Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   probleme mit Firefox (https://www.trojaner-board.de/71912-probleme-firefox.html)

Stefan H 11.04.2009 18:34
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32.EXE-3302324E.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db -->08.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db.trx -->08.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AGENT.EXE-88AD0906.pf -->16.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AGENT.EXE-C5DAE855.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2593739946-3429935386-2120486896-1000.db -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2593739946-3429935386-2120486896-1000.db -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\BITTORRENT.EXE-1B4E2C95.pf -->31.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-0BD30981.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-7C90FA24.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-40419367.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CRASHREPORTER.EXE-918F1BCE.pf -->05.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DEFRAG.EXE-3D9E8D72.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DFRGNTFS.EXE-ACFD6573.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6CCFE7C9.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-66015FD1.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FLASHUTIL9F.EXE-CF51FB02.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAMEOVERLAYUI.EXE-4FAB87E7.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEDESKTOP.EXE-A96C573C.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEDESKTOPSETUP.EXE-13F443B1.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEDESKTOPSETUPHELPER.EXE-CA80919D.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-2297EB70.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLETOOLBARUSER.EXE-8DAF8503.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-737A6CD7.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEUPDATER.EXE-FE559EEC.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-B29A0C52.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HELPPANE.EXE-2CB7BD18.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-5E360D50.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HL.EXE-6C6A984D.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HWUPDCHK.EXE-D91D03E3.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEUSER.EXE-1F8A18EE.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IGFXSRVC.EXE-C5618119.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LAUNCHER.EXE-059D9B2F.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LAUNCHER.EXE-600C55D0.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LAUNCHER.EXE-BB82C536.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\Layout.ini -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-F639BD7E.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MAHJONG.EXE-9961EE0E.pf -->07.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCHOST.EXE-DF335CC7.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCINFO.EXE-640DD0DA.pf -->05.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCINFO.EXE-6C8252E7.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCNASVC.EXE-6B61A6E7.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCNASVC.EXE-99DA3D26.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCODS.EXE-2005F4F8.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSHELL.EXE-559B403E.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSHELL.EXE-8CA6B7C3.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSVRCNT.EXE-4914669B.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSVRCNT.EXE-ECC2405E.pf -->07.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSYNC.EXE-9507FC0F.pf -->07.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSYNC.EXE-9D7C7E1C.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSYSMON.EXE-51D610BB.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCSYSMON.EXE-6B211BBF.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUIMGR.EXE-92E0BE8F.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUPDATE.EXE-16C69080.pf -->08.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUPDATE.EXE-7584575A.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUPDATE.EXE-8E5BB827.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUPDMGR.EXE-2483B4A1.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUPDMGR.EXE-80D5DADE.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCUPDUI.EXE-C6A51956.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCVSMAP.EXE-88A2FB49.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCVSMAP.EXE-F42DC9ED.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MCVSSHLD.EXE-BE0F6F46.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MFPMP.EXE-DAD29CCD.pf -->04.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBMAPUPDATER.EXE-2BD1DB45.pf -->30.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBSYNC.EXE-B307E1CC.pf -->02.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MSKAGENT.EXE-435993DD.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PPTVIEW.EXE-50DC6357.pf -->04.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RACAGENT.EXE-CFA82586.pf -->08.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REG.EXE-A93A1343.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-B31EC963.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-0660C72E.pf -->02.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-07F66964.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-0C1949CC.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-0C1D2767.pf -->03.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-103CF05B.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-145E459D.pf -->30.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-18812605.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-1A160180.pf -->03.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-1CA0EE65.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-1CA592BB.pf -->04.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-1E35CB9C.pf -->08.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-267C5293.pf -->06.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-2BCF59CC.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-2EBCAAA2.pf -->31.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-2EC14E64.pf -->09.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-305312FF.pf -->01.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-317ECF2B.pf -->02.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-32E42ECC.pf -->30.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-32E4F4F3.pf -->02.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-37026C9A.pf -->05.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-51CCB287.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-7746B7E1.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-7F87D617.pf -->07.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-8BEB0E8E.pf -->31.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-D7564FB2.pf -->07.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-E552413F.pf -->29.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-EDD722A3.pf -->08.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-F5DC3975.pf -->04.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SELFUPDATE.EXE-F454E6A1.pf -->30.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETHC.EXE-1E0D0DA0.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SPRTCMD.EXE-340347A8.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSVAGENT.EXE-996EBE35.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSVAGENT.EXE-FC413AFB.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\STEAM.EXE-B9DAA8FF.pf -->30.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-35FA9C06.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKMGR.EXE-4C8500BA.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TEAMSPEAK.EXE-BA6CDC81.pf -->02.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-AB0FD091.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf -->10.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-155C56CF.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINACE.EXE-E3BE8BB9.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINAMP.EXE-E3375E53.pf -->04.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINAMPTBSERVER.EXE-B607623B.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPLAYER.EXE-D7C621F8.pf -->04.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WOW.EXE-CE789E8E.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WOWERROR.EXE-91420128.pf -->31.03.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WOWMATRIX.EXE-2CDF842B.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-3FF4D889.pf -->11.04.2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-4048402C.pf -->11.04.2009

---\\ Export authorized application key (O47)
O47 - AAKE:Key Export - "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys


End of the scan:

john.doe 11.04.2009 18:43
1.) Hast du die Startseite freiwillig so eingestellt?

