Log-File Analyse benötigt
 

Hallo,

mein PC wird momentan von etlichen Viren, Würmer, Trojaner usw. überflutet...

Konnte einige schon elemenieren, jedoch bestehen weitere Probleme.
Meine CPU-Auslastung variiert periodisch alle 30 Sekunden zwischen 3% und 100%. Auslöser ist dafür einer meinei fünf svchhost.exe Dateien.
Hab schon etliche Virenscanner durchlaufen lassen, jedoch wurde das Problem bisher nicht behoben.

Desshalb wende ich mich jetzt verzeifelt an euch.

Hier das Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:43, on 05.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Opera\Opera.exe
C:\Programme\Java\jre1.5.0_09\bin\jucheck.exe
C:\Programme\Trillian\trillian.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\procexp.exe
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = h**p://www.google.de/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [helpefa] C:\WINDOWS\System32\helpefa\sychost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AS00_Netgear] C:\Programme\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Programme\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - h**p://www.emusic.com?fref=149133 (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://de7.hpwis.com
O16 - DPF: WebWorks Help 3.0 - file://F:\Documentation\WebDoc\wwhelp3.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://h**p://messenger.zone.msn.com...t.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxyz.mht!http://h**p://hitcounter.ath.cx/loud...bridge-c32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F7} (Flatcast Viewer 4.10) - h**p://www.1mal1.com/flatcast/NpFv410.dll
O16 - DPF: {788A7678-38D7-4EEC-9D20-67A86D21A7FD} (Webupdate Control) - h*+p://www.jessy.nu/de/webupdate.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - h**p://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://h**p://www.pandasoftware.com/...as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - h**p://www.moviegroup.tv/activex/DownloadMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - h**p://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h*+p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - h**p://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 8679 bytes




Gruß
Helixx

Hi,

ich kann nichts Aufschlussreiches in deinem Log erkennen
(Kann aber auch an meinem Ersatz-15-Zoll-Monitor liegen :crazy:)
Erstelle mal bitte ein escan nach Anleitung und poste das Ergebnis.

mfg Cleriker

Den escan kannst du dir vermutlich sparen. Werte bitte

C:\WINDOWS\System32\windll32.exe
C:\WINDOWS\System32\helpefa\sychost.exe

bei virustotal.com aus und poste die Ergebnisse inkl. HASH-Angaben und Dateigröße. Gruß

*an-die-Ommel-klatsch*:rolleyes:
svchost --> y=v
>>>Also doch der Monitor :lach:

Hallo ihr Beiden,

danke für die Antworten.

Also ich hab jetzt kein escan gemacht.

Ich finde jedoch leider auch nicht die beiden Datein:
C:\WINDOWS\System32\windll32.exe
C:\WINDOWS\System32\helpefa\sychost.exe

Hab schon unter Ordneroption alles eingestellt, um Systemdateien sichbar zu machen, ebenso die Windowsuche benutzt. Leider ohne Erfolg.
Auch ein Kumpel von mir findet die Datein nicht auf seinem Rechner.

Soll ich die beiden Dateien jetzt per hijackthis fixen?

Gruß
Helixx

Ja dass der Kumpel die nicht findet ist normal, das es sehrwahrscheilich Schädlinge und KEINE Windows-Systemdateien sind!
Kopiere bei Virustotal einfach diese Pfade nacheinander ein:
und klicke nach jedem auf senden!

Hallo .::|||::. (was für ein Nick ;) ),

leider war ich etwas Voreilig und habe die beiden Dateinen jetzt mit hijackthis gefixt...

Versuche dennoch die Datei auf virustotal.com hochzuladen. Das dauert jetzt aber schon 30 Minuten...kann mir nicht vorstellen, dass das normalerweise auch so lange dauert (hab DSL2000).

Bin ich durch mein voreiliges Handeln nun aufgeschmissen?

Denn meine CPU-Auslastung schwanckt immer noch periodisch zwische 3% und 100% trotz Neustart nach dem fixen.

Gruß
Helixx

Hallo

Weil du die Einträge im Hijackthis gelöscht/gefixt hast sind die Dateien trotzdem noch vorhanden, wenn Virustotal nicht hinhaut versuch es mal hier VirSCAN.org - The Multi-Engine Virus Scanner v1.00 Beta,Support 31 AntiVirus Engine, Last Update(070904)
mit der Überprüfung der Dateien.

MFG

Hallo nochdigger,

leider lässt sich die Datei bei VirSCAN.org auch nicht hochladen.
Die Seite reagiert nicht mal, wenn ich auf upload klicke. Hab das mit einer vorhandenen Datei probiert und da klappt es.
Es ist so, als wären die beiden verdächtigen Datein nicht mehr auf dem Rechner.

Gruß
Helixx

Also, wenn virscan.org eine Datei nicht findet, kommt folgende Meldung:
Das heisst, die Dateien müssen noch auf deinem System sein!
Kannst du in Safemode (mit Netzwerktreibern) die Datei uploaden?
Oder ist sie in Safemode gar vorhanden?
Dass die Datei für den Upload zu gross ist, bezweifle ich!
Also ist da irgendeine höhere Macht am Werk, die dich davon abhalten will, die Datei zu uploaden!^^

Javascript aktiviert? Gilt für beide online-scaner ;)

Also ich befinde mich jetzt im abgesicherten Modus.
Aber es taucht das gleiche Problem auf. Kann auf beiden Seiten die beiden Dateien nicht hochladen.

Ich hab mal eine x-beliebige vorhandene Datei genommen, die kann ich problemlos hochladen.
Am Javascript wirds wohl dann nicht liegen.

Bin recht ratlos :(

Edit: Die Datein sind leider auch nicht im abgesicherten Modus im entsprechenden Verzeichnis wiederzufinden.

Dann versuche folgendes:
Anleitung Avenger:

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

http://virus-protect.org/artikel/bilder/avanger.png

2.) Klicke nun auf die Option „Input Script manually“ -> klicke jetzt auf die Lupe und kopiere folgenden Text rein:
3.) Klicke nun auf die „grüne Ampel“, das Script fängt an zu arbeiten.

http://virus-protect.org/artikel/bilder/avenger4.png

4.) Danach das System unverzüglich neu starten lassen
5.) Gehe in den Ordner c:\avenger. Dort findest du im Idealfall ein gezipptes Backup. Entzippe und versuche erneut den upload beider Dateien aus dem Archiv.
6.)Poste ausserdem den Inhalt der C:\avenger.txt

(7. Der vermutlich schnellere, auf jeden Fall aber sicherere Weg wäre das Neuaufsetzen - zu 99% rate ich dir das auch nach der Dateiauswertung) Gruß

Erstmal Danke für die aufführliche Antwort.

Hab alles Punkte abgearbeitet.

Hab das gezipptes Backup gefunden und entzippt (war ausser einer Backup.reg Datei nix drin).
Wie meinst du das mit dem "aus dem Archiv" uploaden?
Hab ja überhaupt keine Datein entzippt, die ich hochladen könnte. (Ausser der Backup.reg Datei)

Ausserdem ist meine avenger.txt-Datei leider leer. Da steht nix drin.

Gruß
Helixx

:confused: Ist für mich ne Premiere. Ok, dann wirds viel Text:

1. Filelist

1. Lade das filelist.zip auf deinen Desktop herunter.
2. Entpacke die Zip-Datei auf deinen Desktop (mit WINZIP), öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei
3. Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
4. Markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese Dateien in deinem nächsten Beitrag ein.

