| |
| |||||||
Log-Analyse und Auswertung: trojaner TR/Agent.ruo entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.03.2010, 18:52
| #1 |
| |  trojaner TR/Agent.ruo entfernen hallo, auf meinem pc ist der trojaner TR/Agent.ruo in der datei C:/WINDOWS/system32/kbdqgh.dll avira findet und löscht ihn zwar, er kehrt jedoch bei jedem neustart des computers zurück. ich habe bereits versucht ihn zu löschen indem ich die systemwiederherstellung deaktiviert habe, in der ich den virus vermutet hatte, das hat jedoch nichts genützt. nun habe ich einen logfile mit HijackThis erstellt und hoffe ihr könnt mir helfen die richtigen dateien zu löschen. danke schonmal, gruß Mikaela Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:24:52, on 28.03.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\Programme\Avira\AntiVir Desktop\avcenter.exe C:\Programme\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\spider.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1ca828063b595f0) (gupdate1ca828063b595f0) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programme\PDF Complete\pdfsvc.exe -- End of file - 6167 bytes |
|
28.03.2010, 21:21
| #2 |
| /// TB-Ausbilder     | trojaner TR/Agent.ruo entfernen Hi Mikaela,
__________________Mache bitte einen Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Dateien Online überprüfen lassen:
Code:
ATTFilter C:/WINDOWS/system32/kbdqgh.dll
MfG myritlle
__________________ |
|
05.04.2010, 19:34
| #3 |
| | trojaner TR/Agent.ruo entfernen alles klar, hier ist der scan:
__________________OTL Extras logfile created on: 05.04.2010 19:29:31 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 220,86 Gb Total Space | 183,27 Gb Free Space | 82,98% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 8,00 Gb Free Space | 66,64% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KITTY Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- () "C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*  isabled:EA Download Manager -- File not found"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "AVG9Uninstall" = AVG Free 9.0 "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "EA Download Manager" = EA Download Manager "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube Download_is1" = Free YouTube Download 2.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "kikin Plugin (Audiograbber Edition)" = kikin Plugin (AudioGrabber Edition) 1.11 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NVIDIA Drivers" = NVIDIA Drivers "PDF Complete" = PDF Complete "PROHYBRIDR" = 2007 Microsoft Office system "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "QuickTime" = QuickTime "Shockwave" = Shockwave "TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay "Uninstall_is1" = Uninstall 1.0.0.1 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinGimp-2.0_is1" = GIMP 2.6.6 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XVID Player_is1" = XVID Player 1.0 "Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.8 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.04.2010 11:27:31 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17049 Description = Error - 01.04.2010 11:27:31 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17049 Description = Error - 01.04.2010 11:27:31 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17049 Description = Error - 01.04.2010 11:27:31 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17049 Description = Error - 01.04.2010 11:27:32 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17207 Description = Error - 01.04.2010 11:27:32 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17204 Description = Error - 01.04.2010 11:27:32 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17207 Description = Error - 01.04.2010 11:27:32 | Computer Name = KITTY | Source = MSSQL$MSSMLBIZ | ID = 17204 Description = Error - 01.04.2010 11:36:02 | Computer Name = KITTY | Source = MsiInstaller | ID = 1013 Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 -- Microsoft .NET Framework 3.0 Service Pack 2 cannot be uninstalled because it will affect other applications that are installed. For more information, see Microsoft .NET Framework 3.0 Release Notes. Error - 01.04.2010 11:36:39 | Computer Name = KITTY | Source = MsiInstaller | ID = 1013 Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft .NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other applications that are installed. For more information, see Microsoft .NET Framework 3.0 Release Notes. [ System Events ] Error - 28.03.2010 12:44:07 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 28.03.2010 18:40:07 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 29.03.2010 09:30:46 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 29.03.2010 09:31:12 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP Error - 29.03.2010 14:51:23 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 29.03.2010 18:15:45 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 30.03.2010 04:45:18 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 30.03.2010 16:19:54 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 01.04.2010 10:01:26 | Computer Name = KITTY | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706) Error - 01.04.2010 11:27:32 | Computer Name = KITTY | Source = Service Control Manager | ID = 7024 Description = Der Dienst "SQL Server (MSSMLBIZ)" wurde mit folgendem dienstspezifischem Fehler beendet: 3417 (0xD59). < End of report > OTL logfile created on: 05.04.2010 19:29:31 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 220,86 Gb Total Space | 183,27 Gb Free Space | 82,98% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 8,00 Gb Free Space | 66,64% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KITTY Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (All) ========== SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (gupdate1ca828063b595f0) Google Update Service (gupdate1ca828063b595f0) -- C:\Programme\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (lanmanworkstation) -- C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation) SRV - (Wmi) -- C:\WINDOWS\system32\advapi32.dll (Microsoft Corporation) SRV - (RpcSs) Remoteprozeduraufruf (RPC) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation) SRV - (DcomLaunch) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation) SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation) SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (EventSystem) -- C:\WINDOWS\system32\es.dll (Microsoft Corporation) SRV - (Nla) NLA (Network Location Awareness) -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (WmdmPmSN) -- C:\WINDOWS\system32\mspmsnsv.dll (Microsoft Corporation) SRV - (WudfSvc) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation) SRV - (PCA) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks) SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation) SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation) SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation) SRV - (SharedAccess) -- C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation) SRV - (stisvc) Windows-Bilderfassung (WIA) -- C:\WINDOWS\system32\wiaservc.dll (Microsoft Corporation) SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation) SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation) SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Microsoft Corporation) SRV - (dmadmin) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software) SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Microsoft Corporation) SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation) SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Microsoft Corporation) SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Microsoft Corporation) SRV - (AppMgmt) -- C:\WINDOWS\system32\appmgmts.dll (Microsoft Corporation) SRV - (RasMan) -- C:\WINDOWS\system32\rasmans.dll (Microsoft Corporation) SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation) SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Microsoft Corporation) SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Microsoft Corporation) SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation) SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation) SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation) SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation) SRV - (RSVP) -- C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation) SRV - (xmlprov) -- C:\WINDOWS\system32\xmlprov.dll (Microsoft Corporation) SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation) SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation) SRV - (lanmanserver) -- C:\WINDOWS\system32\srvsvc.dll (Microsoft Corporation) SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation) SRV - (TrkWks) Überwachung verteilter Verknüpfungen (Client) -- C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation) SRV - (RasAuto) -- C:\WINDOWS\system32\rasauto.dll (Microsoft Corporation) SRV - (wscsvc) -- C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation) SRV - (Browser) -- C:\WINDOWS\system32\browser.dll (Microsoft Corporation) SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Microsoft Corporation) SRV - (RpcLocator) -- C:\WINDOWS\system32\locator.exe (Microsoft Corporation) SRV - (SSDPSRV) -- C:\WINDOWS\system32\ssdpsrv.dll (Microsoft Corporation) SRV - (WebClient) -- C:\WINDOWS\system32\webclnt.dll (Microsoft Corporation) SRV - (CryptSvc) -- C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation) SRV - (RemoteRegistry) -- C:\WINDOWS\system32\regsvc.dll (Microsoft Corporation) SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation) SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Microsoft Corporation) SRV - (ALG) -- C:\WINDOWS\system32\alg.exe (Microsoft Corporation) SRV - (AudioSrv) -- C:\WINDOWS\system32\audiosrv.dll (Microsoft Corporation) SRV - (SENS) -- C:\WINDOWS\system32\sens.dll (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation) SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation) SRV - (mnmsrvc) -- C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation) SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Microsoft Corp.) SRV - (ERSvc) -- C:\WINDOWS\system32\ersvc.dll (Microsoft Corporation) SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Microsoft Corporation) SRV - (UPS) -- C:\WINDOWS\system32\ups.exe (Microsoft Corporation) SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation) SRV - (HTTPFilter) -- C:\WINDOWS\system32\w3ssl.dll (Microsoft Corporation) SRV - (HidServ) -- C:\WINDOWS\system32\svchost.exe (Microsoft Corporation) SRV - (LmHosts) -- C:\WINDOWS\system32\lmhsvc.dll (Microsoft Corporation) SRV - (SamSs) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (ProtectedStorage) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (PolicyAgent) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (NtLmSsp) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (Netlogon) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation) SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation) SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation) SRV - (CiSvc) -- C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation) SRV - (SwPrv) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) SRV - (COMSysApp) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) SRV - (MSIServer) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation) SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation) ========== Driver Services (All) ========== DRV - (WDICA) -- File not found DRV - (ultra) -- File not found DRV - (TosIde) -- File not found DRV - (Sparrow) -- File not found DRV - (Simbad) -- File not found DRV - (ql1280) -- File not found DRV - (ql1240) -- File not found DRV - (ql12160) -- File not found DRV - (Ql10wnt) -- File not found DRV - (ql1080) -- File not found DRV - (perc2hib) -- File not found DRV - (perc2) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (mraid35x) -- File not found DRV - (lbrtfdc) -- File not found DRV - (ini910u) -- File not found DRV - (i2omp) -- File not found DRV - (i2omgmt) -- File not found DRV - (hpn) -- File not found DRV - (dac960nt) -- File not found DRV - (Cpqarray) -- File not found DRV - (CmdIde) -- File not found DRV - (Changer) -- File not found DRV - (cd20xrnt) -- File not found DRV - (Atdisk) -- File not found DRV - (asc3550) -- File not found DRV - (asc3350p) -- File not found DRV - (asc) -- File not found DRV - (amsint) -- File not found DRV - (AliIde) -- File not found DRV - (Aha154x) -- File not found DRV - (abp480n5) -- File not found DRV - (Abiosdsk) -- File not found DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Srv) -- C:\WINDOWS\system32\drivers\srv.sys (Microsoft Corporation) DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys (Microsoft Corporation) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (HTTP) -- C:\WINDOWS\system32\drivers\http.sys (Microsoft Corporation) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (KSecDD) -- C:\WINDOWS\system32\drivers\ksecdd.sys (Microsoft Corporation) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (SSHDRV76) -- C:\WINDOWS\system32\drivers\SSHDRV76.sys () DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys (Microsoft Corporation) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (Tcpip) -- C:\WINDOWS\system32\drivers\tcpip.sys (Microsoft Corporation) DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys (Microsoft Corporation) DRV - (NDIS) -- C:\WINDOWS\system32\drivers\ndis.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (WudfRd) -- C:\WINDOWS\system32\drivers\WudfRd.sys (Microsoft Corporation) DRV - (WudfPf) -- C:\WINDOWS\system32\drivers\WudfPf.sys (Microsoft Corporation) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software) DRV - (Ntfs) -- C:\WINDOWS\system32\drivers\ntfs.sys (Microsoft Corporation) DRV - (ACPI) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys (Microsoft Corporation) DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys (Microsoft Corporation) DRV - (Rdbss) -- C:\WINDOWS\system32\drivers\rdbss.sys (Microsoft Corporation) DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys (Microsoft Corporation) DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software) DRV - (Fastfat) -- C:\WINDOWS\system32\drivers\fastfat.sys (Microsoft Corporation) DRV - (RDPWD) -- C:\WINDOWS\system32\drivers\rdpwd.sys (Microsoft Corporation) DRV - (IpNat) -- C:\WINDOWS\system32\drivers\ipnat.sys (Microsoft Corporation) DRV - (Ftdisk) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Microsoft Corporation) DRV - (FltMgr) -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Corporation) DRV - (Pcmcia) -- C:\WINDOWS\system32\drivers\pcmcia.sys (Microsoft Corporation) DRV - (Mup) -- C:\WINDOWS\system32\drivers\mup.sys (Microsoft Corporation) DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Microsoft Corporation) DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys (Microsoft Corporation) DRV - (sr) -- C:\WINDOWS\system32\DRIVERS\sr.sys (Microsoft Corporation) DRV - (PSched) -- C:\WINDOWS\system32\drivers\psched.sys (Microsoft Corporation) DRV - (Udfs) -- C:\WINDOWS\system32\drivers\udfs.sys (Microsoft Corporation) DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Microsoft Corporation) DRV - (Cdfs) -- C:\WINDOWS\system32\drivers\cdfs.sys (Microsoft Corporation) DRV - (Atmarpc) -- C:\WINDOWS\system32\drivers\atmarpc.sys (Microsoft Corporation) DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys (Microsoft Corporation) DRV - (VolSnap) -- C:\WINDOWS\system32\drivers\volsnap.sys (Microsoft Corporation) DRV - (i8042prt) -- C:\WINDOWS\system32\drivers\i8042prt.sys (Microsoft Corporation) DRV - (Rasl2tp) WAN-Miniport (L2TP) -- C:\WINDOWS\system32\drivers\rasl2tp.sys (Microsoft Corporation) DRV - (Cdrom) -- C:\WINDOWS\system32\drivers\cdrom.sys (Microsoft Corporation) DRV - (PptpMiniport) WAN-Miniport (PPTP) -- C:\WINDOWS\system32\drivers\raspptp.sys (Microsoft Corporation) DRV - (P3) -- C:\WINDOWS\system32\drivers\p3.sys (Microsoft Corporation) DRV - (MountMgr) -- C:\WINDOWS\system32\drivers\mountmgr.sys (Microsoft Corporation) DRV - (Imapi) -- C:\WINDOWS\system32\drivers\imapi.sys (Microsoft Corporation) DRV - (RasPppoe) -- C:\WINDOWS\system32\drivers\raspppoe.sys (Microsoft Corporation) DRV - (Processor) -- C:\WINDOWS\system32\drivers\processr.sys (Microsoft Corporation) DRV - (NDProxy) -- C:\WINDOWS\system32\drivers\ndproxy.sys (Microsoft Corporation) DRV - (Disk) -- C:\WINDOWS\system32\DRIVERS\disk.sys (Microsoft Corporation) DRV - (Gpc) -- C:\WINDOWS\system32\drivers\msgpc.sys (Microsoft Corporation) DRV - (Fips) -- C:\WINDOWS\system32\drivers\fips.sys (Microsoft Corporation) DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\WINDOWS\system32\drivers\netbios.sys (Microsoft Corporation) DRV - (IpFilterDriver) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys (Microsoft Corporation) DRV - (NwlnkFwd) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys (Microsoft Corporation) DRV - (Npfs) -- C:\WINDOWS\system32\drivers\npfs.sys (Microsoft Corporation) DRV - (Modem) -- C:\WINDOWS\system32\drivers\modem.sys (Microsoft Corporation) DRV - (Ip6Fw) -- C:\WINDOWS\system32\drivers\ip6fw.