2.) Hattest du McAfee installiert? Da sind noch Reste!
How to uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

3.) Lade und installiere Avira

4.) Deinstalliere Favorit.

ciao, andreas

Stefan H 11.04.2009 19:03
1. nein

2. gemacht

3. gemacht, antivir prog? gut?

4. hmm?

john.doe 11.04.2009 19:11
Hast du in der Zwischenzeit irgendetwas installiert? Da ist etwas Neues, das vorher nicht da war.

Lass nocheinmal Navilog mit Option 1 laufen.

ciao, andreas

Stefan H 11.04.2009 19:38
Search Navipromo version 3.7.6 began on 11.04.2009 at 20:25:15,76

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Program Files\navilog1

Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : S*** ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:455 Go (Free:317 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)


Search done in normal mode


*** Search folders in "C:\Windows" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Search folders in "C:\ProgramData" ***


*** Search folders in "c:\users\s***\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Search folders in "C:\Users\S***\AppData\Local\virtualstore\Program Files" ***



*** Search folders in "C:\Users\S***\AppData\Local" ***




*** Search folders in "C:\Users\S***\AppData\Roaming" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : h***://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\Windows\system32" *

* Scan in "C:\Users\S***\AppData\Local\Microsoft" *

* Scan in "C:\Users\S***\AppData\Local" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\Windows\system32" :


* In "C:\Users\S***\AppData\Local\Microsoft" :


* In "C:\Users\S***\AppData\Local" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 11.04.2009 at 20:32:45,72 ***

john.doe 11.04.2009 19:42
Navilog kannst du deinstallieren. Muss wohl ein FP sein. Noch zwei Scans, dann hast du es hinter dir.

1.) http://www.trojaner-board.de/51871-a...tispyware.html (nur Punkt 1-3)

2.) http://www.trojaner-board.de/54192-a...tellungen.html

ciao, andreas

Stefan H 11.04.2009 22:43
RAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2009 at 11:38 PM

Application Version : 4.26.1000

Core Rules Database Version : 3839
Trace Rules Database Version: 1795

Scan type : Complete Scan
Total Scan Time : 00:55:02

Memory items scanned : 677
Memory threats detected : 0
Registry items scanned : 6148
Registry threats detected : 0
File items scanned : 121092
File threats detected : 122

Adware.Tracking Cookie
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@atwola[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ads3.exp[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@xiti[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ads.allvatar[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@count.rbc[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@nacamar.adbureau[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@indextools[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@www.etracker[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@edge.download.newmedia.nacamar[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@smartadserver[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@tto2.traffictrack[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[4].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@traffictrack[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@fastclick[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@sevenoneintermedia.112.2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@stat.onestat[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@adserver.71i[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@tradedoubler[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@tns-counter[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ehg.hitbox[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ads.heias[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@s2.trafficmaxx[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@doubleclick[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@adserver.unitedcolo[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ad.71i[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@4stats[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@statcounter[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@bs.serving-sys[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@serving-sys[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@apmebf[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[6].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ad.zanox[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@adtech[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@atdmt[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@mediaplex[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[7].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@werbung.neuemedia[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@livestat.derstandard[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@adfarm1.adition[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@komtrack[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@track.webtrekk[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@statse.webtrendslive[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@advertising[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@tribalfusion[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ad.yieldmanager[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@ads.h1351109.stratoserver[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@advertising.online-media24[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@rambler[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[5].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[8].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@media.wow-europe[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@webmasterplan[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@imrworldwide[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@realmedia[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@de.sitestat[3].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@www.zanox-affiliate[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@a2.adserver01[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@zbox.zanox[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\stefan@akad.stats.seitenblick[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@a2.adserver01[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ad.71i[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ad.ad-srv[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ad.yieldmanager[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ad.zanox[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adbureau[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adfarm1.adition[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adrevolver[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ads.heias[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ads.ingame[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@ads.planetactive[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adserver.71i[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adserving.favorit-network[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@adtech[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@apmebf[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@atdmt[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@bs.serving-sys[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@c7.zedo[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@casalemedia[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@cgm.adbureau[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@count.rbc[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@data.coremetrics[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@de2.komtrack[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@doubleclick[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@eas.apm.emediate[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@eas4.emediate[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@electronicarts.112.2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@euros4click[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@fastclick[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@imrworldwide[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@indextools[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@komtrack[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@media.adrevolver[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@msnportal.112.2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@questionmarket[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@realmedia[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@revsci[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@s2.trafficmaxx[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@serving-sys[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@sevenoneintermedia.112.2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@statse.webtrendslive[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tns-counter[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tracking.3gnet[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tradedoubler[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@traffictrack[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tribalfusion[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@tto2.traffictrack[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@vodafonegroup.122.2o7[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@webmasterplan[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@www.etracker[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@www.googleadservices[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@www.zanox-affiliate[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@xiti[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@yadro[2].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@zanox-affiliate[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@zanox[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@zbox.zanox[1].txt
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@zedo[2].txt

Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE

john.doe 11.04.2009 22:46
Deinstalliere:
  • SuperAntiSpyware
  • Navilog

ciao, andreas

Stefan H 11.04.2009 22:54
getan,

alles sauber?

john.doe 11.04.2009 23:07
Wo ist das Log von Avira? Wenn nichts gefunden wurde, dann bist du sauber. :)

Frohe Ostern,
andreas


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:41 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131