Dies sind die Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen:
Verzeichnis von C:\
Verzeichnis von C:\WINDOWS\system32
Verzeichnis von C:\WINDOWS
Verzeichnis von C:\WINDOWS\Prefetch (Windows XP)
Verzeichnis von C:\WINDOWS\tasks
Verzeichnis von C:\WINDOWS\Temp
Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp

2. Silentrunners Logfile

-Lade dir das Tool -> Silentrunners
-Entpacke das Script in einen Ordner deiner Wahl
-Doppelklick auf -> Silent Runners -> Option Supplementary Searches auswählen
-System wird nun überprüft, nach Beendigung wird eine Log-Datei erstellt
(Dein Antiviren-Scanner könnte eine Meldung wegen „bösartigem Script“
erstellen, ignoriere dieses und arbeite weiter!)
-Dann öffne die Silent Runners xxx.txt mit einem Editor und kopiere den gesamten Inhalt ab und füge ihn in einen Beitrag ein.
(Strg+A markieren -> Strg+C kopieren -> Strg+V einfügen)

3. Versuchskaninchen Helixx :D
- lade dir von sysinternals die tools Sigcheck, Handle, ListDlls
- entpacke die drei Archive und kopiere Sigcheck.exe, Handle.exe, ListDlls.exe jeweils ins Rootverzeichnis C:\
- lade dir sig.bat
- starte die sig.bat durch Doppelklick und poste das log sig.txt
- während der batch versucht sigcheck.exe Kontakt ins Internet aufzunehmen, gib diesen bitte bei der Firewall frei

Mal kucken, Gruß

Hallo,

also:

1. Filelist


Verzeichnis von C:\

06.09.2007 11:47 536.403.968 hiberfil.sys
06.09.2007 11:47 803.209.216 pagefile.sys
05.09.2007 23:55 0 avenger.txt
04.09.2007 14:01 15.998 PANDA.RPT
08.08.2007 11:40 45 TEST.XML


Verzeichnis von C:\WINDOWS\system32

06.09.2007 11:48 1.170 wpa.dbl
05.09.2007 23:53 210 anjctkkf.txt
04.09.2007 11:28 402.406 perfh009.dat
04.09.2007 11:28 63.016 perfc009.dat
04.09.2007 11:28 75.868 perfc007.dat
04.09.2007 11:28 416.982 perfh007.dat
04.09.2007 11:28 970.772 PerfStringBackup.INI
30.08.2007 02:09 249.852 TZLog.log
09.08.2007 14:59 160.344 FNTCACHE.DAT
03.08.2007 06:34 16.789.464 MRT.exe


Verzeichnis von C:\WINDOWS

06.09.2007 11:50 1.110.428 WindowsUpdate.log
06.09.2007 11:48 0 0.log
06.09.2007 11:48 4.210 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
06.09.2007 11:47 2.048 bootstat.dat
06.09.2007 01:16 32.626 SchedLgU.Txt
05.09.2007 23:07 413.254 ntbtlog.txt
05.09.2007 14:34 26 Lic.xxx
04.09.2007 19:31 332.911 setupapi.log
02.09.2007 16:59 54.156 QTFont.qfn
31.08.2007 13:37 169 RtlRack.ini
31.08.2007 01:01 43 gswin32.ini
30.08.2007 21:09 3.018 ie7Uninst.log
30.08.2007 21:09 197.988 iis6.log
30.08.2007 21:09 485.997 tsoc.log
30.08.2007 21:09 391.362 comsetup.log
30.08.2007 21:09 237.017 ntdtcsetup.log
30.08.2007 21:09 1.374 imsins.log
30.08.2007 21:09 56.436 ocmsn.log
30.08.2007 21:08 614.099 ocgen.log
30.08.2007 21:08 62.141 msgsocm.log
30.08.2007 21:08 1.248.663 FaxSetup.log
30.08.2007 20:52 32 album.ini
30.08.2007 20:52 1.766 pstudio.ini
30.08.2007 02:09 1.374 imsins.BAK
30.08.2007 02:09 21.648 KB933360.log
29.08.2007 22:25 14.667 wmsetup.log
29.08.2007 21:07 157 wiadebug.log
29.08.2007 21:07 50 wiaservc.log
15.08.2007 08:34 40.452 spupdsvc.log
15.08.2007 01:25 17.512 KB936021.log
15.08.2007 01:25 77.512 updspapi.log
15.08.2007 01:25 16.691 KB938828.log
15.08.2007 01:25 16.839 KB921503.log
15.08.2007 01:25 16.635 KB938829.log
15.08.2007 01:23 21.891 KB937143-IE7.log
15.08.2007 01:23 11.579 KB938127-IE7.log
15.08.2007 01:22 284.252 msxml4-KB936181-deu.LOG
15.08.2007 01:22 8.264 KB936782.log
07.08.2007 19:30 86.469 War3Unin.dat
07.08.2007 19:13 2.829 War3Unin.pif
07.08.2007 19:13 139.264 War3Unin.exe
06.08.2007 14:39 57 sierra.ini


Verzeichnis von C:\WINDOWS\Prefetch

06.09.2007 11:51 12.242 FIND.EXE-0EC32F1E.pf
06.09.2007 11:51 12.074 CMD.EXE-087B4001.pf
06.09.2007 11:51 21.962 REALPLAY.EXE-39F79CBD.pf
06.09.2007 11:51 13.754 REALSCHED.EXE-0A2A7558.pf
06.09.2007 11:50 30.354 WINZIP32.EXE-335422C1.pf
06.09.2007 11:49 82.794 CLI.EXE-02B0DB56.pf
06.09.2007 11:49 36.832 WUAUCLT.EXE-399A8E72.pf
06.09.2007 11:48 40.400 WGATRAY.EXE-0ED38BED.pf
06.09.2007 11:48 20.954 ALG.EXE-0F138680.pf
06.09.2007 11:48 44.842 VIDEOACCELERATOR.EXE-086DB66B.pf
06.09.2007 11:48 27.616 WMIPRVSE.EXE-28F301A9.pf
06.09.2007 11:48 70.694 OPERA.EXE-24550E7A.pf
06.09.2007 11:48 19.454 IMAPI.EXE-0BF740A4.pf
06.09.2007 11:48 19.094 WMIAPSRV.EXE-1E2270A5.pf
06.09.2007 11:48 788.134 NTOSBOOT-B00DFAAD.pf
06.09.2007 01:15 18.802 LOGONUI.EXE-0AF22957.pf
06.09.2007 00:43 107.254 IEXPLORE.EXE-2CA9778D.pf
06.09.2007 00:09 88.664 TRILLIAN.EXE-302642F0.pf
06.09.2007 00:06 16.250 VERCLSID.EXE-3667BD89.pf
06.09.2007 00:05 32.986 JUCHECK.EXE-088F15E6.pf
06.09.2007 00:04 19.600 NOTEPAD.EXE-336351A9.pf
05.09.2007 23:57 28.090 TASKMGR.EXE-20256C55.pf
05.09.2007 22:37 77.182 SPYBOTSD.EXE-1D495A65.pf
05.09.2007 22:36 60.424 SDUPDATE.EXE-30CF90C0.pf
05.09.2007 22:36 65.548 TEATIMER.EXE-38E505A8.pf
05.09.2007 22:35 28.904 NTVDM.EXE-1A10A423.pf
05.09.2007 22:35 26.164 REGSVR32.EXE-25EEFE2F.pf
05.09.2007 22:35 25.704 IS-HIL2E.TMP-3837989C.pf
05.09.2007 22:35 16.766 SPYBOTSD15.EXE-28366C21.pf
05.09.2007 22:35 75.654 MWAV.EXE-321FB274.pf
05.09.2007 21:17 13.834 RUNDLL32.EXE-451FC2C0.pf
05.09.2007 21:12 33.992 AVGNT.EXE-36CA4640.pf
05.09.2007 21:10 46.038 UPDATE.EXE-13D57D76.pf
05.09.2007 21:10 15.484 PREUPD.EXE-358AA1C1.pf
05.09.2007 20:12 26.964 HIJACKTHIS.EXE-03F7DA01.pf
05.09.2007 19:01 322.234 Layout.ini
05.09.2007 18:34 32.400 MIRC.EXE-1790D1F8.pf
05.09.2007 18:34 14.922 AGENTSVR.EXE-002E45AB.pf
05.09.2007 15:41 16.850 LOGON.SCR-151EFAEA.pf
05.09.2007 14:34 21.952 MWAVL.EXE-33D3DEBA.pf
05.09.2007 12:43 24.376 GUARDGUI.EXE-1BD45C30.pf
05.09.2007 12:06 76.594 PROCEXP.EXE-20C4CBF9.pf
04.09.2007 21:11 59.082 AVNOTIFY.EXE-22AE9451.pf
04.09.2007 19:17 29.900 WSCNTFY.EXE-1B24F5EB.pf
04.09.2007 12:20 72.400 DWWIN.EXE-30875ADC.pf
04.09.2007 12:17 110.120 WINAMP.EXE-08C38ED9.pf
04.09.2007 10:57 67.572 HL.EXE-17B410E2.pf
04.09.2007 00:02 68.466 DFRGNTFS.EXE-269967DF.pf
04.09.2007 00:02 17.662 DEFRAG.EXE-273F131E.pf
30.08.2007 11:27 81.218 FIREFOX.EXE-1D57670A.pf


