: F761C000
Module End: F7626000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AAD43000
Module End: AAD5B000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B40000
Module End: F7B42000
Hidden: Yes

Module Name: \??\C:\DOKUME~1\User\LOKALE~1\Temp\aujasnkj.sys
Service Name: aujasnkj
Module Base: A77BA000
Module End: A77CF000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:


Object: D:\Mukke\Grazyna Auguscik & Paulinho Garcia - Fragile\10 Apelo - Grazyna Auguscik & Paulinho Garcia.mp3
Status: Hidden


Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied
Geändert von Sunny (10.08.2009 um 21:56 Uhr) Grund: auf Wunsch Teile editiert...

Alt 08.08.2009, 22:29   #5
john.doe
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Registry Search

Mit diesem kleinen Programm kann man die Registrierung nach verschiedenen Schlüsseln bzw. Einträgen durchsuchen.
  • Hier das Programm herunterladen -> RegSearch by Bobbi Flekman
  • Das Archiv entpacken und die regsearch.exe mit einem Doppelklick starten.
  • Danach in den weißen Feldern (Search String) nach Dateien oder Schlüsseln suchen lassen. (auch mehrere Dateien gleichzeitig)
  • Folgenden Text einfügen:
    Code:
    ATTFilter
    698c001a19
  • Nach dem Scan wird eine RegSearch.txt geöffnet, diesen gesamten Text abkopieren und in deinen Beitrag einfügen.
ciao, andreas

__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 08.08.2009, 22:29   #6
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Wenn ich irgendetwas tun soll, gib mir einfach Bescheid.
Alt 08.08.2009, 22:37   #7
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Befehl ausgeführt!


Folgendes Ergebnis:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 08.08.2009 23:35:48 for strings:
; '
code:

698c001a19

code:

698c001a19
code:698c001a19'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Alt 08.08.2009, 22:54   #8
john.doe
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Scripten mit Combofix
  • Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:
Code:
ATTFilter
KILLALL::

File::
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia\Common\698c001a19.exe
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\698c001a19.exe
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia\Common\698c001a19.exe
Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt
  • Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

  • Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.


Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?
Geändert von john.doe (08.08.2009 um 23:05 Uhr)

