|
| |||||||
| Registrieren | Website Spy | Member List | Spenden | Suche | Die heutige Beiträge | Alle Foren als gelesen markieren | Forum-Regeln |
 |
 |
| | Thread Tools |
|
#1
25. März 2008, 08:58
| |||
| |||
| Trojanisches Pferd Hallo, Ich habe ein Problem mit einem Trojanischen Pferd. Warnmeldung "C: \ windows \ system32 \ crypt32n.dll Trojanisches Pferd BHO.CVX Ich habe AVG laufen und identifiziert die Datei bewegt es tom das Gewölbe, sondern auf Re-Boot ist es wieder da. Ich habe versucht die Datei zu löschen, die nicht in Windows. Ich habe versucht Umbenennung in Windows (mit dem Ziel, sie zu streichen), dass nicht. Ich habe versucht, um wieder und wieder mein PC, aber ich kann nicht noch einmal über den Beginn des Monats, und ich hatte diese schon vor Weihnachten. Mein PC zu sein scheint ok, aber ich bin immer noch besorgt, dass ich einen Virus! Gibt es etwas, was kann ich tun? Hilfe sehr dankbar Grüße Ian A |
|
#2
25. März 2008, 10:47
| |||
| |||
Trojanisches Pferd Willkommen bei CJ.
__________________  |
|
#3
25. März 2008, 14:33
| |||
| |||
| Trojanisches Pferd Hi Evil Fantansy Ich habe versucht diese zu Beginn des Monats, hier ist das Protokoll. Hoffe, dass dies bedeutet, etwas für Sie Meine Finger sind gekreuzt Ta Ian A StartupList Bericht, 05.03.2008, 14:49:42 StartupList Version: 1.52.2 Schritte aus: C: \ Dokumente und Einstellungen \ Iana \ Desktop \ HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Erkannt: Internet Explorer v7.00 (7.00.6000.16608) * Bei Verwendung von Standard-Optionen * Einschließlich leer und uninteressant Abschnitte * Anzeigen selten wichtige Abschnitte ==========================================\u0 Laufenden Prozesse: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Dokumente und Einstellungen \ Iana \ Desktop \ HijackThis.exe -------------------------------------------------- Liste der Start-Ordner: Shell Folders Startup: [C: \ Dokumente und Einstellungen \ Iana \ Start Menu \ Programs \ Startup] * Keine Dateien * Shell Folders AltStartup: * Ordner nicht gefunden * User Shell Folders Startup: * Ordner nicht gefunden * User Shell Folders AltStartup: * Ordner nicht gefunden * Shell Folders Common Startup: [C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Autostart] Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE Shell Folders Gemeinsame AltStartup: * Ordner nicht gefunden * User Shell Folders Common Startup: * Ordner nicht gefunden * User Shell Folders Alternate Common Startup: * Ordner nicht gefunden * -------------------------------------------------- Die Überprüfung von Windows NT Userinit: [HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] Userinit = "C: \ WINDOWS \ system32 \ userinit.exe, [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Win logon] * Registry Key nicht gefunden * [HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] * Registry Wert nicht gefunden * [HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Win logon] * Registry Key nicht gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run SynTPEnh = C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe Toshiba Hotkey Utility = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en TPSMain = TPSMain.exe NDSTray.exe = NDSTray.exe Smoothview = C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe PadTouch = C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe DLA = C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE CFSServ.exe = CFSServ.exe-NoClient REGSHAVE = C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / autorun ACU = "C: \ Program Files \ Atheros \ ACU.exe"-nogui TkBellExe = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot QuickTime Task = "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime ! AVG Anti-Spyware = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiert AVG7_CC = C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP SunJavaUpdateSched = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" Salestart = "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; AD = http://avsystemcare.com Adobe Reader Speed Launcher = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" OpwareSE2 = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" OPSE Erinnerung = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini" -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Wenn * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run TOSCDSPD = C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe ctfmon.exe = C: \ WINDOWS \ system32 \ ctfmon.exe PnPUI Registrator = C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s MSMSGS = "C: \ Program Files \ Messenger \ msmsgs.exe" / Hintergrund -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Wenn * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry Key nicht gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry Key nicht gefunden * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run [OptionalComponents] = -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Wenn [Setup] * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Wenn [Setup] * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * No subkeys found * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry Key nicht gefunden * -------------------------------------------------- Autostart-Einträge in der Registry Unterschlüssel von: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Registry Key nicht gefunden * -------------------------------------------------- Dateizuordnung Eintrag. EXE: HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Dateizuordnung Eintrag. COM: HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Dateizuordnung