Verzeichnis von C:\WINDOWS\tasks

06.09.2007 11:47 6 SA.DAT


Verzeichnis von C:\WINDOWS\temp

06.09.2007 11:48 108 teredo.txt
06.09.2007 11:48 409 WGANotify.settings
06.09.2007 11:47 255 WGAErrLog.txt
05.09.2007 21:10 0 UpdF3.tmp
04.09.2007 21:10 0 Upd3D.tmp
04.09.2007 11:09 0 Upd1B9.tmp
04.09.2007 11:09 0 Upd1B8.tmp
03.09.2007 21:10 0 Upd225.tmp
02.09.2007 21:10 0 Upd23B.tmp
01.09.2007 21:10 0 Upd2AB.tmp
31.08.2007 21:10 0 Upd364.tmp
30.08.2007 21:10 0 UpdD1.tmp
29.08.2007 21:10 0 Upd2E4.tmp
28.08.2007 21:10 0 Upd8C.tmp
27.08.2007 21:10 0 Upd7F.tmp
26.08.2007 21:10 0 Upd34.tmp
23.08.2007 10:27 0 Upd33.tmp
22.08.2007 09:51 0 Upd32.tmp
21.08.2007 09:51 0 Upd31.tmp
20.08.2007 09:28 0 Upd30.tmp
19.08.2007 00:28 0 Upd37.tmp
18.08.2007 00:29 0 Upd2F.tmp
17.08.2007 00:27 0 Upd7C.tmp
16.08.2007 02:29 5.012 ASPNETSetup_00002.log
16.08.2007 02:27 5.012 ASPNETSetup_00001.log
16.08.2007 02:24 5.012 ASPNETSetup_00000.log
16.08.2007 00:27 0 UpdF5.tmp
15.08.2007 00:27 0 Upd1D4.tmp
14.08.2007 00:27 0 Upd2E.tmp
13.08.2007 00:27 0 Upd2D.tmp
11.08.2007 22:33 0 UpdAD.tmp
10.08.2007 22:33 0 UpdB5.tmp
09.08.2007 22:33 0 Upd66.tmp
08.08.2007 22:33 0 Upd2C.tmp
07.08.2007 22:32 0 Upd2B.tmp
06.08.2007 22:32 0 Upd2A.tmp
06.08.2007 12:45 0 Upd29.tmp
05.08.2007 22:32 0 Upd28.tmp
05.08.2007 22:31 15.051 NetFxUpdate_v1.0.3705.log