Alt 09.08.2009, 00:01   #9
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


c:\bases_x\AVCBack\plugins\emalware.i81
c:\bases_x\AVCBack\plugins\emalware.i82
c:\bases_x\AVCBack\plugins\emalware.i83
c:\bases_x\AVCBack\plugins\emalware.i84
c:\bases_x\AVCBack\plugins\emalware.i85
c:\bases_x\AVCBack\plugins\emalware.i86
c:\bases_x\AVCBack\plugins\emalware.i87
c:\bases_x\AVCBack\plugins\emalware.i88
c:\bases_x\AVCBack\plugins\emalware.i89
c:\bases_x\AVCBack\plugins\emalware.i90
c:\bases_x\AVCBack\plugins\emalware.i91
c:\bases_x\AVCBack\plugins\emalware.i92
c:\bases_x\AVCBack\plugins\emalware.i93
c:\bases_x\AVCBack\plugins\emalware.i94
c:\bases_x\AVCBack\plugins\emalware.i95
c:\bases_x\AVCBack\plugins\emalware.i96
c:\bases_x\AVCBack\plugins\emalware.i97
c:\bases_x\AVCBack\plugins\emalware.i98
c:\bases_x\AVCBack\plugins\emalware.i99
c:\bases_x\AVCBack\plugins\emalware.ivd
c:\bases_x\AVCBack\plugins\epoc.xmd
c:\bases_x\AVCBack\plugins\gvmscripts.cvd
c:\bases_x\AVCBack\plugins\gzip.xmd
c:\bases_x\AVCBack\plugins\ha.xmd
c:\bases_x\AVCBack\plugins\hlp.xmd
c:\bases_x\AVCBack\plugins\hpe.cvd
c:\bases_x\AVCBack\plugins\hqx.xmd
c:\bases_x\AVCBack\plugins\html.xmd
c:\bases_x\AVCBack\plugins\imp.xmd
c:\bases_x\AVCBack\plugins\inno.xmd
c:\bases_x\AVCBack\plugins\instyler.xmd
c:\bases_x\AVCBack\plugins\iso.xmd
c:\bases_x\AVCBack\plugins\java.cvd
c:\bases_x\AVCBack\plugins\java.xmd
c:\bases_x\AVCBack\plugins\jpeg.xmd
c:\bases_x\AVCBack\plugins\lha.xmd
c:\bases_x\AVCBack\plugins\lnk.xmd
c:\bases_x\AVCBack\plugins\mbox.xmd
c:\bases_x\AVCBack\plugins\mbx.xmd
c:\bases_x\AVCBack\plugins\mdx.xmd
c:\bases_x\AVCBack\plugins\mdx_97.cvd
c:\bases_x\AVCBack\plugins\mdx_97.ivd
c:\bases_x\AVCBack\plugins\mdx_w95.cvd
c:\bases_x\AVCBack\plugins\mdx_x95.cvd
c:\bases_x\AVCBack\plugins\mdx_xf.cvd
c:\bases_x\AVCBack\plugins\mime.xmd
c:\bases_x\AVCBack\plugins\mobmalware.cvd
c:\bases_x\AVCBack\plugins\mobmalware.xmd
c:\bases_x\AVCBack\plugins\mso.xmd
c:\bases_x\AVCBack\plugins\na.cvd
c:\bases_x\AVCBack\plugins\nelf.cvd
c:\bases_x\AVCBack\plugins\nelf.xmd
c:\bases_x\AVCBack\plugins\nsis.xmd
c:\bases_x\AVCBack\plugins\objd.xmd
c:\bases_x\AVCBack\plugins\orice.rvd
c:\bases_x\AVCBack\plugins\pdf.xmd
c:\bases_x\AVCBack\plugins\proc.xmd
c:\bases_x\AVCBack\plugins\pst.xmd
c:\bases_x\AVCBack\plugins\rar.xmd
c:\bases_x\AVCBack\plugins\regarch.cvd
c:\bases_x\AVCBack\plugins\regarch.xmd
c:\bases_x\AVCBack\plugins\regscan.cvd
c:\bases_x\AVCBack\plugins\regscan.xmd
c:\bases_x\AVCBack\plugins\rpm.xmd
c:\bases_x\AVCBack\plugins\rtf.xmd
c:\bases_x\AVCBack\plugins\rup.cvd
c:\bases_x\AVCBack\plugins\rup.xmd
c:\bases_x\AVCBack\plugins\sdx.cvd
c:\bases_x\AVCBack\plugins\sdx.ivd
c:\bases_x\AVCBack\plugins\sdx.xmd
c:\bases_x\AVCBack\plugins\sfx.xmd
c:\bases_x\AVCBack\plugins\swf.xmd
c:\bases_x\AVCBack\plugins\tar.xmd
c:\bases_x\AVCBack\plugins\td0.xmd
c:\bases_x\AVCBack\plugins\thebat.xmd
c:\bases_x\AVCBack\plugins\tnef.xmd
c:\bases_x\AVCBack\plugins\uif.xmd
c:\bases_x\AVCBack\plugins\unpack.cvd
c:\bases_x\AVCBack\plugins\unpack.ivd
c:\bases_x\AVCBack\plugins\unpack.xmd
c:\bases_x\AVCBack\plugins\update.txt
c:\bases_x\AVCBack\plugins\uudecode.xmd
c:\bases_x\AVCBack\plugins\ve.cvd
c:\bases_x\AVCBack\plugins\ve.ivd
c:\bases_x\AVCBack\plugins\ve.xmd
c:\bases_x\AVCBack\plugins\vedata.cvd
c:\bases_x\AVCBack\plugins\viza.xmd
c:\bases_x\AVCBack\plugins\wise.xmd
c:\bases_x\AVCBack\plugins\xar.xmd
c:\bases_x\AVCBack\plugins\xcookies.xmd
c:\bases_x\AVCBack\plugins\xishield.xmd
c:\bases_x\AVCBack\plugins\xlmrd.cvd
c:\bases_x\AVCBack\plugins\xlmrd.ivd
c:\bases_x\AVCBack\plugins\z.xmd
c:\bases_x\AVCBack\plugins\zip.xmd
c:\bases_x\AVCBack\plugins\zoo.xmd
c:\bases_x\AVCBack\prLoader.dll
c:\bases_x\AVCBack\red32.dll
c:\bases_x\AVCBack\reload.exe
c:\bases_x\AVCBack\scan.dll
c:\bases_x\AVCBack\ScanningProcess.exe
c:\bases_x\AVCBack\setpriv.exe
c:\bases_x\AVCBack\test2.exe
c:\bases_x\AVCBack\unregx.exe
c:\bases_x\AVCBack\viewtcp.exe
c:\bases_x\avlib.ppl
c:\bases_x\Avp1.ppl
c:\bases_x\AVP3Info.ppl
c:\bases_x\avpgs.ppl
c:\bases_x\AvpMgr.ppl
c:\bases_x\avs.ppl
c:\bases_x\avspm.ppl
c:\bases_x\avxdisk.dll
c:\bases_x\Base64.ppl
c:\bases_x\Base64P.ppl
c:\bases_x\bdc.exe
c:\bases_x\bdc.ini
c:\bases_x\bdcore.dll
c:\bases_x\bdfltlib.dll
c:\bases_x\bdfltlib2k.dll
c:\bases_x\bdupdateservice.dll
c:\bases_x\bitmap1.bmp
c:\bases_x\btdisk.ppl
c:\bases_x\btimages.ppl
c:\bases_x\buffer.ppl
c:\bases_x\CAB.ppl
c:\bases_x\Chinese.Age
c:\bases_x\Chinese.con
c:\bases_x\Chinese.dow
c:\bases_x\Chinese.lic
c:\bases_x\Chinese.tcp
c:\bases_x\Chinese.win
c:\bases_x\ChineseSimplified.con
c:\bases_x\ChineseSimplified.dow
c:\bases_x\ChineseSimplified.tcp
c:\bases_x\clean.bat
c:\bases_x\complete.avi
c:\bases_x\ComStmIO.ppl
c:\bases_x\config.lan
c:\bases_x\cr.avs
c:\bases_x\cr2.avs
c:\bases_x\crpthlpr.ppl
c:\bases_x\Czech.Age
c:\bases_x\Czech.con
c:\bases_x\Czech.dow
c:\bases_x\Czech.lic
c:\bases_x\Czech.tcp
c:\bases_x\deflate.ppl
c:\bases_x\DEVCON.EXE
c:\bases_x\diff.ppl
c:\bases_x\dmap.ppl
c:\bases_x\download.exe
c:\bases_x\Download.lan
c:\bases_x\dtreg.ppl
c:\bases_x\encdec.dll
c:\bases_x\English.Age
c:\bases_x\English.con
c:\bases_x\English.dow
c:\bases_x\English.lic
c:\bases_x\English.tcp
c:\bases_x\English.win
c:\bases_x\erootdrv.sys
c:\bases_x\esmain.avi
c:\bases_x\esupd.ini
c:\bases_x\esupdate.exe
c:\bases_x\esupdate.log
c:\bases_x\EUpdate.ini
c:\bases_x\Explode.ppl
c:\bases_x\farbuffer.ppl
c:\bases_x\faristream.ppl
c:\bases_x\filelist.lst
c:\bases_x\Finnish.Age
c:\bases_x\Finnish.con
c:\bases_x\Finnish.dow
c:\bases_x\Finnish.lic
c:\bases_x\Finnish.tcp
c:\bases_x\Finnish.win
c:\bases_x\fmw.avs
c:\bases_x\French.Age
c:\bases_x\French.con
c:\bases_x\French.dow
c:\bases_x\French.lic
c:\bases_x\French.tcp
c:\bases_x\French.win
c:\bases_x\FsDrvPlg.ppl
c:\bases_x\FSSync.dll
c:\bases_x\FtpTempF\cr.avs
c:\bases_x\FtpTempF\httpsite.txt
c:\bases_x\FtpTempF\iplist.ini
c:\bases_x\FtpTempF\PHUPDN.TXT
c:\bases_x\FtpTempF\phupdn.txz
c:\bases_x\FtpTempF\remove.ini
c:\bases_x\FtpTempF\spydb.avs
c:\bases_x\FtpTempF\update.txt
c:\bases_x\German.Age
c:\bases_x\German.con
c:\bases_x\German.dow
c:\bases_x\German.lic
c:\bases_x\German.tcp
c:\bases_x\German.win
c:\bases_x\Getvlist.exe
c:\bases_x\global.dat
c:\bases_x\global.daz
c:\bases_x\HashCont.ppl
c:\bases_x\HashMD5.PPL
c:\bases_x\HCCMP.ppl
c:\bases_x\httpsite.txt
c:\bases_x\Icelandic.Age
c:\bases_x\Icelandic.con
c:\bases_x\Icelandic.dow
c:\bases_x\Icelandic.lic
c:\bases_x\Icelandic.tcp
c:\bases_x\Icelandic.win
c:\bases_x\ichk2.ppl
c:\bases_x\iChkSA.ppl
c:\bases_x\ikave.dll
c:\bases_x\IMAPprtc.ppl
c:\bases_x\Inflate.ppl
c:\bases_x\IniFile.ppl
c:\bases_x\ipc.dll
c:\bases_x\iplist.ini
c:\bases_x\Italian.Age
c:\bases_x\Italian.con
c:\bases_x\Italian.dow
c:\bases_x\Italian.lic
c:\bases_x\Italian.tcp
c:\bases_x\Italian.win
c:\bases_x\IUpdate.ini
c:\bases_x\IWGen.ppl
c:\bases_x\kave.dll
c:\bases_x\kavvlg.dll
c:\bases_x\keyid.dat
c:\bases_x\klavsrch.ppl
c:\bases_x\L_llio.ppl
c:\bases_x\language.ini
c:\bases_x\lha.ppl
c:\bases_x\lic60.ppl
c:\bases_x\license.txt
c:\bases_x\LicMgr.ppl
c:\bases_x\Log\Download.log
c:\bases_x\MailDisp.ppl
c:\bases_x\MailMsg.ppl
c:\bases_x\main.avi
c:\bases_x\mc.ppl
c:\bases_x\mdb.ppl
c:\bases_x\MDMAP.ppl
c:\bases_x\MemModSc.ppl
c:\bases_x\MemScan.ppl
c:\bases_x\mexe.com
c:\bases_x\Microsoft.VC80.CRT.manifest
c:\bases_x\MicroWorld Toolkit Utility.txt
c:\bases_x\minizip.ppl
c:\bases_x\MKavIO.ppl
c:\bases_x\msoe.ppl
c:\bases_x\msvclnt.dll
c:\bases_x\msvl64.dll
c:\bases_x\msvlclnt.dll
c:\bases_x\mwav.bmp
