| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.09.2010, 20:51
| #1 |
| |  HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet hallo, und guten tag erstmal. bin hier neu und brauche eure hilfe. als erstes enschuldige ich mich für die nicht beachtete groß-klein schreibung. mein wireless keyboard funktioniert auch nicht mehr richtig seit heute. einige tasten gehen nicht mehr. vielleicht liegt es am virus, oder es ist nur zufällig auch kaputt gegangen. aber jetzt zum eigenlichen problem. ich glaube mir den HEUR:Trojan.Win32.Generic eingefangen zu haben. jedenfalls sagt das mein kaspersky. und auch beim booten macht mein laptop jetzt immer verrückte sachen. manchmal läuf chkdsk beim booten, manchmal schaltet sich der laptop beim booten wieder aus und ein andermal, wenn ich glück habe öffnet sich windows aber ich bekomme immer verschiedene fehlermeldungen. Ich habe hier nachgelesen und mir Malwarebytes heruntergeladen. gescannt und alle gefunden Fehler bereinigen lassen. s protokoll. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4698 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26.09.2010 14:05:22 mbam-log-2010-09-26 (14-05-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164637 Laufzeit: 28 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 4 Infizierte Dateien: 31 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> No action taken. HKEY_CLASSES_ROOT\rxtoolbar.tbinfo (Adware.RXToolbar) -> No action taken. HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 (Adware.RXToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar (Adware.RXToolbar) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\RXToolBar (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\HTML (Adware.RXToolbar) -> No action taken. Infizierte Dateien: C:\Programme\RXToolBar\CacheCatalog.rx (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\rx.xml (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\rxtoolbar.cfg (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\rxwebsearches.xsl (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\sfcont.bin (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\yahoo.xsl (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_NC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_verify2_&_src=ymNC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_verify2__done=http%3A%2F%2Fmessenger_yahoo_com%2Finvitefriends_php&_intl=usNC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_verify2__intl=us&_redir=ymmapi10&_clntymver=2005_1_1_12&_cldefstat=Def0&_src=ymNC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTmessenger_yahoo_com_ (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTwww_boattest_com (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTwww_evite_com (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTwww_google_de_ (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTwww_qklinkserver_com_activity_in_asp_bid=6900NC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTwww_sparkasse-ingolstadt_de_NC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\Cache\CTwww_srch-results_com_lm_imp_rxt_asp_si=19902&k=cruisers%20yachts300NC (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\additional.gif (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\additional_active.gif (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\background.jpg (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\blue_hr_horz.GIF (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\gray_hr_horz.GIF (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\thumbtack.gif (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\thumbtack_active.gif (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\graphics\thumbtack_click.gif (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\HTML\content.htm (Adware.RXToolbar) -> No action taken. C:\Programme\RXToolBar\HTML\main.htm (Adware.RXToolbar) -> No action taken. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken. C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken. nach dem bereinigen: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4698 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26.09.2010 14:07:47 mbam-log-2010-09-26 (14-07-47).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164637 Laufzeit: 28 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 4 Infizierte Dateien: 31 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rxtoolbar.tbinfo (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\HTML (Adware.RXToolbar) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\RXToolBar\CacheCatalog.rx (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\rx.xml (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\rxtoolbar.cfg (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\rxwebsearches.xsl (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\sfcont.bin (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\yahoo.xsl (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_NC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_verify2_&_src=ymNC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_verify2__done=http%3A%2F%2Fmessenger_yahoo_com%2Finvitefriends_php&_intl=usNC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CThttps___login_yahoo_com_config_login_verify2__intl=us&_redir=ymmapi10&_clntymver=2005_1_1_12&_cldefstat=Def0&_src=ymNC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTmessenger_yahoo_com_ (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTwww_boattest_com (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTwww_evite_com (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTwww_google_de_ (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTwww_qklinkserver_com_activity_in_asp_bid=6900NC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTwww_sparkasse-ingolstadt_de_NC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\Cache\CTwww_srch-results_com_lm_imp_rxt_asp_si=19902&k=cruisers%20yachts300NC (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\additional.gif (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\additional_active.gif (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\background.jpg (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\blue_hr_horz.GIF (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\gray_hr_horz.GIF (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\thumbtack.gif (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\thumbtack_active.gif (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\graphics\thumbtack_click.gif (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\HTML\content.htm (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\Programme\RXToolBar\HTML\main.htm (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Ich dachte das proplem sei weg aber der laptop spinnt immer noch. AUf meiner mobilen festpaltte habe ich auf einmal verzeichnisse gefunden die ich selber nicht angelgt habe. habe aber aus unwissenheit einfach mal gelöscht. Bin kein so große spezialist in diesen Sachen. Habe nur normale Anwenderkenntisse! Ich habe hier noch mals nachgelesen und mir dann HijackThis herunter geladen. Ein scann hat folgendes ergeben: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:38, on 27.