Verzeichnis von C:\DOKUME~1\*****~1\LOKALE~1\Temp

06.09.2007 11:51 142.920 filelist.txt
06.09.2007 11:49 0 Perflib_Perfdata_c4c.dat
06.09.2007 11:49 16.384 Perflib_Perfdata_bf4.dat
06.09.2007 11:47 16.384 Perflib_Perfdata_258.dat
06.09.2007 11:47 16.384 ~DFDF8F.tmp
06.09.2007 00:04 410.335 jusched.log
05.09.2007 23:55 16.384 Perflib_Perfdata_2b8.dat
05.09.2007 23:54 0 backup.reg
05.09.2007 19:50 3.261 mirc.ini
05.09.2007 18:34 167 servers.ini
05.09.2007 18:34 63 perform.ini
05.09.2007 17:37 8.351 hijackthis.log
05.09.2007 14:34 9.245 MWAV.LOG
05.09.2007 14:34 196 sfdb.dat
05.09.2007 14:34 884 mwXface.log
05.09.2007 14:34 206 MWAVC.LOG
05.09.2007 14:34 626.688 msvcr80.dll
05.09.2007 14:34 548.864 msvcp80.dll
05.09.2007 14:34 241.664 MYDB.DLL
05.09.2007 13:28 91.778 kl-install-2007-09-05-13-28-01.log
05.09.2007 13:28 55.830 caevents.log
05.09.2007 13:28 2.688 KLeaner.log
05.09.2007 09:54 33.887 fa.avc
05.09.2007 09:54 26.373 avp.klb
05.09.2007 09:54 18.763 ext009.avc
05.09.2007 09:54 1.795 daily-ex.avc
05.09.2007 09:54 41.539 daily.avc
05.09.2007 09:54 65.394 unp035.avc
05.09.2007 09:54 45.954 unp038.avc
05.09.2007 09:54 48.871 base091.avc
05.09.2007 09:54 50.807 unp005.avc
05.09.2007 09:54 24.251 base151.avc
05.09.2007 09:54 49.223 base037.avc
05.09.2007 09:54 49.316 base055.avc
05.09.2007 09:54 49.107 base059.avc
05.09.2007 09:54 48.563 base010.avc
05.09.2007 09:54 527 daily-ec.avc
05.09.2007 09:54 48.882 base011.avc
05.09.2007 09:54 34.042 base045c.avc
05.09.2007 09:54 34.673 ext004c.avc
05.09.2007 09:54 4.453 dailyc.avc
05.09.2007 09:54 49.889 base037c.avc
05.09.2007 09:54 50.070 base044c.avc
05.09.2007 09:54 22.586 fa001.avc
05.09.2007 09:54 32.013 krnexe.avc
05.09.2007 04:10 43.520 setpriv.exe
05.09.2007 03:53 166.400 esupdate.exe
05.09.2007 03:44 122.880 avpmhook.dll
05.09.2007 01:49 38.912 unregx.exe
05.09.2007 01:39 1.949.696 msvl64.dll
05.09.2007 01:20 426.560 mwavscan.com
05.09.2007 01:20 426.560 mexe.com
05.09.2007 01:11 143.360 msvlclnt.dll
05.09.2007 00:55 44.608 Getvlist.exe
05.09.2007 00:48 184.023 phupdn.txt
05.09.2007 00:35 18.427 global.daz
05.09.2007 00:35 54.476 phupdn.txz
04.09.2007 13:48 90.996 Chinese.Age
04.09.2007 13:48 110.439 Icelandic.Age
04.09.2007 13:48 115.349 Polish.Age
04.09.2007 13:48 112.207 Finnish.Age
04.09.2007 13:48 116.504 French.Age
04.09.2007 13:48 115.397 Spanish.Age
04.09.2007 13:48 116.118 Spanishl.Age
04.09.2007 13:48 111.149 Romanian.Age
04.09.2007 13:48 124.130 Portuguese.Age
04.09.2007 13:48 122.760 Italian.Age
04.09.2007 13:48 125.551 language.ini
04.09.2007 13:48 125.551 German.Age
03.09.2007 16:35 4.592 SIntfIcn.ani
03.09.2007 16:35 24.516 SIntfNT.dll
03.09.2007 16:35 19.924 SIntf32.dll
03.09.2007 16:35 12.067 SIntf16.dll
03.09.2007 16:35 36.864 CmdLineExt02.dll
03.09.2007 12:28 3.662 avp.set
03.09.2007 12:28 3.662 avp_ext.set
03.09.2007 12:28 48.186 unp033.avc
03.09.2007 12:28 42.227 unp032.avc
03.09.2007 12:28 49.035 base149.avc
03.09.2007 12:28 50.144 base150.avc
03.09.2007 12:28 50.067 base043c.avc
03.09.2007 12:28 50.048 base041c.avc
03.09.2007 12:28 49.807 base042c.avc
03.09.2007 12:28 49.886 base040c.avc
03.09.2007 12:28 49.954 base039c.avc
03.09.2007 12:28 50.091 base038c.avc
03.09.2007 12:28 11.542 ocr.avc
03.09.2007 09:48 1.132 01FA0F93.key
31.08.2007 11:27 246.924 spydb.avs
31.08.2007 10:15 78.840 krnexe32.avc
31.08.2007 00:54 59.964 Macromedia Licensing Cleanup.0001
30.08.2007 21:59 0 tcmp_version
30.08.2007 19:22 0 cdr81.tmp
30.08.2007 19:07 0 cdr5B.tmp
30.08.2007 18:58 0 cdr50.tmp
30.08.2007 18:45 0 cdr44.tmp
30.08.2007 18:18 0 cdr26.tmp
30.08.2007 18:11 0 cdr1B.tmp
30.08.2007 18:04 0 cdrA.tmp
30.08.2007 18:03 0 cdr9.tmp
30.08.2007 17:57 0 cdr8.tmp
30.08.2007 17:51 0 cdr7.tmp
30.08.2007 17:41 0 cdr6.tmp
30.08.2007 17:26 0 cdr5.tmp
30.08.2007 10:09 16.384 Perflib_Perfdata_328.dat
30.08.2007 10:09 16.384 Perflib_Perfdata_44c.dat
30.08.2007 10:08 16.384 Perflib_Perfdata_1a4.dat
29.08.2007 22:25 12.818 control.xml
29.08.2007 13:07 234.278 The_Weather_Channel_Application.exe
29.08.2007 13:07 17.570 stubinstaller.ini
29.08.2007 13:07 43 blank.gif
29.08.2007 13:07 273.520 TheWeatherChannel_dw5_Stubtrillian.exe
29.08.2007 12:35 14.848 914a66.mst
29.08.2007 10:59 46.334 java_install_reg.log
29.08.2007 10:26 29.901 gen001.avc
29.08.2007 10:26 49.792 base113.avc
29.08.2007 10:26 49.810 base069.avc
29.08.2007 10:26 48.775 base006.avc
29.08.2007 10:26 48.999 base008.avc
29.08.2007 10:26 72.335 krn001.avc
29.08.2007 10:26 153.274 krnmacro.avc
29.08.2007 10:26 12.807 kernel.avc
29.08.2007 10:26 120.768 krnunp.avc
29.08.2007 09:58 16.384 Perflib_Perfdata_c14.dat
29.08.2007 09:58 16.384 Perflib_Perfdata_c20.dat
29.08.2007 09:57 16.384 Perflib_Perfdata_1ac.dat
28.08.2007 22:31 104.433.585 Farmerfotos von Jake.rar
28.08.2007 10:06 23.927 unp021.avc
28.08.2007 10:06 63.767 unp023.avc
28.08.2007 10:06 25.749 unp004.avc
28.08.2007 10:06 49.848 base052.avc
28.08.2007 10:06 49.692 base111.avc
28.08.2007 10:06 49.623 base024.avc
28.08.2007 10:06 49.846 base049.avc
28.08.2007 10:06 48.314 base016.avc
28.08.2007 10:06 48.023 base002.avc
28.08.2007 10:06 49.114 base004.avc
28.08.2007 10:06 49.800 base015c.avc
26.08.2007 18:13 31.653 unp017.avc
26.08.2007 18:13 47.828 unp037.avc
26.08.2007 18:13 69.675 unp002.avc
26.08.2007 18:13 49.170 base099.avc
26.08.2007 18:13 39.538 krn004.avc
26.08.2007 13:15 11.245 English.con
24.08.2007 11:20 51.868 English.Age
23.08.2007 16:34 48.907 unp027.avc
23.08.2007 16:34 48.747 unp009.avc
23.08.2007 16:34 48.569 base009.avc
23.08.2007 16:34 49.530 base005.avc
23.08.2007 16:34 53.336 unp008.avc
23.08.2007 13:58 1.895 Portuguese.tcp
23.08.2007 13:52 7.844 Portuguese.lic
23.08.2007 12:59 16.384 Perflib_Perfdata_484.dat
23.08.2007 12:59 16.384 Perflib_Perfdata_120.dat
23.08.2007 12:58 16.384 Perflib_Perfdata_2c0.dat
23.08.2007 12:41 16.384 Perflib_Perfdata_fe4.dat
23.08.2007 12:41 16.384 Perflib_Perfdata_fec.dat
23.08.2007 12:40 16.384 Perflib_Perfdata_2e8.dat
23.08.2007 10:25 16.384 Perflib_Perfdata_1f8.dat
21.08.2007 12:23 14.231 mail.avc
21.08.2007 12:23 49.821 base036c.avc
21.08.2007 12:23 49.640 base035c.avc
21.08.2007 10:45 0 jupdate1.5.0.xml
19.08.2007 18:31 8.759 Chinese.con
18.08.2007 10:25 36.871 gen002.avc
18.08.2007 10:25 21.353 gen005.avc
18.08.2007 10:25 37.383 unp031.avc
18.08.2007 10:25 65.836 unp010.avc
18.08.2007 10:25 38.822 unp028.avc
18.08.2007 10:25 75.943 unp007.avc
18.08.2007 10:25 49.402 base130.avc
18.08.2007 10:25 49.583 base114.avc
18.08.2007 10:25 49.872 base128.avc
18.08.2007 10:25 49.648 base029.avc
18.08.2007 10:25 46.823 krnjava.avc
18.08.2007 10:25 29.818 krnengn.avc
17.08.2007 22:20 4.857 _voo.bak
17.08.2007 16:29 0 v3c39.tmp
17.08.2007 16:28 0 haj37.tmp
17.08.2007 16:06 0 0mw2C.tmp
17.08.2007 16:05 0 7fp2B.tmp
17.08.2007 16:04 0 g7t2A.tmp
17.08.2007 16:03 0 0wa29.tmp
17.08.2007 16:02 0 pu928.tmp
16.08.2007 12:46 5.849 Portuguese.dow
16.08.2007 12:40 8.114 English.lic
16.08.2007 11:40 12.741 Portuguese.con
16.08.2007 09:59 78.798 ca.avc
16.08.2007 09:59 30.137 gen999.avc
16.08.2007 09:59 39.828 unp026.avc
16.08.2007 09:59 47.737 unp034.avc
16.08.2007 09:59 49.601 unp030.avc
16.08.2007 09:59 38.132 unp020.avc
16.08.2007 09:59 30.291 unp024.avc
16.08.2007 09:59 36.012 unp025.avc
16.08.2007 09:59 53.972 unp003.avc
16.08.2007 09:59 50.938 base144.avc
16.08.2007 09:59 49.493 base143.avc
16.08.2007 09:59 49.506 base134.avc
16.08.2007 09:59 50.657 base109.avc
16.08.2007 09:59 50.374 base034c.avc
16.08.2007 09:59 50.014 base032c.avc
16.08.2007 09:59 49.990 base033c.avc
15.08.2007 17:09 0 37t8E.tmp
14.08.2007 21:28 12.586 dd_netfxLP20UI3B67.txt
14.08.2007 21:28 13.600 dd_netfx20UI37BE.txt
14.08.2007 21:28 4.589.660 dd_netfx20MSI37BE.txt
14.08.2007 21:25 5.144 ASPNETSetup_00000.log
13.08.2007 21:55 50.138 base148.avc
13.08.2007 21:55 50.023 base147.avc
13.08.2007 21:55 50.265 ext003c.avc
13.08.2007 18:13 17.910 unp029.avc
10.08.2007 17:29 1.987 travian0.gif
09.08.2007 14:38 1.262 removefiles.txttemp
09.08.2007 14:38 16 persistent_state
09.08.2007 14:31 4.608 i4j41930.exe
09.08.2007 11:40 1.854 Spanishl.tcp
09.08.2007 08:51 5.922 Spanishl.dow
09.08.2007 08:42 12.551 Spanishl.con
09.08.2007 00:09 7.201 Spanishl.lic
08.08.2007 19:40 23.526 unp000.avc
08.08.2007 19:40 49.483 base032.avc
07.08.2007 14:46 499.712 Download.exe
07.08.2007 11:25 46.136 unp036.avc
04.08.2007 19:42 64.745 unp016.avc
03.08.2007 20:37 50.472 base146.avc
03.08.2007 20:37 49.794 base145.avc
03.08.2007 20:37 48.258 base015.avc
03.08.2007 20:37 50.542 base030c.avc
03.08.2007 20:37 50.397 base031c.avc
02.08.2007 00:18 47.592 base086.avc
02.08.2007 00:18 47.807 base087.avc