c:\bases_x\mwav.ini
c:\bases_x\MWAV.LOG
c:\bases_x\MWAVC.LOG
c:\bases_x\MWAVDB.LOG
c:\bases_x\MWAVL.exe
c:\bases_x\MWAVReg.EXE
c:\bases_x\MWAVSCAN.COM
c:\bases_x\mwunzip.dll
c:\bases_x\mwXface.log
c:\bases_x\ndetect.ppl
c:\bases_x\nfio.ppl
c:\bases_x\NNTPprtc.ppl
c:\bases_x\NTFSstrm.ppl
c:\bases_x\nvlist.avs
c:\bases_x\oas.ppl
c:\bases_x\ods.ppl
c:\bases_x\og.ppl
c:\bases_x\owl.avs
c:\bases_x\params.ppl
c:\bases_x\passdmap.ppl
c:\bases_x\PDM.ppl
c:\bases_x\pdm2rt.ppl
c:\bases_x\phish.avs
c:\bases_x\phupdn.txt
c:\bases_x\phupdn.txz
c:\bases_x\plugins.htm
c:\bases_x\plugins\7zip.xmd
c:\bases_x\plugins\access.xmd
c:\bases_x\plugins\ace.xmd
c:\bases_x\plugins\adsntfs.xmd
c:\bases_x\plugins\alz.xmd
c:\bases_x\plugins\arc.xmd
c:\bases_x\plugins\arj.xmd
c:\bases_x\plugins\aspy_emu.cvd
c:\bases_x\plugins\bach.xmd
c:\bases_x\plugins\boot.xmd
c:\bases_x\plugins\bzip2.xmd
c:\bases_x\plugins\cab.xmd
c:\bases_x\plugins\ceva_dll.cvd
c:\bases_x\plugins\ceva_emu.cvd
c:\bases_x\plugins\ceva_vfs.cvd
c:\bases_x\plugins\ceva_vfs.ivd
c:\bases_x\plugins\cevakrnl.cvd
c:\bases_x\plugins\cevakrnl.ivd
c:\bases_x\plugins\cevakrnl.rv0
c:\bases_x\plugins\cevakrnl.rvd
c:\bases_x\plugins\cevakrnl.xmd
c:\bases_x\plugins\chm.xmd
c:\bases_x\plugins\cookie.cvd
c:\bases_x\plugins\cookie.xmd
c:\bases_x\plugins\cpio.xmd
c:\bases_x\plugins\cran.cvd
c:\bases_x\plugins\cran.ivd
c:\bases_x\plugins\dbx.xmd
c:\bases_x\plugins\docfile.xmd
c:\bases_x\plugins\dummyarch.xmd
c:\bases_x\plugins\dummyscan.xmd
c:\bases_x\plugins\e_spyw.cvd
c:\bases_x\plugins\e_spyw.i01
c:\bases_x\plugins\e_spyw.i02
c:\bases_x\plugins\e_spyw.i03
c:\bases_x\plugins\e_spyw.i04
c:\bases_x\plugins\e_spyw.i05
c:\bases_x\plugins\e_spyw.i06
c:\bases_x\plugins\e_spyw.i07
c:\bases_x\plugins\e_spyw.i08
c:\bases_x\plugins\e_spyw.i09
c:\bases_x\plugins\e_spyw.i10
c:\bases_x\plugins\e_spyw.i11
c:\bases_x\plugins\e_spyw.i12
c:\bases_x\plugins\e_spyw.i13
c:\bases_x\plugins\e_spyw.i14
c:\bases_x\plugins\e_spyw.i15
c:\bases_x\plugins\e_spyw.i16
c:\bases_x\plugins\e_spyw.i17
c:\bases_x\plugins\e_spyw.i18
c:\bases_x\plugins\e_spyw.i19
c:\bases_x\plugins\e_spyw.i20
c:\bases_x\plugins\e_spyw.i21
c:\bases_x\plugins\e_spyw.i22
c:\bases_x\plugins\e_spyw.i23
c:\bases_x\plugins\e_spyw.i24
c:\bases_x\plugins\e_spyw.i25
c:\bases_x\plugins\e_spyw.i26
c:\bases_x\plugins\e_spyw.i27
c:\bases_x\plugins\e_spyw.i28
c:\bases_x\plugins\e_spyw.i29
c:\bases_x\plugins\e_spyw.i30
c:\bases_x\plugins\e_spyw.i31
c:\bases_x\plugins\e_spyw.i32
c:\bases_x\plugins\e_spyw.i33
c:\bases_x\plugins\e_spyw.i34
c:\bases_x\plugins\e_spyw.i35
c:\bases_x\plugins\e_spyw.i36
c:\bases_x\plugins\e_spyw.i37
c:\bases_x\plugins\e_spyw.i38
c:\bases_x\plugins\e_spyw.i39
c:\bases_x\plugins\e_spyw.i40
c:\bases_x\plugins\e_spyw.i41
c:\bases_x\plugins\e_spyw.i42
c:\bases_x\plugins\e_spyw.i43
c:\bases_x\plugins\e_spyw.i44
c:\bases_x\plugins\e_spyw.i45
c:\bases_x\plugins\e_spyw.i46
c:\bases_x\plugins\e_spyw.i47
c:\bases_x\plugins\e_spyw.i48
c:\bases_x\plugins\e_spyw.i49
c:\bases_x\plugins\e_spyw.ivd
c:\bases_x\plugins\emalware.001
c:\bases_x\plugins\emalware.002
c:\bases_x\plugins\emalware.003
c:\bases_x\plugins\emalware.004
c:\bases_x\plugins\emalware.005
c:\bases_x\plugins\emalware.006
c:\bases_x\plugins\emalware.007
c:\bases_x\plugins\emalware.008
c:\bases_x\plugins\emalware.009
c:\bases_x\plugins\emalware.010
c:\bases_x\plugins\emalware.011
c:\bases_x\plugins\emalware.012
c:\bases_x\plugins\emalware.013
c:\bases_x\plugins\emalware.014
c:\bases_x\plugins\emalware.015
c:\bases_x\plugins\emalware.016
c:\bases_x\plugins\emalware.017
c:\bases_x\plugins\emalware.018
c:\bases_x\plugins\emalware.019
c:\bases_x\plugins\emalware.020
c:\bases_x\plugins\emalware.021
c:\bases_x\plugins\emalware.022
c:\bases_x\plugins\emalware.023
c:\bases_x\plugins\emalware.024
c:\bases_x\plugins\emalware.025
c:\bases_x\plugins\emalware.026
c:\bases_x\plugins\emalware.027
c:\bases_x\plugins\emalware.028
c:\bases_x\plugins\emalware.029
c:\bases_x\plugins\emalware.030
c:\bases_x\plugins\emalware.031
c:\bases_x\plugins\emalware.032
c:\bases_x\plugins\emalware.033
c:\bases_x\plugins\emalware.034
c:\bases_x\plugins\emalware.035
c:\bases_x\plugins\emalware.036
c:\bases_x\plugins\emalware.037
c:\bases_x\plugins\emalware.038
c:\bases_x\plugins\emalware.039
c:\bases_x\plugins\emalware.040
c:\bases_x\plugins\emalware.041
c:\bases_x\plugins\emalware.042
c:\bases_x\plugins\emalware.043
c:\bases_x\plugins\emalware.044
c:\bases_x\plugins\emalware.045
c:\bases_x\plugins\emalware.046
c:\bases_x\plugins\emalware.047
c:\bases_x\plugins\emalware.048
c:\bases_x\plugins\emalware.049
c:\bases_x\plugins\emalware.050
c:\bases_x\plugins\emalware.051
c:\bases_x\plugins\emalware.052
c:\bases_x\plugins\emalware.053
c:\bases_x\plugins\emalware.054
c:\bases_x\plugins\emalware.055
c:\bases_x\plugins\emalware.056
c:\bases_x\plugins\emalware.057
c:\bases_x\plugins\emalware.058
c:\bases_x\plugins\emalware.059
c:\bases_x\plugins\emalware.060
c:\bases_x\plugins\emalware.061
c:\bases_x\plugins\emalware.062
c:\bases_x\plugins\emalware.063
c:\bases_x\plugins\emalware.064
c:\bases_x\plugins\emalware.065
c:\bases_x\plugins\emalware.066
c:\bases_x\plugins\emalware.067
c:\bases_x\plugins\emalware.068
c:\bases_x\plugins\emalware.069
c:\bases_x\plugins\emalware.070
c:\bases_x\plugins\emalware.071
c:\bases_x\plugins\emalware.072
c:\bases_x\plugins\emalware.073
c:\bases_x\plugins\emalware.074
c:\bases_x\plugins\emalware.075
c:\bases_x\plugins\emalware.076
c:\bases_x\plugins\emalware.077
c:\bases_x\plugins\emalware.078
c:\bases_x\plugins\emalware.079
c:\bases_x\plugins\emalware.080
c:\bases_x\plugins\emalware.081
c:\bases_x\plugins\emalware.082
c:\bases_x\plugins\emalware.083
c:\bases_x\plugins\emalware.084
c:\bases_x\plugins\emalware.085
c:\bases_x\plugins\emalware.086
c:\bases_x\plugins\emalware.087
c:\bases_x\plugins\emalware.088
c:\bases_x\plugins\emalware.089
c:\bases_x\plugins\emalware.090
c:\bases_x\plugins\emalware.091
c:\bases_x\plugins\emalware.092
c:\bases_x\plugins\emalware.093
c:\bases_x\plugins\emalware.094
c:\bases_x\plugins\emalware.095
c:\bases_x\plugins\emalware.096
c:\bases_x\plugins\emalware.097
c:\bases_x\plugins\emalware.098
c:\bases_x\plugins\emalware.099
c:\bases_x\plugins\emalware.100
c:\bases_x\plugins\emalware.101
c:\bases_x\plugins\emalware.102
c:\bases_x\plugins\emalware.103
c:\bases_x\plugins\emalware.104
c:\bases_x\plugins\emalware.105
c:\bases_x\plugins\emalware.106
c:\bases_x\plugins\emalware.107
c:\bases_x\plugins\emalware.108
c:\bases_x\plugins\emalware.109
c:\bases_x\plugins\emalware.110
c:\bases_x\plugins\emalware.111
c:\bases_x\plugins\emalware.112
c:\bases_x\plugins\emalware.113
c:\bases_x\plugins\emalware.114
c:\bases_x\plugins\emalware.115
c:\bases_x\plugins\emalware.116
c:\bases_x\plugins\emalware.117
c:\bases_x\plugins\emalware.118
c:\bases_x\plugins\emalware.119
c:\bases_x\plugins\emalware.120
c:\bases_x\plugins\emalware.121
c:\bases_x\plugins\emalware.122
c:\bases_x\plugins\emalware.123
c:\bases_x\plugins\emalware.124
c:\bases_x\plugins\emalware.125
c:\bases_x\plugins\emalware.126
c:\bases_x\plugins\emalware.127
c:\bases_x\plugins\emalware.128
c:\bases_x\plugins\emalware.129
c:\bases_x\plugins\emalware.130
c:\bases_x\plugins\emalware.131
c:\bases_x\plugins\emalware.132
c:\bases_x\plugins\emalware.133
c:\bases_x\plugins\emalware.134
c:\bases_x\plugins\emalware.135
c:\bases_x\plugins\emalware.136
c:\bases_x\plugins\emalware.137
c:\bases_x\plugins\emalware.138
c:\bases_x\plugins\emalware.139
c:\bases_x\plugins\emalware.140