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys () DRV - (Fdc) -- C:\WINDOWS\system32\drivers\fdc.sys (Microsoft Corporation) DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Microsoft Corporation) DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Microsoft Corporation) DRV - (TDTCP) -- C:\WINDOWS\system32\drivers\tdtcp.sys (Microsoft Corporation) DRV - (VgaSave) -- C:\WINDOWS\System32\drivers\vga.sys (Microsoft Corporation) DRV - (IpInIp) -- C:\WINDOWS\system32\drivers\ipinip.sys (Microsoft Corporation) DRV - (usbuhci) -- C:\WINDOWS\system32\drivers\usbuhci.sys (Microsoft Corporation) DRV - (Flpydisk) -- C:\WINDOWS\system32\drivers\flpydisk.sys (Microsoft Corporation) DRV - (Msfs) -- C:\WINDOWS\system32\drivers\msfs.sys (Microsoft Corporation) DRV - (PartMgr) -- C:\WINDOWS\system32\drivers\partmgr.sys (Microsoft Corporation) DRV - (Cdaudio) -- C:\WINDOWS\system32\drivers\cdaudio.sys (Microsoft Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (Raspti) Parallelanschluss (direkt) -- C:\WINDOWS\system32\drivers\raspti.sys (Microsoft Corporation) DRV - (serenum) -- C:\WINDOWS\system32\drivers\serenum.sys (Microsoft Corporation) DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys (Microsoft Corporation) DRV - (AsyncMac) -- C:\WINDOWS\system32\drivers\asyncmac.sys (Microsoft Corporation) DRV - (cbidf2k) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (Ndisuio) -- C:\WINDOWS\system32\drivers\ndisuio.sys (Microsoft Corporation) DRV - (NwlnkFlt) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys (Microsoft Corporation) DRV - (ACPIEC) -- C:\WINDOWS\system32\drivers\acpiec.sys (Microsoft Corporation) DRV - (TDPIPE) -- C:\WINDOWS\system32\drivers\tdpipe.sys (Microsoft Corporation) DRV - (Sfloppy) -- C:\WINDOWS\system32\drivers\sfloppy.sys (Microsoft Corporation) DRV - (IRENUM) -- C:\WINDOWS\system32\drivers\irenum.sys (Microsoft Corporation) DRV - (NdisTapi) -- C:\WINDOWS\system32\drivers\ndistapi.sys (Microsoft Corporation) DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys (Microsoft Corporation) DRV - (ParVdm) -- C:\WINDOWS\system32\drivers\parvdm.sys (Microsoft Corporation) DRV - (dmload) -- C:\WINDOWS\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.) DRV - (swenum) -- C:\WINDOWS\system32\drivers\swenum.sys (Microsoft Corporation) DRV - (RDPCDD) -- C:\WINDOWS\system32\drivers\rdpcdd.sys (Microsoft Corporation) DRV - (mnmdd) -- C:\WINDOWS\system32\drivers\mnmdd.sys (Microsoft Corporation) DRV - (Beep) -- C:\WINDOWS\system32\drivers\beep.sys (Microsoft Corporation) DRV - (Null) -- C:\WINDOWS\system32\drivers\null.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Microsoft Corporation) DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys (Microsoft Corporation) DRV - (usbohci) -- C:\WINDOWS\system32\drivers\usbohci.sys (Microsoft Corporation) DRV - (USBSTOR) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS (Microsoft Corporation) DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys (Microsoft Corporation) DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys (Microsoft Corporation) DRV - (IntelIde) -- C:\WINDOWS\system32\DRIVERS\intelide.sys (Microsoft Corporation) DRV - (PCI) -- C:\WINDOWS\system32\DRIVERS\pci.sys (Microsoft Corporation) DRV - (sysaudio) -- C:\WINDOWS\system32\drivers\sysaudio.sys (Microsoft Corporation) DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys (Microsoft Corporation) DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Corporation) DRV - (kmixer) -- C:\WINDOWS\system32\drivers\kmixer.sys (Microsoft Corporation) DRV - (splitter) -- C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Corporation) DRV - (DMusic) -- C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Corporation) DRV - (MSKSSRV) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys (Microsoft Corporation) DRV - (MSPQM) -- C:\WINDOWS\system32\drivers\MSPQM.sys (Microsoft Corporation) DRV - (MSPCLOCK) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys (Microsoft Corporation) DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys (Microsoft Corporation) DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation) DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation) DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation) DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation) DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation) DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation) DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation) DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation) DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation) DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation) DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation) DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation) DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation) DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation) DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation) DRV - (rdpdr) -- C:\WINDOWS\system32\drivers\rdpdr.sys (Microsoft Corporation) DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys (Microsoft Corporation) DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaide.sys (Microsoft Corporation) DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic) DRV - (E100B) Intel(R) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (PCIIde) -- C:\WINDOWS\system32\DRIVERS\pciide.sys (Microsoft Corporation) DRV - (isapnp) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys (Microsoft Corporation) DRV - (swmidi) -- C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft Corporation) DRV - (audstub) -- C:\WINDOWS\system32\drivers\audstub.sys (Microsoft Corporation) DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Microsoft Corporation) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (aic78xx) -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys (Microsoft Corporation) DRV - (aic78u2) -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys (Microsoft Corporation) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (adpu160m) -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys (Microsoft Corporation) DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Deutschland - Startseite - PCs, Drucker, Server, Speicherlösungen und mehr IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Deutschland - Startseite - PCs, Drucker, Server, Speicherlösungen und mehr IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Deutschland - Startseite - PCs, Drucker, Server, Speicherlösungen und mehr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll () IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783 FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004 FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.03.29 15:26:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.03.29 15:26:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.05 19:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.05 19:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.08.30 22:45:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.21 22:59:02 | 000,000,000 | ---D | M] [2009.04.14 22:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.03.31 21:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions [2009.08.16 12:40:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.05.10 15:55:15 | 000,000,000 | ---D | M] (kikin plugin (AudioGrabber Edition)) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.03.28 14:20:20 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.19 17:43:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\toolbar@ask.com [2009.05.12 14:25:33 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\searchplugins\ask.xml [2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\searchplugins\askcom.xml [2009.12.07 20:36:30 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\searchplugins\conduit.xml [2009.12.08 23:38:57 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\searchplugins\youtube-videosuche.xml [2009.05.10 16:08:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.27 11:58:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.27 11:58:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.27 