2.Silentrunners Logfile

"Silent Runners.vbs", revision 52, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"DW4" = ""C:\Programme\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"" [file not found]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"AS00_Netgear" = "C:\Programme\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide" [empty string]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"FreePDF Assistant" = "C:\Programme\FreePDF_XP\fpassist.exe" [null data]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SpyHunter" = "C:\Programme\Enigma Software Group\SpyHunter\SpyHunter.exe" ["Enigma Software Group Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{0A94B111-4504-4e26-AB05-E61E474AA38B}\(Default) = "Ask Search Assistant BHO"
-> {HKLM...CLSID} = "Ask Search Assistant BHO"
\InProcServer32\(Default) = "C:\Programme\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" ["Ask.com"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F4D76F01-7896-458a-890F-E1F05C46069F}\(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
\InProcServer32\(Default) = "C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL" ["Ask.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}" = "The Core Media Player Shell Extension"
-> {HKLM...CLSID} = "The Core Media Player Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL" [file not found]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{36EB2FB7-593D-45aa-9669-582196FB1C2A}" = "SolidConverter extension"
-> {HKCU...CLSID} = "Solid Converter GX"
\InProcServer32\(Default) = "C:\Programme\SolidDocuments\SolidConverterGX\SCGX\ExploreExtGX.dll" ["VoyagerSoft, LLC"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "PAVWAIT.DLL" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CoreShellAgent\(Default) = "{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}"
-> {HKLM...CLSID} = "The Core Media Player Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\CORECO~1\THECOR~1\System\CORESH~1.CLL" [file not found]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

3. Versuchskaninchen Helixx - Teil 1



Folgende Dateien verfügen über keine gültige Signatur:
------------------------------------------------------

unsignierte laufende Prozesse:
------------------------------

Pfad (Hersteller, Beschreibung)

c:\programme\java\jre1.5.0_09\bin\jusched.exe ("Sun Microsystems, Inc.")
c:\programme\freepdf_xp\fpassist.exe ("shbox.de", "FreePDF Assistent für FreePDF3")
c:\programme\logitech\mouseware\system\EM_EXEC.EXE ("Logitech Inc.", "Logitech Events Handler Application")
c:\programme\opera\Opera.exe ("Opera Software", "Opera Internet Browser")


unsignierte geladene dlls:
--------------------------

Pfad (Hersteller, Beschreibung)