Alt 09.08.2009, 00:02   #10
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


c:\bases_x\plugins\emalware.141
c:\bases_x\plugins\emalware.142
c:\bases_x\plugins\emalware.143
c:\bases_x\plugins\emalware.144
c:\bases_x\plugins\emalware.145
c:\bases_x\plugins\emalware.146
c:\bases_x\plugins\emalware.147
c:\bases_x\plugins\emalware.148
c:\bases_x\plugins\emalware.149
c:\bases_x\plugins\emalware.150
c:\bases_x\plugins\emalware.151
c:\bases_x\plugins\emalware.152
c:\bases_x\plugins\emalware.153
c:\bases_x\plugins\emalware.154
c:\bases_x\plugins\emalware.155
c:\bases_x\plugins\emalware.156
c:\bases_x\plugins\emalware.157
c:\bases_x\plugins\emalware.158
c:\bases_x\plugins\emalware.159
c:\bases_x\plugins\emalware.160
c:\bases_x\plugins\emalware.161
c:\bases_x\plugins\emalware.162
c:\bases_x\plugins\emalware.163
c:\bases_x\plugins\emalware.164
c:\bases_x\plugins\emalware.165
c:\bases_x\plugins\emalware.166
c:\bases_x\plugins\emalware.167
c:\bases_x\plugins\emalware.168
c:\bases_x\plugins\emalware.169
c:\bases_x\plugins\emalware.170
c:\bases_x\plugins\emalware.171
c:\bases_x\plugins\emalware.172
c:\bases_x\plugins\emalware.173
c:\bases_x\plugins\emalware.174
c:\bases_x\plugins\emalware.175
c:\bases_x\plugins\emalware.176
c:\bases_x\plugins\emalware.177
c:\bases_x\plugins\emalware.178
c:\bases_x\plugins\emalware.179
c:\bases_x\plugins\emalware.180
c:\bases_x\plugins\emalware.181
c:\bases_x\plugins\emalware.182
c:\bases_x\plugins\emalware.183
c:\bases_x\plugins\emalware.184
c:\bases_x\plugins\emalware.185
c:\bases_x\plugins\emalware.186
c:\bases_x\plugins\emalware.187
c:\bases_x\plugins\emalware.188
c:\bases_x\plugins\emalware.189
c:\bases_x\plugins\emalware.190
c:\bases_x\plugins\emalware.191
c:\bases_x\plugins\emalware.192
c:\bases_x\plugins\emalware.193
c:\bases_x\plugins\emalware.194
c:\bases_x\plugins\emalware.195
c:\bases_x\plugins\emalware.196
c:\bases_x\plugins\emalware.197
c:\bases_x\plugins\emalware.198
c:\bases_x\plugins\emalware.199
c:\bases_x\plugins\emalware.200
c:\bases_x\plugins\emalware.201
c:\bases_x\plugins\emalware.202
c:\bases_x\plugins\emalware.203
c:\bases_x\plugins\emalware.204
c:\bases_x\plugins\emalware.205
c:\bases_x\plugins\emalware.206
c:\bases_x\plugins\emalware.207
c:\bases_x\plugins\emalware.208
c:\bases_x\plugins\emalware.209
c:\bases_x\plugins\emalware.210
c:\bases_x\plugins\emalware.211
c:\bases_x\plugins\emalware.212
c:\bases_x\plugins\emalware.213
c:\bases_x\plugins\emalware.214
c:\bases_x\plugins\emalware.215
c:\bases_x\plugins\emalware.216
c:\bases_x\plugins\emalware.217
c:\bases_x\plugins\emalware.218
c:\bases_x\plugins\emalware.219
c:\bases_x\plugins\emalware.220
c:\bases_x\plugins\emalware.221
c:\bases_x\plugins\emalware.222
c:\bases_x\plugins\emalware.223
c:\bases_x\plugins\emalware.224
c:\bases_x\plugins\emalware.225
c:\bases_x\plugins\emalware.226
c:\bases_x\plugins\emalware.227
c:\bases_x\plugins\emalware.228
c:\bases_x\plugins\emalware.229
c:\bases_x\plugins\emalware.230
c:\bases_x\plugins\emalware.231
c:\bases_x\plugins\emalware.232
c:\bases_x\plugins\emalware.233
c:\bases_x\plugins\emalware.234
c:\bases_x\plugins\emalware.235
c:\bases_x\plugins\emalware.236
c:\bases_x\plugins\emalware.237
c:\bases_x\plugins\emalware.238
c:\bases_x\plugins\emalware.239
c:\bases_x\plugins\emalware.240
c:\bases_x\plugins\emalware.241
c:\bases_x\plugins\emalware.242
c:\bases_x\plugins\emalware.243
c:\bases_x\plugins\emalware.244
c:\bases_x\plugins\emalware.245
c:\bases_x\plugins\emalware.246
c:\bases_x\plugins\emalware.247
c:\bases_x\plugins\emalware.248
c:\bases_x\plugins\emalware.249
c:\bases_x\plugins\emalware.250
c:\bases_x\plugins\emalware.251
c:\bases_x\plugins\emalware.252
c:\bases_x\plugins\emalware.253
c:\bases_x\plugins\emalware.254
c:\bases_x\plugins\emalware.255
c:\bases_x\plugins\emalware.256
c:\bases_x\plugins\emalware.257
c:\bases_x\plugins\emalware.258
c:\bases_x\plugins\emalware.259
c:\bases_x\plugins\emalware.260
c:\bases_x\plugins\emalware.261
c:\bases_x\plugins\emalware.262
c:\bases_x\plugins\emalware.263
c:\bases_x\plugins\emalware.264
c:\bases_x\plugins\emalware.265
c:\bases_x\plugins\emalware.266
c:\bases_x\plugins\emalware.267
c:\bases_x\plugins\emalware.268
c:\bases_x\plugins\emalware.269
c:\bases_x\plugins\emalware.270
c:\bases_x\plugins\emalware.271
c:\bases_x\plugins\emalware.272
c:\bases_x\plugins\emalware.273
c:\bases_x\plugins\emalware.274
c:\bases_x\plugins\emalware.275
c:\bases_x\plugins\emalware.276
c:\bases_x\plugins\emalware.277
c:\bases_x\plugins\emalware.278
c:\bases_x\plugins\emalware.279
c:\bases_x\plugins\emalware.280
c:\bases_x\plugins\emalware.281
c:\bases_x\plugins\emalware.282
c:\bases_x\plugins\emalware.283
c:\bases_x\plugins\emalware.284
c:\bases_x\plugins\emalware.285
c:\bases_x\plugins\emalware.286
c:\bases_x\plugins\emalware.287
c:\bases_x\plugins\emalware.288
c:\bases_x\plugins\emalware.289
c:\bases_x\plugins\emalware.290
c:\bases_x\plugins\emalware.291
c:\bases_x\plugins\emalware.292
c:\bases_x\plugins\emalware.293
c:\bases_x\plugins\emalware.294
c:\bases_x\plugins\emalware.295
c:\bases_x\plugins\emalware.296
c:\bases_x\plugins\emalware.297
c:\bases_x\plugins\emalware.298
c:\bases_x\plugins\emalware.299
c:\bases_x\plugins\emalware.300
c:\bases_x\plugins\emalware.301
c:\bases_x\plugins\emalware.302
c:\bases_x\plugins\emalware.303
c:\bases_x\plugins\emalware.304
c:\bases_x\plugins\emalware.305
c:\bases_x\plugins\emalware.306
c:\bases_x\plugins\emalware.307
c:\bases_x\plugins\emalware.308
c:\bases_x\plugins\emalware.309
c:\bases_x\plugins\emalware.310
c:\bases_x\plugins\emalware.311
c:\bases_x\plugins\emalware.312
c:\bases_x\plugins\emalware.313
c:\bases_x\plugins\emalware.314
c:\bases_x\plugins\emalware.315
c:\bases_x\plugins\emalware.316
c:\bases_x\plugins\emalware.317
c:\bases_x\plugins\emalware.318
c:\bases_x\plugins\emalware.319
c:\bases_x\plugins\emalware.320
c:\bases_x\plugins\emalware.321
c:\bases_x\plugins\emalware.322
c:\bases_x\plugins\emalware.323
c:\bases_x\plugins\emalware.324
c:\bases_x\plugins\emalware.325
c:\bases_x\plugins\emalware.326
c:\bases_x\plugins\emalware.327
c:\bases_x\plugins\emalware.328
c:\bases_x\plugins\emalware.329
c:\bases_x\plugins\emalware.330
c:\bases_x\plugins\emalware.331
c:\bases_x\plugins\emalware.332
c:\bases_x\plugins\emalware.333
c:\bases_x\plugins\emalware.334
c:\bases_x\plugins\emalware.335
c:\bases_x\plugins\emalware.336
c:\bases_x\plugins\emalware.337
c:\bases_x\plugins\emalware.338
c:\bases_x\plugins\emalware.339
c:\bases_x\plugins\emalware.340
c:\bases_x\plugins\emalware.341
c:\bases_x\plugins\emalware.342
c:\bases_x\plugins\emalware.343
c:\bases_x\plugins\emalware.344
c:\bases_x\plugins\emalware.345
c:\bases_x\plugins\emalware.346
c:\bases_x\plugins\emalware.347
c:\bases_x\plugins\emalware.348
c:\bases_x\plugins\emalware.349
c:\bases_x\plugins\emalware.350
c:\bases_x\plugins\emalware.351
c:\bases_x\plugins\emalware.352
c:\bases_x\plugins\emalware.353