Eintrag. BVT: HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Dateizuordnung Eintrag. PIF: HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Dateizuordnung Eintrag. SCR: HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command (Default) = "% 1" / S -------------------------------------------------- Dateizuordnung Eintrag. HTA: HKEY_CLASSES_ROOT \ htafile \ shell \ open \ command (Default) = "C: \ WINDOWS \ system32 \ mshta.exe"% 1 "% * -------------------------------------------------- Dateizuordnung Eintrag. TXT: HKEY_CLASSES_ROOT \ NetLog.Document \ shell \ open \ comma nd (Default) = "C: \ EPICOM ~ 1/02 \ EPICom2.02 \ EPICOM ~ 1.EXE / dde -------------------------------------------------- Aufzählung Active Setup stub Wege: HKLM \ Software \ Microsoft \ Active Setup \ Installed Components (* = Disabled by HKCU twin) [<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] * StubPath = "C: \ WINDOWS \ system32 \ ieudinit.exe [> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)] StubPath = "C: \ WINDOWS \ inf \ unregmp2.exe / ShowWMP [> (26923b43-4d38-484f-9b9e-de460746276c)] * StubPath = "C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig [> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] * StubPath =% systemroot% \ system32 \ shmgrate.exe OCInstallUserConfigOE [(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] * StubPath =% SystemRoot% \ system32 \ regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll [(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / CALLER: WINNT / user / install [(7790769C-0471-11d2-AF11-00C04FA35D02)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / CALLER: WINNT / user / install [(89820200-ECBD-11cf-8B85-00AA005B4340)] * StubPath = regsvr32.exe / s / n / i: U shell32.dll [(89820200-ECBD-11cf-8B85-00AA005B4383)] * StubPath = "C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings -------------------------------------------------- Aufzählung ICQ Agent Autostart apps: HKCU \ Software \ Mirabilis \ ICQ \ Agent \ Apps * Registry Key nicht gefunden * -------------------------------------------------- Load / Run-Schlüssel von C: \ WINDOWS \ WIN.INI: Last =* INI Abschnitt nicht gefunden * run =* INI Abschnitt nicht gefunden * Load / Run-Schlüssel aus der Registry: HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry Wert nicht gefunden * HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry Wert nicht gefunden * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry Key nicht gefunden * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: run =* Registry Key nicht gefunden * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry Wert nicht gefunden * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry Wert nicht gefunden * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry Key nicht gefunden * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: run =* Registry Key nicht gefunden * HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load = HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry Wert nicht gefunden * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: load =* Registry Wert nicht gefunden * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry Wert nicht gefunden * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs = -------------------------------------------------- Shell & screensaver Schlüssel von C: \ WINDOWS \ SYSTEM.INI: Shell =* INI Abschnitt nicht gefunden * SCRNSAVE.EXE =* INI Abschnitt nicht gefunden * Treiber =* INI Abschnitt nicht gefunden * Shell & screensaver Schlüssel aus der Registry: Shell = Explorer.exe SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ logon.scr Treiber =* Registry Wert nicht gefunden * Policies Shell key: HKCU \ .. \ Policies: Shell =* Registry Wert nicht gefunden * HKLM \ .. \ Policies: Shell =* Registry Wert nicht gefunden * -------------------------------------------------- Prüfen für EXPLORER.EXE Instanzen: C: \ WINDOWS \ Explorer.exe: PRESENT! C: \ Explorer.exe: nicht vorhanden C: \ WINDOWS \ Explorer \ Explorer.exe: nicht vorhanden C: \ WINDOWS \ System \ Explorer.exe: nicht vorhanden C: \ WINDOWS \ System32 \ Explorer.exe: nicht vorhanden C: \ WINDOWS \ Command \ Explorer.exe: nicht vorhanden C: \ WINDOWS \ Fonts \ Explorer.exe: nicht vorhanden -------------------------------------------------- Prüfen superhidden für Erweiterungen: . lnk: HIDDEN! (arrow overlay: yes) . pif: HIDDEN! (arrow overlay: yes) . exe: nicht verborgen . com: nicht verborgen . bat: nicht verborgen . hta: nicht verborgen . scr: nicht verborgen . shs: HIDDEN! . shb: HIDDEN! . VBS: nicht verborgen . vbe: nicht verborgen . wsh: nicht verborgen . scf: HIDDEN! (arrow overlay: NO!) . url: HIDDEN! (arrow overlay: yes) . js: nicht verborgen . jse: nicht verborgen -------------------------------------------------- Überprüfen REGEDIT.EXE Integrität: - Regedit.exe found in C: \ WINDOWS -. Reg offen Befehl ist normal (regedit.exe% 1) - Name der Firma OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE " - File description: 'Registrierungs-Editor " Registry Check bestanden -------------------------------------------------- Aufzuzählen, Browser Helper Objects: (no name) - c: \ windows \ system32 \ athcfg11c.dll (file missing) - (51610169-C280-4F36-84AB-82D92ED1F68B) (no name) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) (no name) - C: \ Program Files \ Google \ googletoolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7) (no name) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6) -------------------------------------------------- Aufzählung