c:\progra~1\winzip\WZSHLSTB.DLL ("WinZip Computing, Inc.")
c:\programme\antivir personaledition classic\avevtlog.dll ("Avira GmbH","Event Logger")
c:\programme\antivir personaledition classic\avewin32.dll ("Avira GmbH","AntiVir Engine for Windows")
c:\programme\antivir personaledition classic\avgcmxp.dll ("Avira GmbH","Resource Datei für Antivirus System Tray Tool")
c:\programme\antivir personaledition classic\avpref.dll ("Avira GmbH","Prefix DLL")
c:\programme\antivir personaledition classic\avwinll.dll ("Avira GmbH","AntiVir Windows Workstation")
c:\programme\antivir personaledition classic\guardmsg.dll ("Avira GmbH","AVGuard Messages (Deutsch)")
c:\programme\antivir personaledition classic\mfc71u.dll ("Microsoft Corporation","MFCDLL Shared Library - Retail Version")
c:\programme\antivir personaledition classic\msvcp71.dll ("Microsoft Corporation","Microsoft® C++ Runtime Library")
c:\programme\antivir personaledition classic\msvcr71.dll ("Microsoft Corporation","Microsoft® C Runtime Library")
c:\programme\antivir personaledition classic\schedr.dll ("Avira GmbH","avschdr Dynamic Link Library")
c:\programme\antivir personaledition classic\shlext.dll ("Avira GmbH","ShlExt.dll")
c:\programme\antivir personaledition classic\smtplib.dll ("Avira GmbH","SMTPLIB")
c:\programme\antivir personaledition classic\sqlite3.dll ("n/a","SQLite 3 Database Library")
c:\programme\askpbar\bar\1.bin\ASKPBAR.DLL ("Ask.com","Ask Toolbar")
c:\programme\askpbar\srchastt\1.bin\A9SRCHAS.DLL ("Ask.com","Ask.com Search Assistant")
c:\programme\ati technologies\ati.ace\ACE.Graphics.DisplaysManager.Shared.dll ("ATI Technologies Inc.","ACE Graphics DisplaysManager Shared")
c:\programme\ati technologies\ati.ace\ACE.Graphics.VideoOverlay.Shared.dll ("ATI Technologies Inc.","DACE Graphics VideoOverlay Shared")
c:\programme\ati technologies\ati.ace\AEM.Foundation.dll ("ATI Technologies Inc.","AEM Foundation")
c:\programme\ati technologies\ati.ace\APM.Foundation.dll ("ATI Technologies Inc.","APM Foundation")
c:\programme\ati technologies\ati.ace\atiacmxx.dll ("n/a","ACE Context Menu")
c:\programme\ati technologies\ati.ace\ATICCCom.dll ("ATI Technologies Inc.","CCCCom")
c:\programme\ati technologies\ati.ace\atixclib.dll (" "," ")
c:\programme\ati technologies\ati.ace\CLI.Aspect.CustomFormats.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Custom Formats")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste CRT 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste CRT 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DeviceCV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste CV 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DeviceCV2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste DFP Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste DFP Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste DFP 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste DFP 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste LCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste LCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DeviceLCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste LCD 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste LCD 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DeviceLCD2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste Common Display Device Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste Common Display Device Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste TV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DeviceTV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste TV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DeviceTV2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste Display Colour")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste Display Colour Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste Display Colour 2")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste Display Colour 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard DisplaysManager Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste Display Option Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste Display Option Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste HotkeysHandling Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste HotkeysHandling Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste InfoCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste InforCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard Graphics Caste InfoCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste Integrated UMA Frame Buffer Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste Integrated UMA Frame Buffer Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste MM Video Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste MM Video Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard Video Aspect - Quick Tasks")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste MultiVPU Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste MultiVPU Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste MultiVPU2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste MultiVPU2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive2.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste OverDrive2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive2.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste OverDrive2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive3.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste OverDrive3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive3.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste OverDrive3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste PowerPlay3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.PowerPlay3.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste PowerPlay3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste R300/R400 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste R300/R400 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Wizard.dll (" "," ")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste R100/R200 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste R100/R200 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.SmartGart.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste SMARTGART Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.SmartGart.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste SMARTGART Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.TransCode.Local.Shared.dll ("ATI Technologies Inc.","Dashboard Local Caste TransCode Shared")
c:\programme\ati technologies\ati.ace\CLI.Aspect.TransCode.Local.Wizard.dll ("ATI Technologies Inc.","Dashboard Local Caste TransCode Wizard")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste VeryLargeDesktop Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste VeryLargeDesktop Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VideoOverlay.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste VideoOverlay Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VideoOverlay.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste VideoOverlay Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VPURecover.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste VPU Recover Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VPURecover.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste VPU Recover Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste WorkstationConfig Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.WorkstationConfig.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste WorkstationConfig Aspect")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Runtime.dll ("ATI Technologies Inc.","Runtime Graphics Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Shared.dll ("ATI Technologies Inc.","Shared Graphics Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Wizard.dll ("ATI Technologies Inc.","Wizard Graphics Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Wizard.Shared.dll ("ATI Technologies Inc.","Wizard Graphics Shared Caste")
c:\programme\ati technologies\ati.ace\CLI.Component.Runtime.dll ("ATI Technologies Inc.","Runtime Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Runtime.Shared.dll ("ATI Technologies Inc.","Runtime Shared")
c:\programme\ati technologies\ati.ace\CLI.Component.Systemtray.dll ("ATI Technologies Inc.","SystemTray Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Wizard.dll ("ATI Technologies Inc.","Wizard Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Wizard.Shared.dll ("ATI Technologies Inc.","Wizard Component Shared Types")
c:\programme\ati technologies\ati.ace\CLI.Foundation.Clients.dll ("ATI Technologies Inc.","CLI Foundation for Clients")
c:\programme\ati technologies\ati.ace\CLI.Foundation.dll ("ATI Technologies Inc.","CLI Foundation")
c:\programme\ati technologies\ati.ace\CLI.Foundation.XManifestation.dll ("ATI Technologies Inc.","CLI Foundation for XML")
c:\programme\ati technologies\ati.ace\CLI.Implementation.dll ("ATI Technologies Inc.","CLI Application Implementation (Command Line Interface)")
c:\programme\ati technologies\ati.ace\de\CLI.Component.Systemtray.resources.dll ("ATI Technologies Inc.","SystemTray Component")
c:\programme\ati technologies\ati.ace\DEM.Foundation.dll ("ATI Technologies Inc.","DEM Foundation")
c:\programme\ati technologies\ati.ace\DEM.Graphics.I0600.dll ("ATI Technologies Inc.","DEM Graphics I0600")
c:\programme\ati technologies\ati.ace\DEM.Graphics.I0601.dll ("ATI Technologies Inc.","DEM Graphics I0601")
c:\programme\ati technologies\ati.ace\DEM.Graphics.I0602.dll ("ATI Technologies Inc.","DEM Graphics I0602")
c:\programme\ati technologies\ati.ace\LOG.Foundation.dll ("ATI Technologies Inc.","LOG Foundation")
c:\programme\ati technologies\ati.ace\LOG.Foundation.Service.dll ("ATI Technologies Inc.","LOG Foundation Service")
c:\programme\ati technologies\ati.ace\LOG.Foundation.Shared.dll ("ATI Technologies Inc.","LOG Foundation Shared")
c:\programme\gemeinsame dateien\logitech\scrolling\LGMSGHK.DLL ("Logitech Inc.","Logitech Message Hook Library")
c:\programme\logitech\mouseware\system\CCMSGHK.DLL ("Logitech Inc.","Logitech Multi Purpose Hook Library")
c:\programme\logitech\mouseware\system\CCRESRCE.DLL ("Logitech Inc.","MouseWare Translatable Resource dll")
c:\programme\logitech\mouseware\system\CCSTMGLB.DLL ("Logitech Inc.","Logitech Custom Global Resources Library")
c:\programme\logitech\mouseware\system\CCUSTOM.DLL ("Logitech Inc.","Logitech Custom Translatable Resources Library")
c:\programme\logitech\mouseware\system\DEVICES.DLL ("Logitech Inc.","Logitech Devices Library")
c:\programme\logitech\mouseware\system\EVENTEX.DLL ("Logitech Inc.","Logitech Events Library")
c:\programme\logitech\mouseware\system\GlbResLt.dll ("Logitech Inc.","Logitech Lite Global Resources Library")
c:\programme\logitech\mouseware\system\LgWndHk.dll ("Logitech Inc.","Logitech Call Window Hook Library")
c:\programme\logitech\mouseware\system\MFC42.DLL ("Microsoft Corporation","MFCDLL Shared Library - Retail Version")
c:\programme\opera\Opera.dll ("Opera Software","Opera Internet Browser")
c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll ("Microsoft Corporation","System.Drawing.dll")
c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll ("Microsoft Corporation","Microsoft .NET library for Management")
c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll ("Microsoft Corporation","Microsoft .NET Runtime Object Remoting")
c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll ("Microsoft Corporation","System.Web.dll")
c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll ("Microsoft Corporation","System.Windows.Forms.dll")
c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\System.XML.dll ("Microsoft Corporation","System.Xml.dll")
c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\System.dll ("Microsoft Corporation","System.dll")
c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1c9dbfe2\mscorlib.dll ("n/a","n/a")
c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ade167e8\System.Drawing.dll ("n/a","n/a")
c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_16846b25\System.Windows.Forms.dll ("n/a","n/a")
c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_bf36dc30\System.Xml.dll ("n/a","n/a")
c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_051d205a\System.dll ("n/a","n/a")
c:\windows\microsoft.net\framework\v1.1.4322\aspnet_isapi.dll ("Microsoft Corporation","aspnet_isapi.lib")
c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll ("Microsoft Corporation","Assembly manager")
c:\windows\microsoft.net\framework\v1.1.4322\mscorjit.dll ("Microsoft Corporation","Microsoft .NET Runtime Just-In-Time Compiler")
c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll ("Microsoft Corporation","Microsoft Common Language Runtime Class Library")
c:\windows\microsoft.net\framework\v1.1.4322\mscorsn.dll ("Microsoft Corporation","Microsoft .NET Strong Name Support")
c:\windows\microsoft.net\framework\v1.1.4322\mscorwks.dll ("Microsoft Corporation","Microsoft .NET Runtime Common Language Runtime - WorkStation")
c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll ("Microsoft Corporation","Microsoft® C Runtime Library")
c:\windows\microsoft.net\framework\v1.1.4322\PerfCounter.dll ("Microsoft Corporation","Microsoft performance counter extension for .NET Runtime")
c:\windows\microsoft.net\framework\v1.1.4322\WMINet_Utils.dll ("Microsoft Corporation","WMINet_Utils.dll")
c:\windows\microsoft.net\framework\v2.0.50727\Aspnet_perf.dll ("Microsoft Corporation","Microsoft ASP.NET Performance Counter DLL")
c:\windows\system32\AW32n50.dll ("AMBIT Microsystems Corporation.","AWinDis 32 API & Platform Compatibility DLL")
c:\windows\system32\COMNCTR.DLL ("Logitech Inc.","Logitech Common Library")
c:\windows\system32\mdimon.dll ("Microsoft Corporation","Microsoft® Document Imaging")
c:\windows\system32\mscoree.dll ("Microsoft Corporation","Microsoft .NET Runtime Execution Engine")
c:\windows\system32\redmonnt.dll ("n/a","n/a")
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll ("Microsoft Corporation","Microsoft® Document Imaging")
c:\windows\system32\xfire_lsp.dll ("n/a","n/a")
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll ("Microsoft Corporation","Microsoft® C Runtime Library")


unsignierte handles:
--------------------

Pfad (Hersteller, Beschreibung)