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe C:\Programme\Softex\OmniPass\Omniserv.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TomTom HOME 2\TomTomHOMEService.exe C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\Programme\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\LG Software\On Screen Display\HotKey.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\LG Software\Battery Miser\batterymiser.exe C:\Programme\Softex\OmniPass\scureapp.exe C:\WINDOWS\system32\LGDMEBTN.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\bgsmsnd.exe C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\Wireless Flat Metal Keyboard\MagicKey.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Wireless Flat Metal Keyboard\OSD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Programme\Windows Live\Toolbar\wltuser.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\WinZip\WINZIP32.EXE C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\wz728c\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file) O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LG Intelligent Update] C:\Programme\lg_swupdate\autoupdate.exe Gilautouc O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Programme\LG Software\On Screen Display\HotKey.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [batterymiser] "C:\Programme\LG Software\Battery Miser\batterymiser.exe" O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [SRSTrayApp] C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O4 - Global Startup: Wireless Flat Metal Keyboard.lnk = C:\Programme\Wireless Flat Metal Keyboard\MagicKey.exe O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_11.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168953903828 O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - hxxp://www.o2c.de/download/o2cplayer.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Update Service (gupdate1c987df67677ee4) (gupdate1c987df67677ee4) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe O23 - Service: TomTomHOMEService - TomTom - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 14864 bytes Jetzt brauche ich bitte eure Hilfe. Bin am Ende da mir diese Protokolle auch nicht viel sagen. Kann jier jemand helfen bitte. Grüße Uwe |
|
28.09.2010, 10:53
| #2 |
| /// Malware-holic   | HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet bitte erstelle und poste ein combofix log.
__________________Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
28.09.2010, 19:38
| #3 |
| | HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet Hallo, habe alles wie in der Anleitung gemacht und das log File erstellt.
__________________Meine Güte ist das laaang. Combofix hat sich aber nicht exakt so verhalten wie im Tutorial beschrieben. Nach dem scannen hat es das system heruntergefahren und wieder gebootet. Dabei kam eine Windowsmeldung, dass eine Datei (Namen weiß ich nicht mehr)beschädigt sei und chkdsk durcheführt werden solle. Als sich dann der Laptop wieder gebootet hat hat kam auch das chkdsk gleich nach dem einschalten. Asl das alles fertig und der computer gebootet hat, der Desktop hergestellt hat combofix mir die Meldung gegeben, die log Datei sein in vorbereitung und ich solle warten. Dies hat ziemlich lange gedauert ca. 10 min bis das File Fertig war. Zudem kam noch eine Warmeldun ind einem Windowsfenster: An error has occured in the script of tis page Line 89 Char 4 Error: "BtnApply" is null or not an object Code: 0 URL: res:\\C:\Programme/Softex/Omnipass/secureapp.exe/2110/status.js SO aber das Log File: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-27.05 - Uwe 28.09.2010 19:25:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1022.310 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Uwe\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\Uwe\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf
c:\programme\Need2Find
c:\programme\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\programme\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\programme\Need2Find\bar\1.bin\N2PLUGIN.DLL
c:\programme\Need2Find\bar\1.bin\NPND2FN.DLL
c:\programme\Need2Find\bar\1.bin\PARTNER.DAT
c:\programme\Need2Find\bar\Cache\files.ini
c:\programme\Need2Find\bar\History\search
c:\programme\Need2Find\bar\Settings\prevcfg.htm
c:\windows\Fonts\acrsec.fon
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
c:\windows\TEMP\._msige52\GoogleEarth.exe
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\earthflashsol.exe
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\earthps.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\ge_expat.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\googleearth.exe
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\googleearth_free.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\gpsbabel.exe
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\libexpatw.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\msvcp80.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\msvcr80.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\client\wavdest.ax
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\earthps.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\ge_expat.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\geplugin.exe
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\googleearth_free.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\msvcp80.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\msvcr80.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\npgeplugin.dll