c:\bases_x\plugins\emalware.354
c:\bases_x\plugins\emalware.355
c:\bases_x\plugins\emalware.356
c:\bases_x\plugins\emalware.357
c:\bases_x\plugins\emalware.358
c:\bases_x\plugins\emalware.359
c:\bases_x\plugins\emalware.360
c:\bases_x\plugins\emalware.361
c:\bases_x\plugins\emalware.362
c:\bases_x\plugins\emalware.363
c:\bases_x\plugins\emalware.364
c:\bases_x\plugins\emalware.365
c:\bases_x\plugins\emalware.366
c:\bases_x\plugins\emalware.367
c:\bases_x\plugins\emalware.368
c:\bases_x\plugins\emalware.369
c:\bases_x\plugins\emalware.c00
c:\bases_x\plugins\emalware.c01
c:\bases_x\plugins\emalware.c02
c:\bases_x\plugins\emalware.c03
c:\bases_x\plugins\emalware.c04
c:\bases_x\plugins\emalware.c05
c:\bases_x\plugins\emalware.c06
c:\bases_x\plugins\emalware.c07
c:\bases_x\plugins\emalware.c08
c:\bases_x\plugins\emalware.c09
c:\bases_x\plugins\emalware.c10
c:\bases_x\plugins\emalware.c11
c:\bases_x\plugins\emalware.cvd
c:\bases_x\plugins\emalware.i01
c:\bases_x\plugins\emalware.i02
c:\bases_x\plugins\emalware.i03
c:\bases_x\plugins\emalware.i04
c:\bases_x\plugins\emalware.i05
c:\bases_x\plugins\emalware.i06
c:\bases_x\plugins\emalware.i07
c:\bases_x\plugins\emalware.i08
c:\bases_x\plugins\emalware.i09
c:\bases_x\plugins\emalware.i10
c:\bases_x\plugins\emalware.i11
c:\bases_x\plugins\emalware.i12
c:\bases_x\plugins\emalware.i13
c:\bases_x\plugins\emalware.i14
c:\bases_x\plugins\emalware.i15
c:\bases_x\plugins\emalware.i16
c:\bases_x\plugins\emalware.i17
c:\bases_x\plugins\emalware.i18
c:\bases_x\plugins\emalware.i19
c:\bases_x\plugins\emalware.i20
c:\bases_x\plugins\emalware.i21
c:\bases_x\plugins\emalware.i22
c:\bases_x\plugins\emalware.i23
c:\bases_x\plugins\emalware.i24
c:\bases_x\plugins\emalware.i25
c:\bases_x\plugins\emalware.i26
c:\bases_x\plugins\emalware.i27
c:\bases_x\plugins\emalware.i28
c:\bases_x\plugins\emalware.i29
c:\bases_x\plugins\emalware.i30
c:\bases_x\plugins\emalware.i31
c:\bases_x\plugins\emalware.i32
c:\bases_x\plugins\emalware.i33
c:\bases_x\plugins\emalware.i34
c:\bases_x\plugins\emalware.i35
c:\bases_x\plugins\emalware.i36
c:\bases_x\plugins\emalware.i37
c:\bases_x\plugins\emalware.i38
c:\bases_x\plugins\emalware.i39
c:\bases_x\plugins\emalware.i40
c:\bases_x\plugins\emalware.i41
c:\bases_x\plugins\emalware.i42
c:\bases_x\plugins\emalware.i43
c:\bases_x\plugins\emalware.i44
c:\bases_x\plugins\emalware.i45
c:\bases_x\plugins\emalware.i46
c:\bases_x\plugins\emalware.i47
c:\bases_x\plugins\emalware.i48
c:\bases_x\plugins\emalware.i49
c:\bases_x\plugins\emalware.i50
c:\bases_x\plugins\emalware.i51
c:\bases_x\plugins\emalware.i52
c:\bases_x\plugins\emalware.i53
c:\bases_x\plugins\emalware.i54
c:\bases_x\plugins\emalware.i55
c:\bases_x\plugins\emalware.i56
c:\bases_x\plugins\emalware.i57
c:\bases_x\plugins\emalware.i58
c:\bases_x\plugins\emalware.i59
c:\bases_x\plugins\emalware.i60
c:\bases_x\plugins\emalware.i61
c:\bases_x\plugins\emalware.i62
c:\bases_x\plugins\emalware.i63
c:\bases_x\plugins\emalware.i64
c:\bases_x\plugins\emalware.i65
c:\bases_x\plugins\emalware.i66
c:\bases_x\plugins\emalware.i67
c:\bases_x\plugins\emalware.i68
c:\bases_x\plugins\emalware.i69
c:\bases_x\plugins\emalware.i70
c:\bases_x\plugins\emalware.i71
c:\bases_x\plugins\emalware.i72
c:\bases_x\plugins\emalware.i73
c:\bases_x\plugins\emalware.i74
c:\bases_x\plugins\emalware.i75
c:\bases_x\plugins\emalware.i76
c:\bases_x\plugins\emalware.i77
c:\bases_x\plugins\emalware.i78
c:\bases_x\plugins\emalware.i79
c:\bases_x\plugins\emalware.i80
c:\bases_x\plugins\emalware.i81
c:\bases_x\plugins\emalware.i82
c:\bases_x\plugins\emalware.i83
c:\bases_x\plugins\emalware.i84
c:\bases_x\plugins\emalware.i85
c:\bases_x\plugins\emalware.i86
c:\bases_x\plugins\emalware.i87
c:\bases_x\plugins\emalware.i88
c:\bases_x\plugins\emalware.i89
c:\bases_x\plugins\emalware.i90
c:\bases_x\plugins\emalware.i91
c:\bases_x\plugins\emalware.i92
c:\bases_x\plugins\emalware.i93
c:\bases_x\plugins\emalware.i94
c:\bases_x\plugins\emalware.i95
c:\bases_x\plugins\emalware.i96
c:\bases_x\plugins\emalware.i97
c:\bases_x\plugins\emalware.i98
c:\bases_x\plugins\emalware.i99
c:\bases_x\plugins\emalware.ivd
c:\bases_x\plugins\epoc.xmd
c:\bases_x\plugins\gvmscripts.cvd
c:\bases_x\plugins\gzip.xmd
c:\bases_x\plugins\ha.xmd
c:\bases_x\plugins\hlp.xmd
c:\bases_x\plugins\hpe.cvd
c:\bases_x\plugins\hqx.xmd
c:\bases_x\plugins\html.xmd
c:\bases_x\plugins\imp.xmd
c:\bases_x\plugins\inno.xmd
c:\bases_x\plugins\instyler.xmd
c:\bases_x\plugins\iso.xmd
c:\bases_x\plugins\java.cvd
c:\bases_x\plugins\java.xmd
c:\bases_x\plugins\jpeg.xmd
c:\bases_x\plugins\lha.xmd
c:\bases_x\plugins\lnk.xmd
c:\bases_x\plugins\mbox.xmd
c:\bases_x\plugins\mbx.xmd
c:\bases_x\plugins\mdx.xmd
c:\bases_x\plugins\mdx_97.cvd
c:\bases_x\plugins\mdx_97.ivd
c:\bases_x\plugins\mdx_w95.cvd
c:\bases_x\plugins\mdx_x95.cvd
c:\bases_x\plugins\mdx_xf.cvd
c:\bases_x\plugins\mime.xmd
c:\bases_x\plugins\mobmalware.cvd
c:\bases_x\plugins\mobmalware.xmd
c:\bases_x\plugins\mso.xmd
c:\bases_x\plugins\na.cvd
c:\bases_x\plugins\nelf.cvd
c:\bases_x\plugins\nelf.xmd
c:\bases_x\plugins\nsis.xmd
c:\bases_x\plugins\objd.xmd
c:\bases_x\plugins\orice.rvd
c:\bases_x\plugins\pdf.xmd
c:\bases_x\plugins\proc.xmd
c:\bases_x\plugins\pst.xmd
c:\bases_x\plugins\rar.xmd
c:\bases_x\plugins\regarch.cvd
c:\bases_x\plugins\regarch.xmd
c:\bases_x\plugins\regscan.cvd
c:\bases_x\plugins\regscan.xmd
c:\bases_x\plugins\rpm.xmd
c:\bases_x\plugins\rtf.xmd
c:\bases_x\plugins\rup.cvd
c:\bases_x\plugins\rup.xmd
c:\bases_x\plugins\sdx.cvd
c:\bases_x\plugins\sdx.ivd
c:\bases_x\plugins\sdx.xmd
c:\bases_x\plugins\sfx.xmd
c:\bases_x\plugins\swf.xmd
c:\bases_x\plugins\tar.xmd
c:\bases_x\plugins\td0.xmd
c:\bases_x\plugins\thebat.xmd
c:\bases_x\plugins\tnef.xmd
c:\bases_x\plugins\uif.xmd
c:\bases_x\plugins\unpack.cvd
c:\bases_x\plugins\unpack.ivd
c:\bases_x\plugins\unpack.xmd
c:\bases_x\plugins\update.txt
c:\bases_x\plugins\uudecode.xmd
c:\bases_x\plugins\ve.cvd
c:\bases_x\plugins\ve.ivd
c:\bases_x\plugins\ve.xmd
c:\bases_x\plugins\vedata.cvd
c:\bases_x\plugins\versions.dat
c:\bases_x\plugins\viza.xmd
c:\bases_x\plugins\wise.xmd
c:\bases_x\plugins\xar.xmd
c:\bases_x\plugins\xcookies.xmd
c:\bases_x\plugins\xishield.xmd
c:\bases_x\plugins\xlmrd.cvd
c:\bases_x\plugins\xlmrd.ivd
c:\bases_x\plugins\z.xmd
c:\bases_x\plugins\zip.xmd
c:\bases_x\plugins\zoo.xmd
c:\bases_x\Polish.Age
c:\bases_x\Polish.con
c:\bases_x\Polish.dow
c:\bases_x\Polish.lic
c:\bases_x\Polish.tcp
c:\bases_x\Polish.win
c:\bases_x\PopupChk.ppl
c:\bases_x\Portuguese.Age
c:\bases_x\Portuguese.con
c:\bases_x\Portuguese.dow
c:\bases_x\Portuguese.lic
c:\bases_x\Portuguese.tcp
c:\bases_x\Portuguese.win
c:\bases_x\prKernel.ppl
c:\bases_x\prLoader.dll
c:\bases_x\procmon.ppl
c:\bases_x\product.bmp
c:\bases_x\prseqio.ppl
c:\bases_x\PrUpdate.ppl
c:\bases_x\PrUtil.ppl
c:\bases_x\pxstub.ppl
c:\bases_x\Quantum.ppl
c:\bases_x\rar.ppl
c:\bases_x\recycler.reg
c:\bases_x\red32.dll
c:\bases_x\reggrd.ppl