11:58:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.27 11:58:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.27 11:58:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 04:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.71.143.51 193.189.244.205 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 18:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{be27a6ef-2935-11de-87e5-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{be27a6ef-2935-11de-87e5-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.29 16:00:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AVG Security Toolbar [2010.03.29 15:44:11 | 000,000,000 | -H-D | C] -- C:\$AVG [2010.03.29 15:26:30 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010.03.29 15:26:30 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010.03.29 15:26:29 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010.03.29 15:26:27 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010.03.29 15:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2010.03.29 15:26:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.03.29 15:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2010.03.29 15:26:12 | 000,000,000 | ---D | C] -- C:\Programme\AVG [2010.03.29 15:25:15 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2010.03.29 15:25:15 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2010.03.29 15:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.03.29 15:25:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.03.28 19:24:38 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.03.28 14:17:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.03.28 14:16:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2010.03.10 14:21:33 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.02.17 00:11:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2009.12.21 23:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2009.12.21 22:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.05 19:22:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.04.05 19:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.04.05 17:48:24 | 000,017,721 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\traum kurzgeschichte unfertig.odt [2010.04.05 17:01:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.05 17:01:33 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.04.05 17:01:18 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.04.05 17:01:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.05 17:00:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.05 17:00:54 | 2011,680,768 | -HS- | M] () -- C:\hiberfil.sys [2010.04.05 11:44:55 | 003,145,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat [2010.04.05 11:15:58 | 058,564,804 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.04.01 17:27:34 | 000,462,662 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.04.01 17:27:34 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.04.01 17:27:34 | 000,085,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.04.01 17:27:34 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.03.31 22:23:18 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2010.03.29 18:02:13 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel [2010.03.29 15:26:30 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010.03.29 15:26:30 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010.03.29 15:26:30 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010.03.29 15:26:30 | 000,001,479 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG Free 9.0.lnk [2010.03.29 15:26:29 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010.03.29 15:26:27 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010.03.29 15:26:12 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.03.28 19:24:38 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.03.28 18:48:03 | 002,540,996 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.03.28 14:05:32 | 001,225,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.11 04:02:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.03.10 19:02:55 | 000,004,096 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\00000CC5.LCS [2010.03.10 07:18:53 | 001,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2010.03.10 07:18:42 | 001,023,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.05 17:48:23 | 000,017,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\traum kurzgeschichte unfertig.odt [2010.03.29 18:02:13 | 000,000,933 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel [2010.03.29 15:26:30 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010.03.29 15:26:30 | 000,001,479 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG Free 9.0.lnk [2010.03.29 15:26:23 | 058,564,804 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.03.28 19:24:38 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.lnk [2010.03.10 18:50:14 | 000,004,096 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\00000CC5.LCS [2009.06.17 20:26:49 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.06.17 20:26:48 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.06.13 09:12:33 | 000,000,141 | ---- | C] () -- C:\WINDOWS\disney.ini [2009.06.13 09:12:17 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009.05.24 18:33:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI [2009.05.10 22:00:54 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV76.sys [2009.05.10 15:55:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009.05.01 23:29:53 | 003,145,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat [2009.04.15 11:30:34 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.14 22:48:39 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat [2009.04.14 22:48:39 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat.LOG [2009.01.27 15:42:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.01.27 15:42:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.01.27 15:42:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.01.27 15:42:42 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.01.27 15:42:42 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2009.01.27 15:39:55 | 000,000,981 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.01.27 06:14:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.01.27 06:06:40 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\BCM_DropUserDatabases.txt [2009.01.27 06:00:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.01.27 06:00:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.01.27 06:00:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.01.27 06:00:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.01.27 06:00:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.01.27 06:00:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.01.27 05:52:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.09.28 15:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2006.09.26 15:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2006.09.08 10:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006.05.04 23:14:34 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2006.05.04 23:14:34 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2006.02.28 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 < End of report > |
|
07.04.2010, 12:50
| #4 |
| /// TB-Ausbilder | trojaner TR/Agent.ruo entfernen Hi, lasse bitte als nächstes einen Scan mit GMER laufen und anschließend einen Scan mit Combofix: ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix) lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
07.04.2010, 17:13
| #5 |
| | trojaner TR/Agent.ruo entfernen hier ist der erste teil, der scan mit GMER, der rest folgt gleich GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-04-07 18:14:05 Windows 5.1.2600 Service Pack 2 Running: 5y4oecmu.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fxtdqpow.sys ---- System - GMER 1.0.15 ---- Code \??\C:\WINDOWS\system32\drivers\pcif39be.sys (PCI Support/Microsoft Corporation) ZwResumeThread [0xB6F66F4E] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9DF3380, 0x300577, 0xE8000020] .text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xB717B000, 0x30A4A, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xB71BD000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xB71D8000, 0x8E, 0x42000040] .text C:\WINDOWS\system32\drivers\SSHDRV76.sys section is writeable [0xB714B000, 0x16204, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\SSHDRV76.sys entry point in ".pklstb" section [0xB7169000] .relo2 C:\WINDOWS\system32\drivers\SSHDRV76.sys unknown last section [0xB7179000, 0x86, 0x42000040] .text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB6788000, 0x328BA, 0xE8000020] .pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB67CC000] .relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB67E8000, 0x8E, 0x42000040] .reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xB63EB600, 0x25B0C, 0xE0000060] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB638C300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBAC00300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Mozilla Firefox\firefox.exe[1928] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ---- |