c:\windows\TEMP\._msige52\program files\Google\Google Earth\plugin\plugin_ax.dll
c:\windows\TEMP\3628\3.0.195.32\Installer\setup.exe
c:\windows\TEMP\3628\3.0.195.32\Locales\ar.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\bg.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\bn.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ca.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\cs.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\da.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\de.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\el.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\en-GB.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\en-US.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\es-419.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\es.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\et.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\fi.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\fil.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\fr.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\gu.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\he.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\hi.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\hr.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\hu.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\id.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\it.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ja.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\kn.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ko.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\lt.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\lv.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ml.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\mr.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\nb.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\nl.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\or.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\pl.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\pt-BR.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\pt-PT.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ro.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ru.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\sk.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\sl.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\sr.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\sv.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\ta.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\te.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\th.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\tr.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\uk.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\vi.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\zh-CN.dll
c:\windows\TEMP\3628\3.0.195.32\Locales\zh-TW.dll
c:\windows\TEMP\6853\3.0.195.27\Installer\setup.exe
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\chrome.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\gears.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\icudt38.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ar.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\bg.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\bn.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ca.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\cs.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\da.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\de.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\el.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\en-GB.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\en-US.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\es-419.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\es.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\et.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\fi.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\fil.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\fr.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\gu.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\he.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\hi.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\hr.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\hu.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\id.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\it.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ja.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\kn.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ko.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\lt.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\lv.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ml.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\mr.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\nb.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\nl.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\or.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\pl.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\pt-BR.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\pt-PT.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ro.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ru.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\sk.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\sl.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\sr.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\sv.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\ta.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\te.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\th.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\tr.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\uk.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\vi.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\zh-CN.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Locales\zh-TW.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\rlz.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\2.0.172.43\Themes\default.dll
c:\windows\TEMP\chrome_4772\source\Chrome-bin\chrome.exe
c:\windows\TEMP\chrome_4772\source\Chrome-bin\wow_helper.exe