Alt 09.08.2009, 00:03   #11
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


c:\bases_x\reload.exe
c:\bases_x\remove.ini
c:\bases_x\resip.ppl
c:\bases_x\Romanian.Age
c:\bases_x\Romanian.con
c:\bases_x\Romanian.dow
c:\bases_x\Romanian.lic
c:\bases_x\Romanian.tcp
c:\bases_x\Romanian.win
c:\bases_x\S08000F0.TTF
c:\bases_x\sc.ppl
c:\bases_x\scan.dll
c:\bases_x\ScanningProcess.exe
c:\bases_x\Schedule.Lan
c:\bases_x\schedule.ppl
c:\bases_x\setpriv.exe
c:\bases_x\sfdb.PPL
c:\bases_x\Spanish.Age
c:\bases_x\Spanish.con
c:\bases_x\Spanish.dow
c:\bases_x\Spanish.lic
c:\bases_x\Spanish.tcp
c:\bases_x\Spanish.win
c:\bases_x\Spanishl.Age
c:\bases_x\Spanishl.con
c:\bases_x\Spanishl.dow
c:\bases_x\Spanishl.lic
c:\bases_x\Spanishl.tcp
c:\bases_x\Spanishl.win
c:\bases_x\spydb.avs
c:\bases_x\spydb.old
c:\bases_x\StdComp.ppl
c:\bases_x\StEnum2.ppl
c:\bases_x\stored.ppl
c:\bases_x\success.sem
c:\bases_x\superio.ppl
c:\bases_x\sysr.txt
c:\bases_x\Tamil.Age
c:\bases_x\Tamil.con
c:\bases_x\Tamil.dow
c:\bases_x\Tamil.lic
c:\bases_x\Tamil.tcp
c:\bases_x\TempFile.ppl
c:\bases_x\test2.exe
c:\bases_x\thpimpl.ppl
c:\bases_x\Thumbs.db
c:\bases_x\Timer.ppl
c:\bases_x\tm.ppl
c:\bases_x\TrainSup.ppl
c:\bases_x\Turkish.Age
c:\bases_x\Turkish.con
c:\bases_x\Turkish.dow
c:\bases_x\Turkish.lic
c:\bases_x\Turkish.tcp
c:\bases_x\Turkish.win
c:\bases_x\UnArj.ppl
c:\bases_x\UniArc.ppl
c:\bases_x\UnLZX.ppl
c:\bases_x\Unreduce.ppl
c:\bases_x\unregx.exe
c:\bases_x\UNSHRINK.ppl
c:\bases_x\UnStored.ppl
c:\bases_x\up.avs
c:\bases_x\update.txt
c:\bases_x\versions.dat
c:\bases_x\viewtcp.exe
c:\bases_x\ViewTCP.lan
c:\bases_x\virus.avi
c:\bases_x\WDiskIO.ppl
c:\bases_x\WIN.PRO
c:\bases_x\WinReg.ppl
c:\bases_x\wmihlpr.ppl
c:\bases_x\xorio.ppl
c:\bases_x\zcompare.ppl
c:\dokumente und einstellungen\User\Anwendungsdaten\eMule
c:\dokumente und einstellungen\User\Anwendungsdaten\Macromedia\Common\698c001a19.exe
c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
c:\programme\Lavasoft
c:\programme\Lavasoft\Ad-Aware SE Personal\defs.ref.old
c:\programme\Panda Security
c:\programme\VideoLAN
c:\windows\R.COM
c:\windows\system32\eEmpty.exe
c:\windows\system32\msvcp80.dll
c:\windows\system32\msvcr80.dll
c:\windows\system32\perfc007.dat
c:\windows\system32\perfh007.dat
c:\windows\system32\T.COM

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVBOOT


((((((((((((((((((((((( Dateien erstellt von 2009-07-08 bis 2009-08-08 ))))))))))))))))))))))))))))))
.

2009-08-08 21:30 . 2009-08-08 21:32 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-08 20:45 . 2009-08-08 20:45 -------- d-s---w- C:\cofiexe
2009-08-08 13:42 . 2009-08-08 16:05 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Skype
2009-08-08 13:06 . 2009-08-08 14:36 -------- d-----w- c:\programme\The KMPlayer
2009-08-08 13:03 . 2009-08-08 13:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\programme\Foxit Software
2009-08-08 13:01 . 2009-08-08 13:01 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Foxit
2009-08-08 12:58 . 2009-08-08 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-08 12:57 . 2009-08-08 12:57 152576 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-08 00:07 . 2009-08-08 00:07 -------- d-----w- c:\programme\CCleaner
2009-08-07 22:45 . 2009-08-07 22:45 -------- d-----w- c:\programme\trend micro
2009-08-07 18:12 . 2009-08-07 18:12 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2009-08-07 18:11 . 2009-08-07 18:11 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes
2009-08-07 15:49 . 2009-08-07 15:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-06 02:35 . 2009-08-06 02:35 -------- d-sh--w- c:\dokumente und einstellungen\Default User\IETldCache
2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\MSBuild
2009-08-06 02:35 . 2009-08-06 02:35 -------- d-----w- c:\programme\Reference Assemblies
2009-08-06 02:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 02:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 02:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 02:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 02:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 02:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 02:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-31 14:28 . 2009-07-31 14:28 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2009-07-31 14:04 . 2009-08-05 23:18 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-31 14:04 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-31 14:04 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-31 14:04 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\programme\Avira
2009-07-31 14:04 . 2009-07-31 14:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 22:50 . 2009-08-08 22:50 54456 ------w- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-08-08 22:47 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.dat
2009-08-08 22:47 . 2009-05-26 00:12 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.dat
2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----r- c:\programme\Skype
2009-08-08 13:03 . 2007-03-23 14:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-08-08 12:58 . 2007-02-12 09:42 -------- d-----w- c:\programme\Java
2009-08-08 12:15 . 2007-02-12 11:56 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2009-07-18 17:38 . 2009-07-18 17:38 56968 ----a-w- c:\windows\Fonts\USUn000.ttf
2009-07-18 17:38 . 2009-07-18 17:38 41952 ----a-w- c:\windows\Fonts\Blue000.ttf
2009-07-18 17:38 . 2009-07-18 17:38 38012 ----a-w- c:\windows\Fonts\Rude000.ttf
2009-07-18 17:38 . 2009-07-18 17:38 31820 ----a-w- c:\windows\Fonts\Suss000.ttf
2009-07-18 17:38 . 2009-07-18 17:38 24460 ----a-w- c:\windows\Fonts\Eval000.ttf
2009-07-03 16:55 . 2003-04-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 21:01 . 2007-04-21 23:56 -------- d-----w- c:\programme\IrfanView
2009-06-26 22:28 . 2007-04-19 00:18 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\dvdcss
2009-06-19 19:15 . 2009-02-05 16:51 1 ----a-w- c:\dokumente und einstellungen\User\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-16 14:36 . 2003-04-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-04-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2007-02-09 15:19 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 00:31 . 2009-05-26 00:31 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-05-26 00:07 . 2009-05-26 00:07 184 ----a-w- c:\windows\system32\e000002.dat
2009-05-16 19:41 . 2009-05-16 19:41 299824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzlib.dll
2009-05-16 19:41 . 2009-05-16 19:41 98360 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\bass.dll
2009-05-16 19:41 . 2009-05-16 19:41 366896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzprores.dll
2009-05-16 19:41 . 2009-05-16 19:41 1262896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GvzPro\gvzpro2.dll
2008-11-30 22:17 . 2008-11-30 22:17 1804050 ----a-w- c:\programme\Multidecoder_1.0.0.48.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-08-08_22.05.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-08 22:49 . 2009-08-08 22:49 16384 c:\windows\temp\Perflib_Perfdata_144.dat
+ 2009-08-08 22:47 . 2009-08-08 22:47 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-08 22:47 . 2009-08-08 22:47 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-08 22:47 . 2009-08-08 22:47 233472 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-08 22:47 . 2009-08-08 22:47 208896 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-08 22:47 . 2009-08-08 22:47 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-08 22:47 . 2009-08-08 22:47 11370496 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"LogitechCommunicationsManager"="c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"CTSysVol"="c:\programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Hochfahren.bat [2008-4-28 65]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2007-11-3 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SATARAID5.lnk
backup=c:\windows\pss\SATARAID5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk
backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Spiele\\Worms World Party\\wwp.exe"=
"c:\\Programme\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17010:TCP"= 17010:TCP:worms world party
"17011:TCP"= 17011:TCP:Worms world Party
"17012:TCP"= 17012:TCP:Worms world party