|
07.04.2010, 18:25
| #6 |
| | trojaner TR/Agent.ruo entfernen hier kommt teil zwei, der log mit combofix. leider habe ich einen fehler gemacht, ich hatte zuerst combofix durchlaufen lassen, dann ist mir aufgefallen dass ich die systembereinigung vergessen hatte, also habe ich sie nachgeholt und anschließend combofix erneut durchlaufen lassen in dem log das ich jetzt hier poste sind also die dateien die das program beim ersten durchlauf gelöscht hat nicht verzeichnet. das ist mir erst hinterher aufgefallen.sry, ich hoffe ist ist nicht allzu wichtig. ComboFix 10-04-06.05 - Administrator 07.04.2010 19:12:02.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1918.1406 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((( Dateien erstellt von 2010-03-07 bis 2010-04-07 )))))))))))))))))))))))))))))) . 2010-04-07 17:11 . 2010-04-07 17:11 -------- d-----w- C:\32788R22FWJFW 2010-04-07 16:49 . 2010-04-07 16:49 -------- d-----w- c:\programme\CCleaner 2010-04-01 14:05 . 2010-04-01 14:05 1685784 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll 2010-04-01 14:05 . 2010-04-01 14:05 1035032 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.exe 2010-03-29 14:00 . 2010-03-29 14:00 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AVG Security Toolbar 2010-03-29 13:44 . 2010-03-29 13:44 -------- d-----w- C:\$AVG 2010-03-29 13:26 . 2010-03-29 13:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-29 13:26 . 2010-03-29 13:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-29 13:26 . 2010-03-29 13:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-29 13:26 . 2010-03-29 13:26 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-29 13:26 . 2010-04-07 12:31 -------- d-----w- c:\windows\system32\drivers\Avg 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\programme\AVG 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9 2010-03-28 17:24 . 2010-03-28 17:24 -------- d-----w- c:\programme\Trend Micro 2010-03-28 12:20 . 2010-03-14 14:18 52224 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-03-28 12:20 . 2010-03-14 14:18 101376 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll 2010-03-28 12:17 . 2010-03-28 16:22 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2010-03-28 12:16 . 2010-03-28 12:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software 2010-03-10 16:50 . 2010-03-10 16:50 3121624 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ProtectDisc\pe17abef1f.dll 2010-03-10 12:21 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-07 16:08 . 2009-06-25 17:59 1 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-01 15:27 . 2006-05-04 20:53 85534 ----a-w- c:\windows\system32\perfc007.dat 2010-04-01 15:27 . 2006-05-04 20:53 462662 ----a-w- c:\windows\system32\perfh007.dat 2010-04-01 15:26 . 2009-04-14 15:41 -------- d-----w- c:\programme\Microsoft Small Business 2010-03-31 21:14 . 2010-01-01 16:08 -------- d-----w- c:\programme\XVID Player 2010-03-11 02:03 . 2009-04-14 15:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-03-10 16:50 . 2009-12-08 17:48 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ProtectDisc 2010-02-28 00:08 . 2009-04-14 20:57 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-02-27 10:10 . 2009-01-27 04:04 74336 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-02-26 06:10 . 2006-02-28 02:00 667648 ------w- c:\windows\system32\wininet.dll 2010-02-26 06:10 . 2006-02-28 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-19 15:42 . 2009-04-15 09:33 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\gtk-2.0 2010-02-19 15:01 . 2009-11-29 23:43 -------- d-----w- c:\programme\Ask.com 2010-02-15 15:04 . 2010-02-15 15:04 2131336 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe 2010-01-23 15:57 . 2010-01-23 16:09 38784 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-02-23 12:04 1664256 ----a-w- c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}] 2008-08-14 13:57 2484224 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\programme\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-11-09 17:38 2331672 ----a-w- c:\programme\DVDVideoSoft\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-10 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-29 13:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] 2007-07-23 10:06 77824 ----a-w- c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-09-04 19:47 8466432 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-09-04 19:47 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-09-04 19:47 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2008-04-07 06:10 318488 ----a-w- c:\programme\PDF Complete\pdfsty.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 11:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-31 13:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 09:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 19:01 525824 ----a-w- c:\programme\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SQLWriter"=2 (0x2) "SQLBrowser"=2 (0x2) "PCA"=2 (0x2) "ose"=3 (0x3) "MSSQL$MSSMLBIZ"=3 (0x3) "IviRegMgr"=2 (0x2) "idsvc"=3 (0x3) "BcmSqlStartupSvc"=2 (0x2) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.03.2010 15:26 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.03.2010 15:26 242696] R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [10.05.2009 22:00 53760] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [30.07.2008 07:51 277736] R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [29.03.2010 15:26 308064] R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.01.2009 06:06 576024] S2 gupdate1ca828063b595f0;Google Update Service (gupdate1ca828063b595f0);c:\programme\Google\Update\GoogleUpdate.exe [21.12.2009 22:58 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG9\Toolbar\ToolbarBroker.exe [29.03.2010 15:26 369920] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - pcif39be HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc FastUserSwitchingCompatibility HidServ LanmanServer LanmanWorkstation Messenger Nla NWCWorkstation Schedule Seclogon SRService Themes TrkWks W32Time Wmi WmdmPmSp winmgmt wscsvc xmlprov BITS wuauserv ShellHWDetection helpsvc . Inhalt des "geplante Tasks" Ordners 2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-21 20:58] 2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-21 20:58] 2010-04-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programme\Ask.com\UpdateTask.exe [2010-02-04 15:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de fficialFF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q= FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll FF - component: c:\programme\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(2000) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Zeit der Fertigstellung: 2010-04-07 19:14:13 ComboFix-quarantined-files.txt 2010-04-07 17:14 ComboFix2.txt 2010-04-07 16:31 Vor Suchlauf: 58 Verzeichnis(se), 200.197.992.448 Bytes frei Nach Suchlauf: 59 Verzeichnis(se), 200.188.690.432 Bytes frei - - End Of File - - 3D80E5517C596E0199BCCBDC980EF818 |
|
11.04.2010, 21:32
| #7 | |
| /// TB-Ausbilder | trojaner TR/Agent.ruo entfernen Hi, Scripten mit Combofix
Zitat:
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann Mfg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
12.04.2010, 21:16
| #8 |