c:\windows\TEMP\CR_30.tmp\setup.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-28 bis 2010-09-28 ))))))))))))))))))))))))))))))
.
2010-09-26 11:35 . 2010-09-26 11:35 -------- d-----w- c:\dokumente und einstellungen\Uwe\Anwendungsdaten\Malwarebytes
2010-09-26 11:35 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-26 11:35 . 2010-09-26 11:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-26 11:34 . 2010-09-26 11:35 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-09-26 11:34 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-26 09:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-25 16:12 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-25 16:12 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-25 16:12 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-09-25 16:12 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-25 16:00 . 2010-09-25 16:00 -------- d-----w- C:\found.002
2010-09-25 13:51 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-09-25 13:47 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-09-25 13:46 . 2008-04-21 21:13 217600 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-09-25 07:59 . 2008-04-14 05:53 73796 ------w- c:\windows\system32\slserv.exe
2010-09-25 07:59 . 2008-04-14 05:53 32866 ------w- c:\windows\system32\slrundll.exe
2010-09-25 07:59 . 2008-04-14 05:52 73832 ------w- c:\windows\system32\slcoinst.dll
2010-09-25 07:59 . 2008-04-14 05:52 286792 ------w- c:\windows\system32\slextspk.dll
2010-09-25 07:59 . 2008-04-14 05:52 188508 ------w- c:\windows\system32\slgen.dll
2010-09-25 07:59 . 2008-04-14 05:52 53248 ------w- c:\windows\system32\tsgqec.dll
2010-09-25 07:59 . 2008-04-14 05:52 50688 ------w- c:\windows\system32\tspkg.dll
2010-09-25 07:59 . 2008-04-14 05:53 32866 ------w- c:\windows\slrundll.exe
2010-09-24 21:17 . 2010-09-24 21:17 -------- d-----w- C:\found.001
2010-09-24 19:45 . 2010-09-25 07:59 -------- d-----w- c:\windows\system32\de
2010-09-24 19:45 . 2010-09-25 07:59 -------- d-----w- c:\windows\system32\bits
2010-09-24 19:32 . 2007-08-10 18:44 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-09-24 19:21 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-24 19:20 . 2010-02-12 04:33 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-09-24 19:19 . 2009-10-12 13:38 79872 ----a-w- c:\windows\system32\raschap.dll
2010-09-22 20:37 . 2010-09-22 20:37 -------- d-----w- C:\found.000
2010-09-22 18:21 . 2010-09-22 18:21 -------- d-----w- c:\dokumente und einstellungen\Uwe\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-09-22 17:38 . 2010-09-22 17:38 -------- d-----w- C:\spoolerlogs
2010-09-16 14:48 . 2010-09-16 14:48 850448 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-16 14:47 . 2010-09-16 14:47 850520 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\updater.dll
2010-09-06 05:18 . 2010-09-06 05:15 185640 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\finishPlugin.dll
2010-09-06 05:18 . 2010-09-06 05:18 56765 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-06 05:18 . 2010-09-06 05:18 56997 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
2010-09-06 05:18 . 2010-09-06 05:18 53600 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
2010-09-06 05:18 . 2010-09-06 05:18 57691 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Player\Uninstaller.exe
2010-09-06 05:17 . 2010-09-06 05:17 54153 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DFXPlugin\Uninstaller.exe
2010-09-03 23:28 . 2010-09-06 05:15 144696 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 18:01 . 2007-03-30 18:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-09-28 17:59 . 2009-02-05 22:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2010-09-25 16:26 . 2006-09-25 19:16 459688 ----a-w- c:\windows\system32\perfh007.dat
2010-09-25 16:26 . 2006-09-25 19:16 84796 ----a-w- c:\windows\system32\perfc007.dat
2010-09-24 21:49 . 2006-09-26 13:11 28048 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-09-24 21:43 . 2006-09-25 19:27 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-22 17:33 . 2006-12-24 13:36 -------- d-----w- c:\programme\Google
2010-09-17 18:36 . 2009-11-22 11:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip
2010-09-14 05:01 . 2009-09-25 05:03 -------- d-----w- c:\programme\Microsoft Silverlight
2010-09-12 06:19 . 2006-12-24 13:12 -------- d-----w- c:\programme\Opera
2010-09-06 05:25 . 2010-05-15 15:49 57344 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-06 05:18 . 2010-05-15 15:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
2010-09-06 05:18 . 2006-12-25 12:45 -------- d-----w- c:\programme\DivX
2010-09-06 05:15 . 2010-05-15 15:48 1062184 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll
2010-09-06 05:15 . 2010-05-15 15:48 850200 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
2010-08-27 15:15 . 2010-08-27 15:15 170584 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-27 15:15 . 2010-08-27 15:15 340520 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 13:17 . 2010-09-24 19:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 17:41 . 2006-09-25 19:15 1024 ----a-w- c:\windows\system32\wjes3k8.dll
2010-08-09 17:41 . 2006-09-25 19:15 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-08-09 17:41 . 2006-09-25 19:15 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-08-09 17:41 . 2006-09-25 19:15 1024 ----a-w- c:\windows\system32\clauth2.dll
2010-08-09 17:41 . 2006-09-25 19:15 1024 ----a-w- c:\windows\system32\clauth1.dll
2010-08-09 17:41 . 2010-08-09 17:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\VertusTech
2010-07-31 14:00 . 2010-05-03 17:56 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-31 13:58 . 2010-05-03 17:56 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-22 15:48 . 2010-09-24 19:19 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2002-08-27 16:57 . 2007-01-05 14:19 65974 ----a-w- c:\programme\viewsonicinstruct_xp.pdf
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\programme\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\programme\opera\program\plugins\ssldivx.dll
2010-04-23 06:08 . 2008-03-16 12:20 71712 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-23 06:08 . 2008-03-16 12:20 3105568 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\atapi.sys
[-] 2006-03-24 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\asyncmac.sys