Task Scheduler Jobs: AppleSoftwareUpdate.job At1.job Norton Security Scan.job RegCure Programm Check.job RegCure.job -------------------------------------------------- Aufzählung Download Program Files: [Microsoft XML Parser für Java] CODEBASE = file: / / / C: / Windows / Java / classes / xmldso.cab OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML Parser für Java.osd [iPIX ActiveX Control] InProcServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ ipixx.ocx CODEBASE = http://www.ipix.com/download/ipixx.cab [Shockwave ActiveX Control] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Director \ SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab [MUWebControl Class] InProcServer32 = C: \ WINDOWS \ system32 \ muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1197453622703 [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab [(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)] CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab [a-squared Scanner] InProcServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab -------------------------------------------------- Aufzählung Winsock LSP-Dateien: NameSpace # 1: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 2: C: \ WINDOWS \ System32 \ winrnr.dll NameSpace # 3: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 4: C: \ WINDOWS \ System32 \ nwprovau.dll Protokoll # 1: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 2: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll Nr. 3: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll Nr. 4: C: \ WINDOWS \ system32 \ rsvpsp.dll Protokoll # 5: C: \ WINDOWS \ system32 \ rsvpsp.dll Protokoll # 6: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 7: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 8: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 9: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 10: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 11: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 12: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 13: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 14: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 15: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 16: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 17: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 18: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 19: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 20: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 21: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 22: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 23: C: \ WINDOWS \ system32 \ mswsock.dll Protokoll # 24: C: \ WINDOWS \ system32 \ mswsock.dll -------------------------------------------------- Aufzählung Windows NT/2000/XP Dienste Microsoft ACPI-Treiber: system32 \ DRIVERS \ ACPI.sys (system) Microsoft-Embedded-Controller-Treiber: system32 \ DRIVERS \ ACPIEC.sys (System) Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (Autostart) Microsoft Kernel Acoustic Echo Canceller: system32 \ drivers \ aec.sys (manueller Start) AFD: \ SystemRoot \ System32 \ drivers \ Afd.sys (System) Warndienst:% SystemRoot% \ system32 \ svchost.exe-k LocalService (disabled) Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (manueller Start) Application Management:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manueller Start) Atheros Wireless Network Adapter Service: system32 \ DRIVERS \ ar5211.sys (manueller Start) ASP.NET State Service:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (manueller Start) RAS Asynchronous Media Driver: system32 \ DRIVERS \ asyncmac.sys (manueller Start) Standard IDE / ESDI Hard Disk Controller: system32 \ DRIVERS \ Atapi.sys (System) Ati HotKey Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (autostart) ati2mtag: system32 \ DRIVERS \ ati2mtag.sys (manueller Start) ATM ARP Client Protocol: system32 \ DRIVERS \ atmarpc.sys (manueller Start) Windows Audio:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Audio Stub Driver: system32 \ DRIVERS \ audstub.sys (manueller Start) AVG Anti-Spyware Driver: \?? \ C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.sys (System) AVG Anti-Spyware Guard: C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe (autostart) AVG7 Alert Manager Server: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (autostart) AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (System) AVG7 Wrap Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (System) AVG7 Resident Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (System) AVG7 Update Service: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (autostart) AVG Anti-Spyware Clean Driver: System32 \ DRIVERS \ AvgAsCln.sys (System) AVG7 Clean Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (System) Background Intelligent Transfer Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Access 32bits INT15 Routine: system32 \ drivers \ BoiHwSetup.sys (manueller Start) BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (Autostart) Computerbrowser:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Logical Disk Manager Monitor:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Conexant AMC 3D Environmental Audio: system32 \ drivers \ camc6aud.sys (manueller Start) CAMCHALA: system32 \ drivers \ camc6hal.sys (manueller Start) CD-ROM-Treiber: system32 \ DRIVERS \ cdrom.sys (System) ConfigFree Service: C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe (Autostart) Indexing Service:% SystemRoot% \ system32 \ cisvc.exe (manueller Start) Ablagemappe:% SystemRoot% \ system32 \ clipsrv.exe (Behinderte) Microsoft ACPI Control Method Battery Driver: system32 \ DRIVERS \ CmBatt.sys (manueller Start) Microsoft Composite Battery-Treiber: system32 \ DRIVERS \ compbatt.sys (System) COM + System Application: C: \ WINDOWS \ system32 \ "Dllhost.exe / ProcessID: (02D4B3F1-FD88-11D1-960D-00805FC79235) (manueller Start) Cryptographic Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) DCOM-Server-Prozess Launcher:% SystemRoot% \ system32 \ svchost-k DcomLaunch (Autostart) DHCP-Client:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Disk-Treiber: system32 \ DRIVERS \ Disk.sys (System) DLABOIOM: System32 \ DLA \ DLABOIOM.SYS (Autostart) DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (System) DLADResN: System32 \ DLA \ DLADResN.SYS (Autostart) DLAIFS_M: System32 \ DLA \ DLAIFS_M.SYS (Autostart) DLAOPIOM: System32 \ DLA \ DLAOPIOM.SYS (Autostart) DLAPoolM: System32 \ DLA \ DLAPoolM.SYS (Autostart) DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (System) DLAUDFAM: System32 \ DLA \ DLAUDFAM.SYS (Autostart) DLAUDF_M: System32 \ DLA \ DLAUDF_M.SYS (Autostart) Logical Disk Manager Administrative Service:% SystemRoot% \ System32 \ Dmadmin.exe / com (manueller Start) dmboot: System32 \ drivers \ dmboot.sys (Behinderte) Logical Disk Manager Driver: System32 \ drivers \ dmio.sys (System) dmload: System32 \ drivers \ dmload.sys (System) Logical Disk Manager:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel-DLS Syntheiszer: system32 \ drivers \ DMusic.sys (manueller Start) DNINDIS5 NDIS Protocol Driver: \?? \ C: \ PROGRA ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SYS (manueller Start) DNS-Client:% SystemRoot% \ system32 \ svchost.exe-k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32 \ drivers \ drmkaud.sys (manueller Start) DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (System) DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (Autostart) Error Reporting Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Ereignisprotokoll:% SystemRoot% \ system32 \ services.exe (autostart) COM +-Ereignissystem: C: \ WINDOWS \ system32 \ svchost.exe-k netsvcs (manueller Start) Fast User Switching Kompatibilität:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manueller Start) FltMgr: system32 \ DRIVERS \ fltMgr.sys (System) Volume Manager Driver: system32 \ DRIVERS \ Ftdisk.sys (System) Generic Packet Classifier: system32 \ DRIVERS \ msgpc.sys (manueller Start) GTNDIS5 NDIS Protocol Driver: \?? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (manueller Start) Google Updater Service: "C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe" (manueller Start) Hilfe und Support:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Human Interface Device Access:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (disabled) Microsoft HID Class-Treiber: system32 \ DRIVERS \ Hidusb.sys (manueller Start) hlkvythd: system32 \ drivers \ vzrpdamf.dat (System) HSFHWATI: system32 \ DRIVERS \ HSFHWATI.sys (manueller Start) HSF_DPV: system32 \ DRIVERS \ HSF_DPV.sys (manueller Start) HTTP: System32 \ Drivers \ HTTP.sys (manueller Start) HTTP-SSL:% SystemRoot% \ System32 \ svchost.exe-k HTTPFilter (manueller Start) i8042-Tastatur und PS / 2 Maus-Port-Treiber: system32 \ DRIVERS \ I8042prt.sys (System) InstallDriver Table Manager: "C: \ Programme \ Gemeinsame Dateien \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (manueller Start) CD-Brennen Filter Driver: system32 \ DRIVERS \ imapi.sys (System) IMAPI CD-Burning COM Service: C: \ WINDOWS \ system32 \ imapi.exe (manueller Start) Intel-Prozessor-Treiber: system32 \ DRIVERS \ Intelppm.sys (System) IPv6-Windows-Firewall-Treiber: system32 \ DRIVERS \ Ip6Fw.sys (manueller Start) IP Traffic Filter Driver: system32 \ DRIVERS \ ipfltdrv.sys (manueller Start) IP in IP Tunnel Driver: system32 \ DRIVERS \ ipinip.sys (manueller Start) IP Network Address Translator: system32 \ DRIVERS \ ipnat.sys (manueller Start) IPSEC-Treiber: system32 \ DRIVERS \ ipsec.sys (System) IR Enumerator Service: system32 \ DRIVERS \ irenum.sys (manueller Start) PnP ISA / EISA Bus Driver: system32 \ drivers \ isapnp.sys (System) IVI ASPI Shell: system32 \ drivers \ iviaspi.sys (manueller Start) Keyboard-Klasse-Treiber: system32 \ DRIVERS \ Kbdclass.sys (System) Microsoft Kernel Wave Audio Mixer: system32 \ drivers \ Kmixer.sys (manueller Start) Server:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Workstation:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) TCP / IP-NetBIOS-Hilfsprogramm:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) mdmxsdk: system32 \ DRIVERS \ mdmxsdk.sys (Autostart) Messenger:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (disabled) NetMeeting Remote Desktop Sharing: C: \ WINDOWS \ system32 \ mnmsrvc.exe (manueller Start) Maus-Klasse-Treiber: system32 \ DRIVERS \ mouclass.sys (System) Maus-HID-Treiber: system32 \ DRIVERS \ mouhid.sys (manueller Start) WebDAV-Client Redirector: system32 \ DRIVERS \ mrxdav.sys (manueller Start) MRxSmb: system32 \ DRIVERS \ Mrxsmb.sys (System) Distributed Transaction Coordinator: C: \ WINDOWS \ system32 \ msdtc.exe (manueller Start) Windows Installer: C: \ WINDOWS \ system32 \ msiexec.exe / V (manueller Start) Microsoft Streaming Service Proxy: system32 \ drivers \ MSKSSRV.sys (manueller Start) Microsoft Streaming Clock Proxy: system32 \ drivers \ MSPCLOCK.sys (manueller Start) Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (manueller Start) Microsoft System Management BIOS-Treiber: system32 \ DRIVERS \ mssmbios.sys (manueller Start) Remote Access-NDIS-TAPI-Treiber: system32 \ DRIVERS \ ndistapi.sys (manueller Start) NDIS Usermode I / O-Protokoll: System32 \ DRIVERS \ Ndisuio.sys (manueller Start) Remote Access NDIS WAN-Treiber: system32 \ DRIVERS \ Ndiswan.sys (manueller Start) NetBIOS-Schnittstelle: system32 \ DRIVERS \ netbios.sys (System) NetBios über Tcpip: system32 \ DRIVERS \ Netbt.sys (System) Netzwerk-DDE:% SystemRoot% \ system32 \ netdde.exe (Behinderte) Netzwerk-DDE-DSDM:% SystemRoot% \ system32 \ netdde.exe (Behinderte) TOSHIBA Network Device Usermode I / O-Protokoll: System32 \ DRIVERS \ netdevio.sys (Autostart) Net Logon:% SystemRoot% \ system32 \ lsass.exe (autostart) Netzwerkverbindungen:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manueller Start) NLA (Network Location Awareness):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manueller Start) NT LM Security Support Provider:% SystemRoot% \ system32 \ lsass.exe (manueller Start) Removable Storage:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manueller Start) Client Service für NetWare:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) IPX Traffic Filter Driver: system32 \ DRIVERS \ nwlnkflt.sys (manueller Start) IPX Traffic Forwarder Driver: system32 \ DRIVERS \ nwlnkfwd.sys (manueller Start) NWLink IPX / SPX / NetBIOS-kompatibles Transport Protocol: system32 \ DRIVERS \ Nwlnkipx.sys (Autostart) NWLink NetBIOS: system32 \ DRIVERS \ nwlnknb.sys (Autostart) NWLink SPX / SPXII Protokoll: System32 \ DRIVERS \ nwlnkspx.sys (Autostart) NetWare Rdr: system32 \ DRIVERS \ nwrdr.sys (manueller Start) Office Source Engine: "C: \ Programme \ Gemeinsame Dateien \ Microsoft Shared \ Source Engine \" Ose.exe "(manueller Start) PCI-Bus-Treiber: system32 \ DRIVERS \ pci.sys (system) PCIIde: system32 \ DRIVERS \ pciide.sys (System) Pcmcia: system32 \ DRIVERS \ Pcmcia.sys (System) Padus ASPI Shell: system32 \ drivers \ pfc.sys (manueller Start) Plug-and-Play:% SystemRoot% \ system32 \ services.exe (autostart) IPSec-Dienste:% SystemRoot% \ system32 \ lsass.exe (autostart) WAN-Miniport (PPTP): system32 \ DRIVERS \ raspptp.sys (manueller Start) Protected Storage:% SystemRoot% \ system32 \ lsass.exe (autostart) QoS-Paketplaner: system32 \ DRIVERS \ psched.sys (manueller Start) Direct Parallel Link Driver: system32 \ DRIVERS \ ptilink.sys (manueller Start) PxHelp20: System32 \ Drivers \ PxHelp20.sys (System) Quanta HotKey Keyboard Filter Driver: system32 \ drivers \ qkbfiltr.sys (manueller Start) Quanta HotKey Mouse Filter Driver: system32 \ drivers \ qmofiltr.sys (manueller Start) Remote Access Auto Connection Driver: system32 \ DRIVERS \ rasacd.sys (System) Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manueller Start) WAN-Miniport (L2TP): system32 \ DRIVERS \ rasl2tp.sys (manueller Start) Remote Access Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manueller Start) Remote Access PPPOE Driver: system32 \ DRIVERS \ raspppoe.sys (manueller Start) Direct Parallel: system32 \ DRIVERS \ raspti.sys (manueller Start) Rdbss: system32 \ DRIVERS \ Rdbss.sys (System) RDPCDD: System32 \ DRIVERS \ RDPCDD.sys (System) Terminal Server Device Redirector Driver: system32 \ DRIVERS \ rdpdr.sys (manueller Start) Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ Sessmgr.exe (manueller Start) Digital-Audio-CD-Wiedergabe Filter Driver: system32 \ DRIVERS \ redbook.sys (System) Routing-und RAS:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (disabled) Remote-Registrierung:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) Remote Procedure Call (RPC) Locator:% SystemRoot% \ system32 \ Locator.exe (manueller Start) Remote Procedure Call (RPC):% SystemRoot% \ system32 \ svchost-k RPCSS (Autostart) QoS-RSVP:% SystemRoot% \ system32 \ rsvp.exe (manueller Start) Belkin RT2500 Wireless Driver: system32 \ DRIVERS \ RT61.sys (manueller Start) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32 \ DRIVERS \ Rtlnicxp.sys (manueller Start) Realtek RTL8139 (A / B / C)-basierten PCI-Fast Ethernet Adapter NT Driver: system32 \ DRIVERS \ RTL8139.sys (manueller Start) Security Accounts Manager:% SystemRoot% \ system32 \ lsass.exe (autostart) Smart Card:% SystemRoot% \ System32 \ scardsvr.exe (manueller Start) Taskplaner:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Secdrv: system32 \ DRIVERS \ secdrv.sys (manueller Start) Sekundäre Anmeldung:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) System Event Notification:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Sitecom Serial-Port-Treiber: system32 \ DRIVERS \ ser2pl.sys (manueller Start) Serenum Filter Driver: system32 \ DRIVERS \ serenum.sys (manueller Start) High-Capacity Floppy Disk Drive: system32 \ DRIVERS \ sfloppy.sys (manueller Start) Windows Firewall / Internet Connection Sharing (ICS):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Shell Hardware Detection:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32 \ drivers \ Splitter.sys (manueller Start) Druckwarteschlange:% SystemRoot% \ system32 \ spoolsv.exe (autostart) System Filter Driver: system32 \ DRIVERS \ sr.sys (System) System Restore Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Srv: System32 \ Drivers \ Srv.sys (manueller Start) SSDP Discovery Service:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manueller Start) Serial Digital Still Camera Treiber: system32 \ DRIVERS \ serscan.sys (manueller Start) Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ svchost.exe-k imgsvc (Autostart) Software Bus Driver: system32 \ DRIVERS \ swenum.sys (manueller Start) Microsoft Kernel GS Wavetable Synthesizer: system32 \ drivers \ swmidi.sys (manueller Start) MS Software Shadow Copy Provider: C: \ WINDOWS \ system32 \ "Dllhost.exe / ProcessID: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (manueller Start) Synaptics TouchPad Driver: system32 \ DRIVERS \ SynTP.sys (manueller Start) Microsoft Kernel System Audio Device: system32 \ drivers \ sysaudio.sys (manueller Start) Performance und Warnungen:% SystemRoot% \ system32 \ smlogsvc.exe (manueller Start) Telefonie:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manueller Start) TCP / IP-Protokoll-Treiber: system32 \ drivers \ tcpip.sys (system) Terminal-Gerätetreiber: system32 \ DRIVERS \ termdd.sys (System) Terminal-Dienste:% SystemRoot% \ System32 \ svchost-k DcomLaunch (manueller Start) Themen:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (Behinderte) tmcomm: \?? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys (Autostart) Distributed Link Tracking Client:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Microcode Update Driver: system32 \ DRIVERS \ update.sys (manueller Start) Universal Plug and Play Device Host:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manueller Start) Unterbrechungsfreie Stromversorgung:% SystemRoot% \ System32 \ ups.exe (manueller Start) Microsoft USB Generic Parent Driver: system32 \ DRIVERS \ Usbccgp.sys (manueller Start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32 \ DRIVERS \ Usbehci.sys (manueller Start) USB2 Enabled Hub: system32 \ DRIVERS \ Usbhub.sys (manueller Start) Microsoft USB Open Host Controller Miniport Driver: system32 \ DRIVERS \ Usbohci.sys (manueller Start) Microsoft USB-Drucker Klasse: system32 \ DRIVERS \ usbprint.sys (manueller Start) USB-Scanner-Treiber: system32 \ DRIVERS \ usbscan.sys (manueller Start) USB Mass Storage Driver: system32 \ DRIVERS \ Usbstor.sys (manueller Start) Linksys Wireless-G USB Network Adapter mit SpeedBooster Driver v2: System32 \ DRIVERS \ usb8023.sys (manueller Start) VgaSave: \ SystemRoot \ System32 \ drivers \ vga.sys (System) Volume Shadow Copy:% SystemRoot% \ System32 \ Vssvc.exe (manueller Start) Windows Time:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Remote Access-IP-ARP-Treiber: system32 \ DRIVERS \ wanarp.sys (manueller Start) Windows CE USB Serial Host Driver: system32 \ DRIVERS \ wceusbsh.sys (manueller Start) Microsoft WINMM WDM Audio Compatibility Driver: system32 \ drivers \ wdmaud.sys (manueller Start) WebClient:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) winachsf: system32 \ DRIVERS \ HSF_CNXT.sys (manueller Start) Windows Management Instrumentation:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Portable Media Serial Number Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manueller Start) Windows Management Instrumentation Driver Extensions:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manueller Start) WMI Performance Adapter: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (manueller Start) Windows Media Player Network Sharing Service: "C: \ Program Files \ Windows Media Player \ WMPNetwk.exe" (manueller Start) Windows Socket 2,0 Non-IFS Service Provider Support Environment: \ SystemRoot \ System32 \ drivers \ ws2ifsl.sys (Behinderte) Sicherheits-Center:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Automatische Updates:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Windows Driver Foundation - User-Mode Driver Framework Platform Driver: system32 \ DRIVERS \ WudfPf.sys (manueller Start) Windows Driver Foundation - User-Mode Driver Framework Reflector: system32 \ DRIVERS \ wudfrd.sys (manueller Start) Windows Driver Foundation - User-Mode Driver Framework:% SystemRoot% \ system32 \ svchost.exe-k WudfServiceGroup (manueller Start) Wireless Zero Configuration ":% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Network Provisioning Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manueller Start) -------------------------------------------------- Aufzählung Windows NT logon / logoff scripts: * Keine Scripts zu laufen * Windows NT CheckDisk Befehl ein: BootExecute = autocheck Autochk * Windows NT "Wininit.ini": PendingFileRenameOperations: * Registry Wert nicht gefunden * -------------------------------------------------- Aufzählung ShellServiceObjectDelayLoad items: PostBootReminder: C: \ WINDOWS \ system32 \ SHELL32.DLL CDBurn: C: \ WINDOWS \ system32 \ SHELL32.DLL WebCheck: C: \ WINDOWS \ system32 \ Webcheck.dll SysTray: C: \ WINDOWS \ system32 \ stobject.dll UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll -------------------------------------------------- Autostart-Einträge aus der Registry: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Keine Werte gefunden * -------------------------------------------------- Autostart-Einträge aus der Registry: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Keine Werte gefunden * -------------------------------------------------- Ende des Berichts, 38242 bytes Bericht in 0,266 Sekunden Kommandozeilen-Optionen: / verbose - zusätzliche Informationen über jeden Abschnitt / vollständiges - auch leere Abschnitte und unauffälliger Daten / voll - nur selten auf mehrere wichtige Abschnitte / force9x - auf Win9x-Start-ups, auch wenn nur auf WinNT / forcent - um nur WinNT-Start-ups, auch wenn auf Win9x / forceall - auf alle Win9x und WinNT Startups, unabhängig von der Plattform / Geschichte - zur Liste Versionshistorie nur |
|
#4
25. März 2008, 14:47
| |||
| |||
| Trojanisches Pferd Das ist ein Start von HJT die Liste ist nützlich, aber ich brauche die Scan. HJT Öffnen und wählen Sie die Führen Sie einen System-Scan und speichern Sie eine Log-Datei -Taste. Melden Sie sich bitte, dass die Post.