| | trojaner TR/Agent.ruo entfernen hey hab ich gemacht: übrigens hab ich schon seit einiger zeit nichts mehr von dem trojaner gehört, avg hat sich nicht gemeldet. heißt das ich bin ihn loß? P.S.: ich habe eine datei namens athena.sys gelöscht die sich in C:/system32 befand und die (vermutlich durch avg) blau makiert war. könnte das ein trojaner gewesen sein? also, hier der log: ComboFix 10-04-12.01 - Administrator 12.04.2010 21:57:14.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1918.1359 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\cfscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\drivers\pcif39be.sys" "c:\windows\system32\kbdqgh.dll" . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PCIF39BE ((((((((((((((((((((((( Dateien erstellt von 2010-03-12 bis 2010-04-12 )))))))))))))))))))))))))))))) . 2010-04-08 15:36 . 2010-04-08 15:36 4255072 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcorex.dll 2010-04-07 16:49 . 2010-04-07 16:49 -------- d-----w- c:\programme\CCleaner 2010-04-01 14:06 . 2010-04-01 14:06 4076824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgui.exe 2010-04-01 14:06 . 2010-04-01 14:06 2059544 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgtray.exe 2010-04-01 14:06 . 2010-04-01 14:06 1274136 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgfrw.exe 2010-04-01 14:06 . 2010-04-01 14:06 598296 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgsrmx.dll 2010-04-01 14:06 . 2010-04-01 14:06 341272 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgxch32.dll 2010-04-01 14:06 . 2010-04-01 14:06 313112 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avglogx.dll 2010-04-01 14:06 . 2010-04-01 14:06 1598744 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssie.dll 2010-04-01 14:06 . 2010-04-01 14:06 1515224 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgwd.dll 2010-04-01 14:06 . 2010-04-01 14:06 556824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchjwx.dll 2010-04-01 14:06 . 2010-04-01 14:06 459544 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcclix.dll 2010-04-01 14:06 . 2010-04-01 14:06 301336 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchclx.dll 2010-04-01 14:06 . 2010-04-01 14:06 1086744 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchsvx.exe 2010-04-01 14:05 . 2010-04-01 14:05 1685784 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll 2010-04-01 14:05 . 2010-04-01 14:05 1035032 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.exe 2010-03-29 14:00 . 2010-03-29 14:00 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AVG Security Toolbar 2010-03-29 13:44 . 2010-03-29 13:44 -------- d-----w- C:\$AVG 2010-03-29 13:26 . 2010-03-29 13:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-29 13:26 . 2010-03-29 13:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-29 13:26 . 2010-03-29 13:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-29 13:26 . 2010-03-29 13:26 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-29 13:26 . 2010-04-12 13:23 -------- d-----w- c:\windows\system32\drivers\Avg 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\programme\AVG 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9 2010-03-28 17:24 . 2010-03-28 17:24 -------- d-----w- c:\programme\Trend Micro 2010-03-28 12:20 . 2010-03-14 14:18 52224 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-03-28 12:20 . 2010-03-14 14:18 101376 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll 2010-03-28 12:17 . 2010-03-28 16:22 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2010-03-28 12:16 . 2010-03-28 12:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-11 21:00 . 2009-06-25 17:59 1 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-08 22:58 . 2009-04-14 20:57 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-04-01 15:27 . 2006-05-04 20:53 85534 ----a-w- c:\windows\system32\perfc007.dat 2010-04-01 15:27 . 2006-05-04 20:53 462662 ----a-w- c:\windows\system32\perfh007.dat 2010-04-01 15:26 . 2009-04-14 15:41 -------- d-----w- c:\programme\Microsoft Small Business 2010-03-31 21:14 . 2010-01-01 16:08 -------- d-----w- c:\programme\XVID Player 2010-03-11 02:03 . 2009-04-14 15:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-03-10 16:50 . 2010-03-10 16:50 3121624 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ProtectDisc\pe17abef1f.dll 2010-03-10 16:50 . 2009-12-08 17:48 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ProtectDisc 2010-02-27 10:10 . 2009-01-27 04:04 74336 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-02-26 06:10 . 2006-02-28 02:00 667648 ------w- c:\windows\system32\wininet.dll 2010-02-26 06:10 . 2006-02-28 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-19 15:42 . 2009-04-15 09:33 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\gtk-2.0 2010-02-19 15:01 . 2009-11-29 23:43 -------- d-----w- c:\programme\Ask.com 2010-02-15 15:04 . 2010-02-15 15:04 2131336 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe 2010-01-23 15:57 . 2010-01-23 16:09 38784 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe . ((((((((((((((((((((((((((((( SnapShot@2010-04-07_16.31.07 ))))))))))))))))))))))))))))))))))))))))) . + 2006-02-28 02:00 . 2006-02-28 02:00 589824 c:\windows\system32\olecm52s.dll + 2006-02-28 02:00 . 2006-02-28 02:00 400896 c:\windows\system32\drivers\usbwzt1g.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-02-23 12:04 1664256 ----a-w- c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}] 2008-08-14 13:57 2484224 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\programme\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-11-09 17:38 2331672 ----a-w- c:\programme\DVDVideoSoft\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-10 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-29 13:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] 2007-07-23 10:06 77824 ----a-w- c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-09-04 19:47 8466432 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-09-04 19:47 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-09-04 19:47 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2008-04-07 06:10 318488 ----a-w- c:\programme\PDF Complete\pdfsty.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 11:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-31 13:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 09:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 19:01 525824 ----a-w- c:\programme\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SQLWriter"=2 (0x2) "SQLBrowser"=2 (0x2) "PCA"=2 (0x2) "ose"=3 (0x3) "MSSQL$MSSMLBIZ"=3 (0x3) "IviRegMgr"=2 (0x2) "idsvc"=3 (0x3) "BcmSqlStartupSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\AVG\\AVG9\\avgnsx.exe"= "c:\\Programme\\AVG\\AVG9\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.03.2010 15:26 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.03.2010 15:26 242696] R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [10.05.2009 22:00 53760] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [30.07.2008 07:51 277736] R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [29.03.2010 15:26 308064] R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.01.2009 06:06 576024] S2 gupdate1ca828063b595f0;Google Update Service (gupdate1ca828063b595f0);c:\programme\Google\Update\GoogleUpdate.exe [21.12.2009 22:58 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG9\Toolbar\ToolbarBroker.exe [29.03.2010 15:26 369920] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - usbwzt1g . Inhalt des "geplante Tasks" Ordners 2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-21 20:58] 2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-21 20:58] 2010-04-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programme\Ask.com\UpdateTask.exe [2010-02-04 15:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de fficialFF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q= FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll FF - component: c:\programme\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-04-12 22:02 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(3840) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\AVG\AVG9\avgchsvx.exe c:\programme\AVG\AVG9\avgrsx.exe c:\programme\AVG\AVG9\avgcsrvx.exe c:\windows\system32\nvsvc32.exe c:\programme\AVG\AVG9\avgnsx.exe c:\windows\system32\wscntfy.exe c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Zeit der Fertigstellung: 2010-04-12 22:05:00 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-12 20:04 ComboFix2.txt 2010-04-07 17:14 ComboFix3.txt 2010-04-07 16:31 Vor Suchlauf: 57 Verzeichnis(se), 200.055.201.792 Bytes frei Nach Suchlauf: 58 Verzeichnis(se), 199.963.742.208 Bytes frei - - End Of File - - 0AB9DB3D74C304C197EE235958234E2D |
|
13.04.2010, 08:14
| #9 |
| /// TB-Ausbilder | trojaner TR/Agent.ruo entfernen Hi, möglich ist alles, allerdings befürchte ich doch eher, dass der Befall sich erfolgreich vor deinem antivirenprogramm versteckt hat.