c:\programme\antivir personaledition classic\sched.exe ("Avira GmbH", "Antivirus Scheduler")
c:\programme\ati technologies\ati.ace\ACE.DLL ("ATI Technologies Inc.", "ATI Display Driver Component")
c:\programme\ati technologies\ati.ace\ACE.Graphics.DisplaysManager.Shared.dll ("ATI Technologies Inc.", "ACE Graphics DisplaysManager Shared")
c:\programme\ati technologies\ati.ace\ACE.Graphics.VideoOverlay.Shared.dll ("ATI Technologies Inc.", "DACE Graphics VideoOverlay Shared")
c:\programme\ati technologies\ati.ace\AEM.Foundation.dll ("ATI Technologies Inc.", "AEM Foundation")
c:\programme\ati technologies\ati.ace\APM.Foundation.dll ("ATI Technologies Inc.", "APM Foundation")
c:\programme\ati technologies\ati.ace\ATI.ACE.SDK.dll ("ATI Technologies Inc.", "SDK")
c:\programme\ati technologies\ati.ace\atiacm64.dll ("n/a", "ACE Context Menu")
c:\programme\ati technologies\ati.ace\atiacmxx.dll ("n/a", "ACE Context Menu")
c:\programme\ati technologies\ati.ace\atiama64.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamara.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamaxx.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamchs.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamcht.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamcsy.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamdan.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamdeu.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamell.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamenu.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamesp.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamfin.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamfra.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamheb.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamhun.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamita.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamjpn.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamkor.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamnld.dll ("ATI Technologies, Inc.")

3. Versuchskanichen Helixx -Teil 2

c:\programme\ati technologies\ati.ace\atiamnor.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamplk.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamptb.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamrus.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamsve.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamtha.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atiamtrk.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\ATICCCom.dll ("ATI Technologies Inc.", "CCCCom")
c:\programme\ati technologies\ati.ace\atidvcr.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\atishlx.exe ("ATI Technologies", "atishlx Application")
c:\programme\ati technologies\ati.ace\atixclib.dll (" ", " ")
c:\programme\ati technologies\ati.ace\atixcode.dll ("ATI Technologies, Inc.")
c:\programme\ati technologies\ati.ace\AxInterop.MSComctlLib.dll (" ", " ")
c:\programme\ati technologies\ati.ace\AxInterop.MSForms.dll (" ", " ")
c:\programme\ati technologies\ati.ace\AxInterop.SHDocVw.dll (" ", " ")
c:\programme\ati technologies\ati.ace\AxInterop.WBOCXLib.dll (" ", " ")
c:\programme\ati technologies\ati.ace\CLI.Aspect.CustomFormats.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Custom Formats")
c:\programme\ati technologies\ati.ace\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Implementation of Custom Format Selection")
c:\programme\ati technologies\ati.ace\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.dll ("ATI Technologies Inc.", "Shared Custom Format Selection")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DemoAspect.Demo.Dashboard.dll ("ATI Technologies Inc.", "Dashboard ScreenSaver Demo Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DemoAspect.Demo.Runtime.dll ("ATI Technologies Inc.", "Runtime ScreenSaver Demo Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DemoAspect.Demo.Shared.dll ("ATI Technologies Inc.", "ScreenSaver Demo Shared Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DemoAspect.Demo.Wizard.dll ("ATI Technologies Inc.", "Wizard ScreenSaver Demo Aspect - Quick Tasks")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DemoAspect.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard ScreenSaver Demo Aspect - Easy Tasks")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste CRT 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste CRT 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCRT2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste CRT 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DeviceCV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste CV 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste CV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste CV 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceCV2.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DeviceCV2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste DFP Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste DFP Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste DFP Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste DFP 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste DFP 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceDFP2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste DFP 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste LCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste LCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste LCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DeviceLCD Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste LCD 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste LCD 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste LCD 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceLCD2.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DeviceLCD2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste Common Display Device Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceProperty2.Graphics.Dashboard.Shared.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste DeviceProperty2 Aspect Shared")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceProperty2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste DeviceProperty2 Aspect Shared")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceProperty2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste Common Display Device Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste TV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste TV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DeviceTV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste TV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste CRT Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste TV Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DeviceTV2.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DeviceTV2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Display Colour Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste Display Colour")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste Display Colour Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Display Colour 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste Display Colour 2")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste Display Colour 2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste Display Manager Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard DisplaysManager Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste Display Options Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste Display Option Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste Display Option Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste HotkeysHandling Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste HotkeysHandling Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste InfoCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste InfoCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste InforCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard Graphics Caste InfoCentre Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste Integrated UMA Frame Buffer Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste Integrated UMA Frame Buffer Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste Integrated UMA Frame Buffer Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste MM Video Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste MM Video Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste MM Video Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MMVideo.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard Video Aspect - Quick Tasks")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste MultiVPU Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste MultiVPU Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste MultiVPU Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste MultiVPU2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste MultiVPU2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.MultiVPU2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste MultiVPU2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive2.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste OverDrive2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive2.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste OverDrive2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive2.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste OverDrive2 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste OverDrive3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive3.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste OverDrive3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.OverDrive3.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste OverDrive3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste PowerPlay3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste PowerPlay3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.PowerPlay3.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste PowerPlay3 Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste R300/R400 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste R300/R400 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste R300/R400 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3D.Graphics.Wizard.dll (" ", " ")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3DLegacy.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste R100/R200 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste R100/R200 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste R100/R200 Radeon3D Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.SmartGart.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste SMARTGART Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.SmartGart.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste SMARTGART Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.SmartGart.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste SMARTGART Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.TransCode.Local.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Local Caste TransCode Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.TransCode.Local.Shared.dll ("ATI Technologies Inc.", "Dashboard Local Caste TransCode Shared")
c:\programme\ati technologies\ati.ace\CLI.Aspect.TransCode.Local.Wizard.dll ("ATI Technologies Inc.", "Dashboard Local Caste TransCode Wizard")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste VeryLargeDesktop Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste VeryLargeDesktop Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste VeryLargeDesktop Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VideoOverlay.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste VideoOverlay Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VideoOverlay.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste VideoOverlay Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VideoOverlay.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste VideoOverlay Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste VPU Recover Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VPURecover.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste VPU Recover Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.VPURecover.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste VPU Recover Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.Welcome.Local.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Local Caste Welcome Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste WorkstationConfig Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste WorkstationConfig Aspect")
c:\programme\ati technologies\ati.ace\CLI.Aspect.WorkstationConfig.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste WorkstationConfig Aspect")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Graphics Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Dashboard.Shared.dll ("ATI Technologies Inc.", "Dashboard Graphics Shared Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Runtime.dll ("ATI Technologies Inc.", "Runtime Graphics Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Shared.dll ("ATI Technologies Inc.", "Shared Graphics Caste")