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [31.07.2009 16:04 108289]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26.05.2009 01:38 15840]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [04.04.2009 17:23 562176]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [04.04.2009 17:23 15616]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.02.2009 17:07 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.02.2009 17:07 8320]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNMp50.sys --> c:\windows\system32\drivers\PDNMp50.sys [?]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;\??\c:\windows\system32\drivers\PDNSp50.sys --> c:\windows\system32\drivers\PDNSp50.sys [?]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys --> c:\dokumente und einstellungen\User\Desktop\SysProtDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = about:blank
TCP: {7D12C82E-EF19-40E1-A2F1-469F20F0A96E} = 213.191.74.19 62.109.123.197
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.trojaner-board.de/76194-virus-trojaner-oder-von-allem-etwas-6.html#post455014
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\l0j5s00l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: browser.history_expire_days - 3
FF - user.js: browser.history_expire_days_min - 3
FF - user.js: browser.history_expire_sites - 40000
FF - user.js: dom.storage.enabled - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: privacy.item.offlineApps - false
FF - user.js: browser.safebrowsing.malware.enabled - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: network.http.pipelining - true
FF - user.js: network.prefetch-next - true
FF - user.js: config.trim_on_minimize - true
FF - user.js: browser.sessionhistory.max_total_viewers - 0
FF - user.js: browser.cache.memory.capacity - 18432
FF - user.js: browser.cache.disk.capacity - 20000
FF - user.js: browser.cache.offline.capacity - 25000
FF - user.js: browser.sessionstore.interval - 30000000
FF - user.js: browser.sessionstore.max_tabs_undo - 10
FF - user.js: browser.urlbar.maxRichResults - 0
FF - user.js: keyword.enabled - false
FF - user.js: browser.fixup.alternate.suffix - .com
FF - user.js: browser.urlbar.doubleClickSelectsAll - false
FF - user.js: browser.urlbar.clickSelectsAll - true
FF - user.js: browser.zoom.siteSpecific - false
FF - user.js: browser.search.openintab - true
FF - user.js: browser.tabs.loadDivertedInBackground - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.download.manager.useWindow - true
FF - user.js: browser.download.manager.retention - 1
FF - user.js: browser.download.manager.closeWhenDone - true
FF - user.js: extensions.checkCompatibility - true
FF - user.js: extensions.hideInstallButton - true
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-09 00:49
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7412)
c:\programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.exe
c:\programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\MsPMSPSv.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.exe
c:\programme\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-08 0:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-08 22:55
ComboFix2.txt 2009-08-08 22:12
ComboFix3.txt 2009-08-08 16:28

Vor Suchlauf: 9 Verzeichnis(se), 37.774.454.784 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 37.643.722.752 Bytes frei

1926 --- E O F --- 2009-08-07 02:15

Alt 09.08.2009, 00:11   #12
john.doe
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


1.) Deaktiviere den Wächter von Avira.

2.) Packe den Ordner c:\qoobox mit Zip oder Rar, lade das Archiv bei einem Filehoster hoch (z.B. www.materialordner.de) und schicke mir den Link als PN.

3.) Aktiviere den Wächter von Avira.

Nach den ganzen Löschorgien brauche ich neue Logs.

4.) Poste beide Logs von http://www.trojaner-board.de/74910-a...tion-tool.html

Morgen (äh, heute) geht es weiter, aber wir sind kurz vor Ziel.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 09.08.2009, 01:39   #13
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Geht klar!


Punkt 1-3 ausgeführt und Dir die Links als PN geschickt, waren über 160 MB deshalb musste ich die Dateien splitten.

Hier sind die Logs von RSIT, Nummer 1:
info.txt logfile of random's system information tool 1.06 2009-08-09 02:34:00

======Uninstall list======

-->"C:\Programme\Creative\SBAudigy2ZS\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\Programme\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE /W /U /S /L:GER
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{B7777E08-1344-42E8-975B-6F541F9ADBD8}
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
AusLogics Disk Defrag-->"C:\Programme\AusLogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Canon Camera Support Core Library-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B9B9863A-32FD-4133-ADB7-46244ED77694} /l1031
Canon Camera Window for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}
Canon Internet Library for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9518F764-C54D-47B2-9E73-154B21E79FD2}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2C164906-E68F-462A-9010-70DD022223EF}
Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Canon Utilities PhotoStitch 3.1-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
com! Firefox-3-Optimierer -->C:\Programme\com! Firefox-3-Optimierer\uninst.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cool & Quiet-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x7 /remove/remove/remove/remove
Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7 /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7 /remove
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
IsoBuster 2.3-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE}
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2000-->MsiExec.exe /I{00170407-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (3.5.2)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia MTP driver-->MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
Nokia themes for your device-->MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Programme\Paltalk Messenger\irunin.xml"
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
PDFCreator-->C:\Programme\PDFCreator\unins000.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Alt 09.08.2009, 01:40   #14
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash
\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x7
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SPSS 15.0 für Windows [Auswertung Version]-->MsiExec.exe /X{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}
The KMPlayer (remove only)-->"C:\Programme\The KMPlayer\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: LICHTMASCHINE
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Anwendungsverwaltung" gesendet.

Record Number: 73513
Source Name: Service Control Manager
Time Written: 20090807192545.000000+120
Event Type: Informationen
User: LICHTMASCHINE\User

Computer Name: LICHTMASCHINE
Event Code: 7023
Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


Record Number: 73512
Source Name: Service Control Manager
Time Written: 20090807192545.000000+120
Event Type: Fehler
User:

Computer Name: LICHTMASCHINE
Event Code: 7036
Message: Dienst "Anwendungsverwaltung" befindet sich jetzt im Status "Beendet".

Record Number: 73511
Source Name: Service Control Manager
Time Written: 20090807192545.000000+120
Event Type: Informationen
User:

Computer Name: LICHTMASCHINE
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Anwendungsverwaltung" gesendet.

Record Number: 73510
Source Name: Service Control Manager
Time Written: 20090807192545.000000+120
Event Type: Informationen
User: LICHTMASCHINE\User

Computer Name: LICHTMASCHINE
Event Code: 7023
Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


Record Number: 73509
Source Name: Service Control Manager
Time Written: 20090807192545.000000+120
Event Type: Fehler
User:

=====Application event log=====

Computer Name: LICHTMASCHINE
Event Code: 1517
Message: Die Registrierung des Benutzers "LICHTMASCHINE\User" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird.


Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Record Number: 25884
Source Name: Userenv
Time Written: 20090324081347.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: LICHTMASCHINE
Event Code: 0
Message:
Record Number: 25883
Source Name: gupdate1c987a5477f4f6
Time Written: 20090324070630.000000+060
Event Type: Informationen
User:

Computer Name: LICHTMASCHINE
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 25882
Source Name: SecurityCenter
Time Written: 20090324070604.000000+060
Event Type: Informationen
User:

Computer Name: LICHTMASCHINE
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 25881
Source Name: Avira AntiVir
Time Written: 20090324070604.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: LICHTMASCHINE
Event Code: 105
Message: The service was started.

Record Number: 25880
Source Name: WMDM PMSP Service
Time Written: 20090324070603.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\ATI Technologies\ATI.ACE;C:\Programme\Smart Projects\IsoBuster;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------





RSIT Nummer 2:

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-08-09 02:33:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (72%) free of 50 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:33:58, on 09.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\User\Desktop\RSIT.exe
C:\Programme\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: Hochfahren.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D12C82E-EF19-40E1-A2F1-469F20F0A96E}: NameServer = 213.191.74.19 62.109.123.197
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/User/LOKALE~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 5121 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-08 73728]

Alt 09.08.2009, 01:41   #15
Skylite
 
Virus/Trojaner oder von allem etwas? - Standard

Virus/Trojaner oder von allem etwas?