__________________ |
|
#5
27. März 2008, 12:47
| |||
| |||
| Trojanisches Pferd Hi, Sorry, wenn ich mich langsam in der Antwort, aber ich bin mit Schwierigkeiten bei der Speicherung der Scan! Ich war in HJT laufen "Führen Sie einen System-Scan und eine Log-Datei speichern, aber wenn es versucht, um eine Protokolldatei es nicht. Die einzige Möglichkeit sehe ich für die Bereitstellung dieser Informationen ist, wenn ich eine Kopie des Bildes, sondern um, dass es eine große Datei, glauben Sie, das ist eine gute Idee, oder gibt es etwas anderes kann ich versuchen? Grüße Ian A |
|
#6
27. März 2008, 12:58
| |||
| |||
| Trojanisches Pferd Versuchen Sie diese statt und nach in die Protokolle von ihm. Herunterladen Deckard's System Scanner (DSS) zu Ihrem Desktop. Hinweis: Sie müssen angemeldet sein, auf ein Konto mit Administratorrechten.
Was DSS wird:
__________________ |
|
#7
28. März 2008, 14:41
| |||
| |||
| Trojanisches Pferd Hi Ich muss denken! Ich habe versucht, in die heiße Link Deckards Scanner, aber ich kann nicht finden die dss.exe. Deckards fragt mich zu registrieren, um eine andere Web-Site Forum einzurichten, ähnlich dem, das ich mich jetzt schon auf Bitte erläutern Sie, Ian |
|
#8
28. März 2008, 14:46
| |||
| |||
| Trojanisches Pferd Benutzen Sie diesen Link. http://www.techsupportforum.com/sect...eckard/dss.exe
__________________ |
|
#9
7. April 2008, 00:56
| |||
| |||
| Trojanisches Pferd Hallo, Sorry, wenn es irgendwann, da ich schon zurück, aber ich bin weg Ich habe jetzt zu tun, die Scan-und hier sind die Ergebnisse System Restore ------------------------------------------------ -------------- Erfolgreich ein Deckard's System Scanner Restore Point. - Letzte 5 Restore Point (s) -- 49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Scanner Restore Point 48: 2008-04-07 06:07:59 UTC - RP159 - System Checkpoint 47: 2008-04-01 17:50:42 UTC - RP158 - System Checkpoint 46: 2008-03-28 20:48:03 UTC - RP157 - Installed SUPERAntiSpyware Free Edition 45: 2008-03-28 19:02:25 UTC - RP156 - System Checkpoint - First Restore Point -- 1: 2008-01-04 07:54:54 UTC - RP112 - System Checkpoint Gesichert Registrierungsstrukturen. Performed disk cleanup. Prozentsatz der Erinnerung im Einsatz: 76% (mehr als 75%). Total Physical Memory: 447 MiB (512 MiB empfohlen). - HijackThis (run als iana.exe) ---------------------------------------- -------- Logfile von Trend Micro HijackThis V2.0.2 Scan gespeichert um 08:52:30 am 07/04/2008 Plattform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot-Modus: Normal Laufenden Prozesse: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ AcroRd32.exe C: \ WINDOWS \ system32 \ WISPTIS.EXE C: \ Dokumente und Einstellungen \ Iana \ Lokale Einstellungen \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ dss [1]. Exe C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ Hijack ~ 1 \ iana.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = flotechsvr: 8080 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - C: \ Windows \ system32 \ athcfg11c.dll (file missing) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Toshiba Hotkey Utility] "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe O4 - HKLM \ .. \ Run: [smoothview] C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / autorun O4 - HKLM \ .. \ Run: [ACU] "C: \ Program Files \ Atheros \ ACU.exe"-nogui O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiert O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" O4 - HKLM \ .. \ Run: [OPSE Erinnerung] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . ini " O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [PnPUI Registrator] C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / Hintergrund O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RUNONCE (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RUNONCE (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RUNONCE (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RUNONCE (User 'Default User ") O4 - Global Startup: Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE O9 - Extra Knopf: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI05E6 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra-Taste: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll O14 - IERESET.INF: START_PAGE_URL = http://companyweb O16 - DPF: (11260943-421B-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1197453622703 O16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (a-squared Scanner) -- http://ax.emsisoft.com/asquared.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ Software \ .. \ Telephony: DomainName = flotech.local O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: detcdzqc - athcfg11c.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unbekannte Eigentümer - C: \ WINDOWS \ system32 \ acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - Brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programme \ Gemeinsame Dateien \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe -- Ende der Datei - 9862 bytes - HijackThis Fixed Entries (C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ Hijack ~ 1 \ backups \) ----------- backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ WKS-216 \ EPSON Stylus C46 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ E_S4I0T 1.EXE / P33 "\ \ WKS-216 \ EPSON Stylus C46 Series "/ O6" USB002 "/ M" Stylus C46 " backup-20071217-071110-763 O16 - DPF: (935F9B04-0C7B-4454-A391-348C54AD7ADD) (Jolly Bear Games Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab backup-20071219-071455-100 O20 - Winlogon Notify: detcdzqc - C: \ WINDOWS \ SYSTEM32 \ athcfg11c.dll backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Environment Check (3). lnk = C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.EXE