MfG myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
20.04.2010, 13:12
| #10 |
| | trojaner TR/Agent.ruo entfernen schade, ich dachte schon er wär weg  also gut, dann ist hier jetzt der log:ComboFix 10-04-19.05 - Administrator 20.04.2010 13:51:30.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1918.1326 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_USBWZT1G ((((((((((((((((((((((( Dateien erstellt von 2010-03-20 bis 2010-04-20 )))))))))))))))))))))))))))))) . 2010-04-18 18:25 . 2010-04-18 18:25 503808 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-13b6e8cd-n\msvcp71.dll 2010-04-18 18:25 . 2010-04-18 18:25 499712 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-13b6e8cd-n\jmc.dll 2010-04-18 18:25 . 2010-04-18 18:25 348160 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-13b6e8cd-n\msvcr71.dll 2010-04-18 18:25 . 2010-04-18 18:25 61440 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e21e8d7-n\decora-sse.dll 2010-04-18 18:25 . 2010-04-18 18:25 12800 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e21e8d7-n\decora-d3d.dll 2010-04-18 18:25 . 2010-04-18 18:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-08 15:36 . 2010-04-08 15:36 4255072 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcorex.dll 2010-04-07 16:49 . 2010-04-07 16:49 -------- d-----w- c:\programme\CCleaner 2010-04-01 14:06 . 2010-04-01 14:06 4076824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgui.exe 2010-04-01 14:06 . 2010-04-01 14:06 2059544 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgtray.exe 2010-04-01 14:06 . 2010-04-01 14:06 1274136 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgfrw.exe 2010-04-01 14:06 . 2010-04-01 14:06 598296 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgsrmx.dll 2010-04-01 14:06 . 2010-04-01 14:06 341272 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgxch32.dll 2010-04-01 14:06 . 2010-04-01 14:06 313112 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avglogx.dll 2010-04-01 14:06 . 2010-04-01 14:06 1598744 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssie.dll 2010-04-01 14:06 . 2010-04-01 14:06 1515224 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgwd.dll 2010-04-01 14:06 . 2010-04-01 14:06 556824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchjwx.dll 2010-04-01 14:06 . 2010-04-01 14:06 459544 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcclix.dll 2010-04-01 14:06 . 2010-04-01 14:06 301336 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchclx.dll 2010-04-01 14:06 . 2010-04-01 14:06 1086744 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchsvx.exe 2010-04-01 14:05 . 2010-04-01 14:05 1685784 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll 2010-04-01 14:05 . 2010-04-01 14:05 1035032 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.exe 2010-03-29 14:00 . 2010-03-29 14:00 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AVG Security Toolbar 2010-03-29 13:44 . 2010-03-29 13:44 -------- d-----w- C:\$AVG 2010-03-29 13:26 . 2010-03-29 13:26 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-29 13:26 . 2010-03-29 13:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-29 13:26 . 2010-03-29 13:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-29 13:26 . 2010-03-29 13:26 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-29 13:26 . 2010-04-20 11:35 -------- d-----w- c:\windows\system32\drivers\Avg 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\programme\AVG 2010-03-29 13:26 . 2010-03-29 13:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9 2010-03-28 17:24 . 2010-03-28 17:24 -------- d-----w- c:\programme\Trend Micro 2010-03-28 12:20 . 2010-03-14 14:18 52224 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll 2010-03-28 12:20 . 2010-03-14 14:18 101376 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll 2010-03-28 12:17 . 2010-03-28 16:22 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2010-03-28 12:16 . 2010-03-28 12:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-18 18:25 . 2009-04-14 15:41 -------- d-----w- c:\programme\Java 2010-04-16 20:21 . 2009-04-14 15:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-04-12 21:48 . 2009-06-25 17:59 1 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-08 22:58 . 2009-04-14 20:57 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-04-01 15:27 . 2006-05-04 20:53 85534 ----a-w- c:\windows\system32\perfc007.dat 2010-04-01 15:27 . 2006-05-04 20:53 462662 ----a-w- c:\windows\system32\perfh007.dat 2010-04-01 15:26 . 2009-04-14 15:41 -------- d-----w- c:\programme\Microsoft Small Business 2010-03-31 21:14 . 2010-01-01 16:08 -------- d-----w- c:\programme\XVID Player 2010-03-10 16:50 . 2010-03-10 16:50 3121624 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ProtectDisc\pe17abef1f.dll 2010-03-10 16:50 . 2009-12-08 17:48 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\ProtectDisc 2010-03-10 08:02 . 2006-02-28 02:00 417792 ----a-w- c:\windows\system32\vbscript.dll 2010-02-27 10:10 . 2009-01-27 04:04 74336 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-02-26 06:10 . 2006-02-28 02:00 667648 ------w- c:\windows\system32\wininet.dll 2010-02-26 06:10 . 2006-02-28 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-24 12:31 . 2006-02-28 02:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 15:42 . 2009-04-15 09:33 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\gtk-2.0 2010-02-19 15:01 . 2009-11-29 23:43 -------- d-----w- c:\programme\Ask.com 2010-02-16 19:23 . 2006-02-28 02:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:23 . 2006-02-28 02:00 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 15:04 . 2010-02-15 15:04 2131336 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe 2010-02-12 04:45 . 2006-02-28 02:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:01 . 2006-02-28 02:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-23 15:57 . 2010-01-23 16:09 38784 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe . ((((((((((((((((((((((((((((( SnapShot@2010-04-07_16.31.07 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-20 11:56 . 2010-04-20 11:56 16384 c:\windows\temp\Perflib_Perfdata_7b8.dat - 2009-04-30 11:14 . 2008-07-08 13:00 18808 c:\windows\system32\spmsg.dll + 2009-04-30 11:14 . 2009-05-26 11:40 18808 c:\windows\system32\spmsg.dll + 2010-01-13 14:08 . 2010-01-13 14:08 86016 c:\windows\system32\dllcache\cabview.dll + 2006-02-28 02:00 . 2010-01-13 14:08 86016 c:\windows\system32\cabview.dll + 2009-01-27 04:02 . 2010-04-16 20:21 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe - 2009-01-27 04:02 . 2010-03-11 02:03 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe - 2009-01-27 04:02 . 2010-03-11 02:03 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe + 2009-01-27 04:02 . 2010-04-16 20:21 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe + 2009-01-27 04:02 . 2010-04-16 20:21 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe - 2009-01-27 04:02 . 2010-03-11 02:03 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe + 2006-02-28 02:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll + 2006-02-28 02:00 . 2006-02-28 02:00 589824 c:\windows\system32\jayjcesd.dll + 2009-01-27 03:57 . 2010-04-18 18:25 153376 c:\windows\system32\javaws.exe + 2009-01-27 03:57 . 2010-04-18 18:25 145184 c:\windows\system32\javaw.exe + 2009-01-27 03:57 . 2010-04-18 18:25 145184 c:\windows\system32\java.exe + 2006-02-28 02:00 . 