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"=C:\Programme\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-29 339968]
"ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"LogitechCommunicationsManager"=C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"CTSysVol"=C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-10-06 24576]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-08-08 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"=C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-10-08 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SATARAID5.lnk]
C:\PROGRA~1\SILICO~1\3114SA~1\sam.jar [2004-06-25 1510757]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinTV Recording Status..lnk]
C:\PROGRA~1\WinTV\WinTV7\WINTVT~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Hochfahren.bat
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"D:\Spiele\Worms World Party\wwp.exe"="D:\Spiele\Worms World Party\wwp.exe:*:Enabled:Worms World Party"
"C:\Programme\Paltalk Messenger\paltalk.exe"="C:\Programme\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-09 02:33:33 ----D---- C:\rsit
2009-08-09 02:04:46 ----SHD---- C:\RECYCLER
2009-08-09 00:55:47 ----A---- C:\ComboFix.txt
2009-08-09 00:47:07 ----D---- C:\WINDOWS\temp
2009-08-08 23:57:46 ----A---- C:\WINDOWS\zip.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\SWSC.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\SWREG.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\sed.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\PEV.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-08 23:57:46 ----A---- C:\WINDOWS\grep.exe
2009-08-08 23:57:39 ----D---- C:\Qoobox
2009-08-08 23:30:52 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-08 22:45:42 ----SD---- C:\cofiexe
2009-08-08 15:42:10 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Skype
2009-08-08 15:06:31 ----D---- C:\Programme\The KMPlayer
2009-08-08 15:03:10 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-08-08 15:01:26 ----D---- C:\Programme\Foxit Software
2009-08-08 15:01:26 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Foxit
2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\java.exe
2009-08-08 14:58:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-08 02:30:13 ----A---- C:\Boot.bak
2009-08-08 02:30:05 ----RASHD---- C:\cmdcons
2009-08-08 02:24:44 ----D---- C:\WINDOWS\ERDNT
2009-08-08 02:07:24 ----D---- C:\Programme\CCleaner
2009-08-08 00:45:21 ----D---- C:\Programme\trend micro
2009-08-07 17:49:45 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
2009-08-07 17:49:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-07 04:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-06 04:35:13 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-06 04:35:08 ----D---- C:\Programme\MSBuild
2009-08-06 04:35:07 ----D---- C:\WINDOWS\system32\en-US
2009-08-06 04:35:00 ----D---- C:\Programme\Reference Assemblies
2009-08-06 04:34:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-06 04:34:27 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-06 04:34:27 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-01 12:28:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-31 16:04:44 ----D---- C:\Programme\Avira
2009-07-31 16:04:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-15 17:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 17:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 17:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-09 02:33:26 ----D---- C:\WINDOWS\Prefetch
2009-08-09 01:06:12 ----HD---- C:\Programme\InstallShield Installation Information
2009-08-09 01:06:12 ----D---- C:\WINDOWS\system32
2009-08-09 01:06:12 ----D---- C:\Programme\PC Inspector File Recovery
2009-08-09 00:57:25 ----D---- C:\Programme\Mozilla Firefox
2009-08-09 00:55:49 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 00:50:19 ----D---- C:\WINDOWS
2009-08-09 00:50:19 ----A---- C:\WINDOWS\system.ini
2009-08-09 00:49:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 00:47:26 ----D---- C:\WINDOWS\system32\config
2009-08-09 00:47:02 ----RD---- C:\Programme
2009-08-09 00:42:08 ----D---- C:\WINDOWS\AppPatch
2009-08-09 00:42:03 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-08 22:46:03 ----SHD---- C:\System Volume Information
2009-08-08 22:46:03 ----D---- C:\WINDOWS\system32\Restore
2009-08-08 21:37:06 ----A---- C:\WINDOWS\wininit.ini
2009-08-08 19:02:55 ----HD---- C:\WINDOWS\inf
2009-08-08 18:04:26 ----RASH---- C:\boot.ini
2009-08-08 18:04:26 ----A---- C:\WINDOWS\win.ini
2009-08-08 15:03:24 ----SHD---- C:\WINDOWS\Installer
2009-08-08 15:03:22 ----RD---- C:\Programme\Skype
2009-08-08 15:03:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-08-08 14:58:12 ----D---- C:\Programme\Java
2009-08-08 14:47:58 ----SD---- C:\WINDOWS\Tasks
2009-08-08 14:47:28 ----RD---- C:\WINDOWS\Web
2009-08-08 14:17:00 ----D---- C:\WINDOWS\system32\Macromed
2009-08-08 14:17:00 ----D---- C:\WINDOWS\system32\Adobe
2009-08-08 14:16:34 ----D---- C:\WINDOWS\WinSxS
2009-08-08 14:15:08 ----D---- C:\Programme\Adobe
2009-08-08 14:15:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-08-08 14:15:00 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-08-08 02:37:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-08 02:15:42 ----D---- C:\WINDOWS\Debug
2009-08-07 19:19:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-07 13:09:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-07 04:15:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-06 15:23:36 ----RSD---- C:\WINDOWS\assembly
2009-08-06 04:38:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-06 04:35:05 ----RSD---- C:\WINDOWS\Fonts
2009-08-06 04:34:46 ----D---- C:\WINDOWS\system32\spool
2009-08-03 02:54:58 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia
2009-07-31 18:27:06 ----D---- C:\WINDOWS\ShellNew
2009-07-31 18:27:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-30 05:45:04 ----D---- C:\Programme\Internet Explorer
2009-07-30 05:44:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-19 18:41:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:11:12 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-04-02 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-04-02 55936]
R2 PfDetNT;PfDetNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 catchme;catchme; \??\C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-11-05 645392]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-11-19 366160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-10-08 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-10-08 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-10-13 145488]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-10-21 904496]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-10-21 148432]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-10-08 178672]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-10-14 332800]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver; C:\WINDOWS\System32\Drivers\hcw95bda.sys [2008-09-09 562176]
S3 hcw95rc;Hauppauge MOD7700 IR Driver; C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2008-09-09 15616]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNMp50.sys []
S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNSp50.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Dokumente und Einstellungen\User\Desktop\SysProtDrv.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSvcCDA.EXE [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-08 153376]
R2 LVPrcSrv;Process Monitor; c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




1000 Dank für deine großzügige Hilfe und den unermüdlichen Einsatz!


Werde heute (Sonntag) leider erst wieder Abends online sein können.
Hoffentlich dann bis bald, bzw. wann auch immer Du Zeit und Lust hast!
Antwort
Seite 3 von 4 12 3 4

Themen zu Virus/Trojaner oder von allem etwas?
adobe, antivir guard, avg, avira, bho, c:\windows\temp, content.ie5, dateisystem, desktop, einstellungen, entfernen, fehler, firefox, google, hijack, hijackthis, internet, internet explorer, log datei, maßnahme, monitor, mozilla, nicht möglich, problem, software, solution, starten, system, temp, virus/trojaner, windows, windows xp, windows\temp, zu langsam


« Rechner friert plötzlich ein ohne erkennbaren grund | Browser funktionieren nicht obwohl Internetverbindung steht (ICQ geht zB) »


Ähnliche Themen: Virus/Trojaner oder von allem etwas?


  1. Ist das ein Virus oder etwas anderes? Mit Bild.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (11)
  2. Keylogger oder etwas Anderes 2.0
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (7)
  3. Keylogger oder etwas Anderes ?
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (1)
  4. Ist diese Datei bzw. eine von ihnen ein Virus oder etwas ähnliches?
    Log-Analyse und Auswertung - 15.05.2013 (6)
  5. Trojaner oder etwas anderes?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (11)
  6. Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi
    Log-Analyse und Auswertung - 08.01.2012 (29)
  7. Keylogger oder sonst etwas?
    Log-Analyse und Auswertung - 29.05.2011 (1)
  8. Trojaner oder so etwas . Help .
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (25)
  9. Etwas eingefangen oder nicht!?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2009 (5)
  10. Virus, Wurm oder etwas anderes?
    Log-Analyse und Auswertung - 11.10.2009 (1)
  11. Trojaner.. Hacker schaut mir bei allem zu..
    Log-Analyse und Auswertung - 12.04.2009 (51)
  12. Trojaner Vundo oder etwas anderes?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2008 (8)
  13. Hardware defekt oder Virus? Bin etwas ratlos
    Plagegeister aller Art und deren Bekämpfung - 16.02.2008 (16)
  14. Trojaner - vor allem TR/Vundo.Gen
    Log-Analyse und Auswertung - 09.11.2007 (5)
  15. WinFIX ?? oder etwas anderes??????
    Plagegeister aller Art und deren Bekämpfung - 22.01.2006 (7)
  16. Habe Dialer oder etwas anderes :(
    Log-Analyse und Auswertung - 28.04.2005 (6)
  17. Können Viren oder Trojaner so etwas tun...
    Plagegeister aller Art und deren Bekämpfung - 06.08.2003 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus/Trojaner oder von allem etwas? - . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="c:\programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264] "Skype"="c:\programme\Skype\Phone\Skype.exe" [2009-07-16 25604904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 - Virus/Trojaner oder von allem etwas?...
Archiv
Du betrachtest: Virus/Trojaner oder von allem etwas? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19