3. Versuchkanichen Helixx -Teil 3

c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Wizard.dll ("ATI Technologies Inc.", "Wizard Graphics Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Graphics.Wizard.Shared.dll ("ATI Technologies Inc.", "Wizard Graphics Shared Caste")
c:\programme\ati technologies\ati.ace\CLI.Caste.Local.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Local Caste")
c:\programme\ati technologies\ati.ace\CLI.Component.AutoRemoval.dll ("ATI Technologies Inc.", "Autoremoval Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Dashboard.dll ("ATI Technologies Inc.", "Dashboard Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Dashboard.HotKeyManager.dll ("ATI Technologies Inc.", "Dashboard HotKey Manager (AEM)")
c:\programme\ati technologies\ati.ace\CLI.Component.Dashboard.ProfileManager.dll ("ATI Technologies Inc.", "Dashboard Profile Manager (APM)")
c:\programme\ati technologies\ati.ace\CLI.Component.Dashboard.Shared.dll ("ATI Technologies Inc.", "Dashboard Component Shared Types")
c:\programme\ati technologies\ati.ace\CLI.Component.Eeu.dll ("ATI Technologies Inc.", "EEU Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Erecord.dll ("ATI Technologies Inc.", "eRecord Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Help.dll ("ATI Technologies Inc.", "Help Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Icomponent.dll ("ATI Technologies Inc.", "IComponent Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Load.dll ("ATI Technologies Inc.", "Load Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Runtime.dll ("ATI Technologies Inc.", "Runtime Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Runtime.Shared.dll ("ATI Technologies Inc.", "Runtime Shared")
c:\programme\ati technologies\ati.ace\CLI.Component.SDK.dll ("ATI Technologies Inc.", "SDK Implementation")
c:\programme\ati technologies\ati.ace\CLI.Component.Systemtray.dll ("ATI Technologies Inc.", "SystemTray Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Wizard.dll ("ATI Technologies Inc.", "Wizard Component")
c:\programme\ati technologies\ati.ace\CLI.Component.Wizard.Shared.dll ("ATI Technologies Inc.", "Wizard Component Shared Types")
c:\programme\ati technologies\ati.ace\CLI.exe ("ATI Technologies Inc.", "CLI Application (Command Line Interface)")
c:\programme\ati technologies\ati.ace\CLI.Foundation.Clients.dll ("ATI Technologies Inc.", "CLI Foundation for Clients")
c:\programme\ati technologies\ati.ace\CLI.Foundation.dll ("ATI Technologies Inc.", "CLI Foundation")
c:\programme\ati technologies\ati.ace\CLI.Foundation.XManifestation.dll ("ATI Technologies Inc.", "CLI Foundation for XML")
c:\programme\ati technologies\ati.ace\CLI.Implementation.dll ("ATI Technologies Inc.", "CLI Application Implementation (Command Line Interface)")
c:\programme\ati technologies\ati.ace\DEM.Foundation.dll ("ATI Technologies Inc.", "DEM Foundation")
c:\programme\ati technologies\ati.ace\DEM.Graphics.I0600.dll ("ATI Technologies Inc.", "DEM Graphics I0600")
c:\programme\ati technologies\ati.ace\DEM.Graphics.I0601.dll ("ATI Technologies Inc.", "DEM Graphics I0601")
c:\programme\ati technologies\ati.ace\DEM.Graphics.I0602.dll ("ATI Technologies Inc.", "DEM Graphics I0602")
c:\programme\ati technologies\ati.ace\DeveloperConsole.exe (" ", " ")
c:\programme\ati technologies\ati.ace\DXStress.exe ("ATI Technologies Inc. ", "Win32 Dxstress Application")
c:\programme\ati technologies\ati.ace\Interop.MSComctlLib.dll (" ", " ")
c:\programme\ati technologies\ati.ace\Interop.MSForms.dll (" ", " ")
c:\programme\ati technologies\ati.ace\Interop.NewIWshRuntimeLibrary.dll (" ", " ")
c:\programme\ati technologies\ati.ace\Interop.SHDocVw.dll (" ", " ")
c:\programme\ati technologies\ati.ace\Interop.WBOCXLib.dll (" ", " ")
c:\programme\ati technologies\ati.ace\LOG.exe ("ATI Technologies Inc.", "LOG Application (Logging and Operating GUI)")
c:\programme\ati technologies\ati.ace\LOG.Foundation.dll ("ATI Technologies Inc.", "LOG Foundation")
c:\programme\ati technologies\ati.ace\LOG.Foundation.Service.dll ("ATI Technologies Inc.", "LOG Foundation Service")
c:\programme\ati technologies\ati.ace\LOG.Foundation.Shared.dll ("ATI Technologies Inc.", "LOG Foundation Shared")
c:\programme\ati technologies\ati.ace\Mace.exe ("ATI Technologies Inc.", "Managed Access to Catalyst Environment (MACE)")
c:\programme\ati technologies\ati.ace\MFC71.dll ("Microsoft Corporation", "MFCDLL Shared Library - Retail Version")
c:\programme\ati technologies\ati.ace\mfc71u.dll ("Microsoft Corporation", "MFCDLL Shared Library - Retail Version")
c:\programme\ati technologies\ati.ace\MMACEPrev.exe ("ATI Technologies Inc.", "Windowed Preview Application")
c:\programme\ati technologies\ati.ace\msvcp71.dll ("Microsoft Corporation", "Microsoft® C++ Runtime Library")
c:\programme\ati technologies\ati.ace\msvcr71.dll ("Microsoft Corporation", "Microsoft® C Runtime Library")
c:\programme\ati technologies\ati.ace\Preview.exe ("ATI Technologies Inc.", "Windowed Preview Application")
c:\programme\ati technologies\ati.ace\Preview_FS.exe ("ATI Technologies Inc.", "Fullscreen Preview Application")
c:\programme\ati technologies\ati.ace\SkinFactory.dll ("ATI Technologies Inc.", "SkinFactory")
c:\programme\ati technologies\ati.ace\thunk.exe ("n/a", "n/a")
c:\programme\ati technologies\ati.ace\thunk64.exe ("n/a", "n/a")
c:\programme\ati technologies\ati.ace\Toggle.exe ("ATI Technologies Inc.", "TOGGLE Application (Wizard)")
c:\programme\ati technologies\ati.ace\uccc.exe ("ATI Technologies Inc.", "UCCC")
c:\programme\ati technologies\ati.ace\Wizard.exe ("ATI Technologies Inc.", "WIZARD Application (Wizard)")
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll ("Microsoft Corporation", "Microsoft® C Runtime Library")
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll ("Microsoft Corporation", "Microsoft® C++ Runtime Library")
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll ("Microsoft Corporation", "Microsoft® C Runtime Library")




So das war alles. Fühl mich dabei gar nicht wohl, daran zu denken, dass sich das jetzt jemand alles durchlesen wird..hab ein richtig schlechtes Gewissen dabei :o


Gruß
Helixx

:confused: Ich stehe vor einem Rätsel. Nichts, nada, niente. Cleriker wird sich schlapp lachen :D: Was hat der escan ergeben? Poste bitte das log der find.bat und ein neues HJT-log.

Du hast nicht zufällig in der Zwischenzeit einige scanner über dein System gejagt, die Dateien entfernt haben? Gruß

Nachtrag: Poste bitte von der filelist die letzten 6 Monate des Ordners system32.

Hänge auch - falls nicht zu groß - mal die c:\windows\system32\anjctkkf.txt als Anhang dran. Ansonsten lade die Datei bei fileupload.net hoch und setze den link hier rein.

Ähm,

zum totlachen finde ich hier nix mehr, nachdem
ich mal nach den anfangs genannten Prozessen
gegoogelt habe:

Das ist wohl dieser Backdoortrojaner

Demzufolge würde ich vorschlagen, dein System neu aufzusetzen (siehe sig)
und anschließend Passwörter und Logindaten zu ändern.

Falls du dein System trotzdem weiter verwenden möchtest,
schaue unter dem geposten Link unter Wiederherstellung nach.

mfg Cleriker

Also ich hab jetzt den eScan gemacht (u.a. 24 Viren gefunden)..
Doch bin irgendwie zu doof um die find.bat Datei zu finden. In welchem Verzeichnis befindet sie sich?

Zum Backdoortrojaner:
Hab die Anweisungen zur Beseitigung des Trojaners befolgt.
Problem ist nur, die Datei, die ich löschen soll, ist nicht vorhanden...

Gruß
Helixx

Edit:
Keine Ahnung ob das irgendwas besagt:
Aber duch manuelles Suchen bin auf folgendes gestoßen:
Unter dem Verzeichnis
Arbeitsplatz\HKEY_CURRENT_USER\Sofatware\Microsoft\Search Assistant\ACMru\5603
befindet sich eine Datei:
Name: 002
Typ: REG_SZ
Wert: windll32.exe

Endlich mal windll32.exe gefunden, jedoch nur als Wert. Hilft das irgendwie weiter?

Leider nein. Besagt nur, dass du in letzter Zeit nach der Datei auf deinem Rechner gesucht hast.

- find.bat

Was ist mit dem Rest? Bitte beantworte alle Fragen und poste die logs.