[-] 2006-03-24 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2006-03-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-03-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\kbdclass.sys
[-] 2006-03-24 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ndis.sys
[-] 2006-03-24 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2006-03-24 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2006-03-24 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
[-] 2006-03-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-03-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\browser.dll
[-] 2006-03-24 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\lsass.exe
[-] 2006-03-24 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\netman.dll
[-] 2006-03-24 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2005-08-22 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 19D9B6B139F09A72AE71758BDF28308E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\qmgr.dll
[-] 2006-03-24 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe
[-] 2006-03-24 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-03-24 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2006-03-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\cryptsvc.dll
[-] 2006-03-24 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\imm32.dll
[-] 2006-03-24 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\linkinfo.dll
[-] 2006-03-24 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2005-09-01 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\lpk.dll
[-] 2006-03-24 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2006-03-24 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2006-03-24 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2006-03-24 12:00 . E826A484EDE25C3AE19F1B8086511F4B . 267536 . . [4.20.6201] . . c:\windows\I386\WIN9XUPG\MSVCRT.DLL
[7] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\netlogon.dll
[-] 2006-03-24 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389$\netlogon.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\powrprof.dll
[-] 2006-03-24 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\scecli.dll
[-] 2006-03-24 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sfc.dll
[-] 2006-03-24 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\svchost.exe
[-] 2006-03-24 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\tapisrv.dll
[-] 2006-03-24 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2005-07-08 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2006-03-24 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 3751D7CF0E0A113D84414992146BCE6A . 578560 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe
[-] 2006-03-24 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ws2_32.dll
[-] 2006-03-24 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ws2help.dll
[-] 2006-03-24 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\explorer.exe
[-] 2007-06-13 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-03-24 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ole32.dll
[-] 2006-03-24 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-07-26 . CC50261CA5DC93A47D6CF548C4223F44 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . 24EDF93FD04CA1A98D32F092DD4F9953 . 1286144 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . D3653209882B5645223B1EA958EEE3A6 . 1286656 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 9752FA23CE81D3A2BD2125F40C24A723 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\srsvc.dll
[-] 2006-03-24 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\wscntfy.exe
[-] 2006-03-24 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\xmlprov.dll
[-] 2006-03-24 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\eventlog.dll
[-] 2006-03-24 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\sfcfiles.dll
[-] 2006-03-24 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ctfmon.exe
[-] 2006-03-24 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\shsvcs.dll
[-] 2006-12-19 . 521A4CB71CC419FDF60DB83E7308AE2B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . B5B37E7C51A551F60A1254E63C878FA9 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2006-03-24 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\regsvc.dll
[-] 2006-03-24 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\schedsvc.dll
[-] 2006-03-24 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ssdpsrv.dll
[-] 2006-03-24 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\termsrv.dll
[-] 2006-03-24 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll
[-] 2005-03-10 . A0E72E14B0E12B9AA3648FDB31BDE332 . 297472 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\appmgmts.dll
[-] 2006-03-24 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2006-03-24 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\agp440.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ip6fw.sys
[-] 2006-03-24 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-14 05:52 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 05:52 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\mfc40u.dll
[-] 2006-11-01 19:17 . B80F1D82969BD31392F1867936E96448 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2006-03-24 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\msgsvc.dll
[-] 2006-03-24 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2006-03-24 12:00 . 5FDCCC838CD95F61097D8A637F842AA8 . 25600 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-08-03 16:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2008-04-14 05:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 05:52 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ntmssvc.dll
[-] 2006-03-24 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\upnphost.dll
[-] 2007-02-05 . 5C686B95470AC24E133AB4DAC4639A6C . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 855790C1BACED245A6B210AF430ED17B . 185856 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2006-03-24 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\dsound.dll
[-] 2006-03-24 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\d3d9.dll
[-] 2006-03-24 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\ddraw.dll
[-] 2006-03-24 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2008-04-14 05:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 05:52 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\olepro32.dll