2006-02-28 02:00 400384 c:\windows\system32\drivers\aip4as8h.sys + 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll + 2007-12-18 14:41 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll - 2007-12-18 14:41 . 2007-12-18 14:41 417792 c:\windows\system32\dllcache\vbscript.dll + 2008-06-20 09:52 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys + 2009-04-17 20:52 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys + 2006-08-16 11:58 . 2010-02-12 04:45 100864 c:\windows\system32\dllcache\6to4svc.dll + 2010-04-18 18:25 . 2010-04-18 18:25 178176 c:\windows\Installer\5f443c.msi + 2010-04-18 18:25 . 2010-04-18 18:25 576000 c:\windows\Installer\5f4436.msi + 2009-01-27 04:02 . 2010-04-16 20:21 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe - 2009-01-27 04:02 . 2010-03-11 02:03 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe + 2009-01-27 04:02 . 2010-04-16 20:21 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe - 2009-01-27 04:02 . 2010-03-11 02:03 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe - 2009-01-27 04:02 . 2010-03-11 02:03 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe + 2009-01-27 04:02 . 2010-04-16 20:21 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe - 2009-01-27 04:02 . 2010-03-11 02:03 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe + 2009-01-27 04:02 . 2010-04-16 20:21 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe + 2009-01-27 04:02 . 2010-04-16 20:21 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe - 2009-01-27 04:02 . 2010-03-11 02:03 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe + 2009-04-17 20:52 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys + 2009-05-01 19:56 . 2010-02-16 19:23 2189184 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-05-01 19:56 . 2010-02-16 19:23 2024448 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-05-01 19:56 . 2010-02-17 12:23 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-05-01 19:56 . 2010-02-16 19:23 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe + 2010-02-20 23:02 . 2010-02-20 23:02 4195840 c:\windows\Installer\64f55d.msp + 2010-03-11 21:59 . 2010-03-11 21:59 5031424 c:\windows\Installer\64f549.msp + 2009-01-27 04:02 . 2010-04-16 20:21 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe - 2009-01-27 04:02 . 2010-03-11 02:03 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe + 2009-01-27 04:02 . 2010-04-16 20:21 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe - 2009-01-27 04:02 . 2010-03-11 02:03 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe + 2009-01-27 03:55 . 2010-02-16 19:23 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-01-27 03:55 . 2010-02-16 19:23 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-01-27 03:55 . 2010-02-17 12:23 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-01-27 03:55 . 2010-02-16 19:23 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-05-02 23:12 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe + 2010-03-22 14:03 . 2010-03-22 14:03 11732992 c:\windows\Installer\64f571.msp . -- Snapshot auf jetziges Datum zurückgesetzt -- . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-02-23 12:04 1664256 ----a-w- c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}] 2008-08-14 13:57 2484224 ----a-w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\programme\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-11-09 17:38 2331672 ----a-w- c:\programme\DVDVideoSoft\tbDVDV.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programme\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672] [HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\TBSB03968.TBSB03968] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-10 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\dokumente und einstellungen\Administrator\Startmen\Programme\Autostart\ OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-29 13:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] 2007-07-23 10:06 77824 ----a-w- c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-09-04 19:47 8466432 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-09-04 19:47 81920 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-09-04 19:47 1626112 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] 2008-04-07 06:10 318488 ----a-w- c:\programme\PDF Complete\pdfsty.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2006-05-12 11:50 1138688 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-31 13:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-07-10 09:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 19:01 525824 ----a-w- c:\programme\Compaq\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SQLWriter"=2 (0x2) "SQLBrowser"=2 (0x2) "PCA"=2 (0x2) "ose"=3 (0x3) "MSSQL$MSSMLBIZ"=3 (0x3) "IviRegMgr"=2 (0x2) "idsvc"=3 (0x3) "BcmSqlStartupSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\AVG\\AVG9\\avgnsx.exe"= "c:\\Programme\\AVG\\AVG9\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.03.2010 15:26 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.03.2010 15:26 242696] R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [10.05.2009 22:00 53760] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [30.07.2008 07:51 277736] R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [29.03.2010 15:26 308064] R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.01.2009 06:06 576024] S2 gupdate1ca828063b595f0;Google Update Service (gupdate1ca828063b595f0);c:\programme\Google\Update\GoogleUpdate.exe [21.12.2009 22:58 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG9\Toolbar\ToolbarBroker.exe [29.03.2010 15:26 369920] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - aip4as8h . Inhalt des "geplante Tasks" Ordners 2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-21 20:58] 2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-21 20:58] 2010-04-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programme\Ask.com\UpdateTask.exe [2010-02-04 15:50] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=all&pf=cmdt uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de fficialFF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q= FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\k22dcelg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll FF - component: c:\programme\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-04-20 14:05 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(2980) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\AVG\AVG9\avgchsvx.exe c:\programme\AVG\AVG9\avgrsx.exe c:\programme\AVG\AVG9\avgcsrvx.exe c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\programme\AVG\AVG9\avgnsx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\programme\OpenOffice.org 3\program\soffice.exe c:\programme\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Zeit der Fertigstellung: 2010-04-20 14:07:47 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-20 12:07 ComboFix2.txt 2010-04-12 20:05 ComboFix3.txt 2010-04-07 17:14 ComboFix4.txt 2010-04-07 16:31 Vor Suchlauf: 57 Verzeichnis(se), 199.427.510.272 Bytes frei Nach Suchlauf: 58 Verzeichnis(se), 199.429.599.232 Bytes frei - - End Of File - - B008F8531B6EFAE7A7632287D3CB66FA |
|
| Themen zu trojaner TR/Agent.ruo entfernen |
| administrator, adobe, antivir, antivir guard, ask toolbar, bho, desktop, document, ebay, einstellungen, entfernen, explorer, firefox, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, kommt nach löschen wieder, logfile, mozilla, neustart, nvidia, rundll, software, trojaner, trojaner agent, virus, windows xp |
Linear-Darstellung