[-] 2006-03-24 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\perfctrs.dll
[-] 2006-03-24 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\version.dll
[-] 2006-03-24 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRSTrayApp"="c:\programme\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe" [2006-02-09 176128]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-04 67128]
"LogitechSoftwareUpdate"="c:\programme\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"LG Intelligent Update"="c:\programme\lg_swupdate\autoupdate.exe" [2008-06-20 126976]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-06-02 786521]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"KeybdUtility"="c:\programme\LG Software\On Screen Display\HotKey.exe" [2006-09-25 2711552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-07 7569408]
"nwiz"="nwiz.exe" [2006-04-07 1519616]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-26 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-26 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-27 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"batterymiser"="c:\programme\LG Software\Battery Miser\batterymiser.exe" [2006-09-29 327680]
"OmniPass"="c:\programme\Softex\OmniPass\scureapp.exe" [2006-01-08 1847296]
"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-09-14 94208]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"bgsmsnd.exe"="c:\windows\system32\bgsmsnd.exe" [2007-11-19 160136]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-27 340520]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-4-4 67128]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2006-12-30 528384]
WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK.EXE [2010-4-5 494920]
Wireless Flat Metal Keyboard.lnk - c:\programme\Wireless Flat Metal Keyboard\MagicKey.exe [2007-2-17 172032]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-09-29 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-08 06:36 49152 ----a-w- c:\programme\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\dokumente und einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
"BrMfcWnd"=c:\programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programme\\Shareaza\\Shareaza.exe"=
"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Opera\\opera.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [17.02.2007 16:46 11886]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [09.02.2006 11:17 31744]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]
R3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [20.12.2006 15:01 75648]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.10.2009 18:39 19472]
R3 LGDMEBTN;LG Direct Media Button Device Driver;c:\windows\system32\drivers\LGDMEBTN.sys [26.09.2006 11:19 15616]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [09.02.2006 11:17 20608]
S2 gupdate1c987df67677ee4;Google Update Service (gupdate1c987df67677ee4);c:\programme\Google\Update\GoogleUpdate.exe [06.02.2009 00:16 133104]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [27.09.2006 11:32 36352]
S3 lgodd_filter;lgodd_filter;c:\windows\system32\drivers\lgodd_filter.sys --> c:\windows\system32\drivers\lgodd_filter.sys [?]
.
Inhalt des "geplante Tasks" Ordners
2010-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 20:15]
2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-05 22:16]
2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-05 22:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.de/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/o2cplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\Uwe\Anwendungsdaten\Mozilla\Firefox\Profiles\91euyfnv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-HijackThis - c:\dokumente und einstellungen\Uwe\Lokale Einstellungen\Temp\wz728c\HijackThis.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-28 20:00
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\Ati2evxx.dll
c:\programme\Softex\OmniPass\opxpgina.dll
- - - - - - - > 'explorer.exe'(1152)
c:\programme\Softex\OmniPass\SCUREDLL.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\MSVCP71.dll
c:\programme\LG Software\Battery Miser\McIdle.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
c:\programme\Softex\OmniPass\Omniserv.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\programme\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\LGDMEBTN.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
c:\programme\Logitech\Video\FxSvr2.exe
c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
c:\programme\Microsoft ActiveSync\WCESCOMM.EXE
c:\programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
c:\programme\Wireless Flat Metal Keyboard\OSD.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-28 20:17:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-28 18:16
Vor Suchlauf: 19 Verzeichnis(se), 46.464.958.464 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 48.664.502.272 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - BA45B71CFFC24E84F3609EE6631140BD
Und was soll ich jetzt machen? Ich habe noch eine externe Festplatte, die ich aber vorsichtshalber nicht angesteckt habe beim scannen und auch solange weglassen werde bis alles sauber ist. |
|
28.09.2010, 19:53
| #4 |
| /// Malware-holic | HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet bitte Malwarebytes updaten, komplett scan starten, funde löschen, log posten. |
|
28.09.2010, 21:16
| #5 |
| | HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet Hier ist das Log von Malwarebytes, Hat nichts gefunden! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4698 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28.09.2010 22:15:10 mbam-log-2010-09-28 (22-15-10).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 156349 Laufzeit: 27 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
29.09.2010, 11:01
| #6 |
| /// Malware-holic | HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet upgrade bitte auf kaspersky 2011 und scanne. |
|
| Themen zu HEUR:Trojan.Win32.Generic ....hat sich hartnäckig eingenistet |
| adobe, ask toolbar, bho, booten, browser, desktop, einstellungen, explorer, google, helper, heur, heur:, heur:trojan.win32.generic, hijack, hijackthis, hkus\s-1-5-18, home, kaputt, laptop spinnt, launch, monitor, plug-in, rundll, security, software, system, tastatur, temp, trojan.win32.generic, virus, vodafone, windows, windows xp, öffnet |
Linear-Darstellung