backup-20071219-071455-780 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194111-931 O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - C: \ Windows \ system32 \ athcfg11c.dll (file missing) backup-20080327-194139-797 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194247-663 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll - Dateizuordnungen ---------------------------------------------- ------------- . txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1/02 \ EPICom2.02 \ EPICOM ~ 1.EXE, 8 . txt - NetLog.Document - shell \ open \ command - C: \ EPICOM ~ 1/02 \ EPICom2.02 \ EPICOM ~ 1.EXE / dde - Treiber: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hlkvythd - c: \ windows \ system32 \ drivers \ vzrpdamf.dat R1 SASDIFSV - C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys R1 SASKUTIL - C: \ Program Files \ SUPERAntiSpyware \ saskutil.sys R2 MASPINT - c: \ windows \ system32 \ drivers \ maspint.sys <nicht Verified; MicroStaff Co.,Ltd.; Aspi32 Treiber für WinNT> R2 mdmxsdk - c: \ windows \ system32 \ drivers \ mdmxsdk.sys <nicht Verified; Conexant; Diagnostic interface> R2 Netdevio (TOSHIBA Network Device Usermode I / O Protocol) - c: \ windows \ system32 \ drivers \ netdevio.sys <nicht Verified; TOSHIBA TOSHIBA Network Device Corporation.; Usermode I/O protocol> R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <nicht Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 BoiHwsetup (Access 32bits INT15 routine) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <nicht Verified; Quanta Computer Corp; Toshiba HwSetup Treibers> R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c: \ windows \ system32 \ drivers \ camc6aud.sys <nicht Verified; Conexant Systems Inc.; Conexant Audio Treibers> R3 CAMCHALA - c: \ windows \ system32 \ drivers \ camc6hal.sys <nicht Verified; Conexant Systems Inc.; Conexant AmcHal Treibers> R3 HSF_DPV - c: \ windows \ system32 \ drivers \ hsf_dpv.sys <nicht Verified; Conexant Systems, Inc.; SoftK56 Modem Treibers> R3 HSFHWATI - c: \ windows \ system32 \ drivers \ hsfhwati.sys <nicht Verified; Conexant Systems, Inc.; SoftK56 Modem Treibers> R3 Iviaspi (IVI ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <nicht Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 pfc (Padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <nicht Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <nicht Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Treibers> R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <nicht Verified; Quanta Computer, Inc.; Quanta Maus Filter Device Treibers> R3 SASENUM - C: \ Program Files \ SUPERAntiSpyware \ sasenum.sys <nicht Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 winachsf - c: \ windows \ system32 \ drivers \ hsf_cnxt.sys <nicht Verified; Conexant Systems, Inc.; SoftK56 Modem Treibers> S3 DNINDIS5 (DNINDIS5 NDIS-Protokoll-Treiber) - c: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11g \ dnindis5.sys (file missing) S3 GTNDIS5 (GTNDIS5 NDIS-Protokoll-Treiber) - c: \ windows \ system32 \ gtndis5.sys (file missing) S3 RT61 (Belkin RT2500 Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (file missing) S3 Ser2pl (Sitecom Serial Port-Treiber) - c: \ windows \ system32 \ drivers \ ser2pl.sys <nicht Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable> S3 wceusbsh (Windows CE USB Serial Host Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <nicht Verified; Microsoft Corporation; Windows CE USB Serial Host Treibers> - Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - C: \ Program Files \ Toshiba \ ConfigFree \ cfsvcs.exe <nicht Verified; TOSHIBA CORPORATION; ConfigFree(TM)> S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe - Geräte-Manager: Disabled -------------------------------------------- -------- Nr. behinderte Geräte gefunden. - Geplante Tasks ---------------------------------------------- --------------- 2008-04-07 06:48:40 436 - a ------ C: \ WINDOWS \ Tasks \ RegCure Programm Check.job 2008-04-04 12:33:04 438 - a ------ C: \ WINDOWS \ Tasks \ At1.job 2008-03-15 17:25:00 284 - a ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job 2008-01-31 16:37:13 370 - a ------ C: \ WINDOWS \ Tasks \ RegCure.job - Dateien zwischen 2008-03-07 und 2008-04-07 ----------------------------- 2008-03-28 21:48:16 0 d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:48:05 0 d -------- C: \ Program Files \ SUPERAntiSpyware 2008-03-28 21:48:05 0 d -------- C: \ Dokumente und Einstellungen \ Iana \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard - Find3M Bericht ---------------------------------------------- ----------------- 2008-04-07 06:51:23 0 d -------- C: \ Dokumente und Einstellungen \ Iana \ Application Data \ AVG7 2008-04-04 16:30:58 0 d -------- C: \ Program Files \ Hansa52Client 2008-04-04 15:41:49 0 d -------- C: \ Dokumente und Einstellungen \ Iana \ Application Data \ AdobeUM 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files 2008-03-25 10:03:27 0 d -------- C: \ Programme \ Gemeinsame Dateien \ Adobe 2008-03-25 09:31:28 0 d -------- C: \ Program Files \ Common Files \ Symantec Shared 2008-03-05 15:04:08 0 d -------- C: \ Program Files \ Canon 2008-03-05 11:57:28 0 d -------- C: \ Program Files \ Java 2008-02-25 09:26:29 0 d -------- C: \ Dokumente und Einstellungen \ Iana \ Application Data \ ScanSoft 2008-02-25 09:26:26 0 d -------- C: \ Programme \ Gemeinsame Dateien \ ScanSoft Shared 2008-02-25 09:25:40 0 d -------- C: \ Program Files \ ScanSoft 2008-02-25 08:32:09 0 d -------- C: \ Program Files \ Google 2008-02-21 18:33:48 0 d -------- C: \ Program Files \ MumbleJumble 2008-02-21 18:10:04 0 d -------- C: \ Program Files \ Mahjong Deluxe 2008-02-21 12:06:28 0 d -------- C: \ Program Files \ RogueRemover Kostenlose 2008-02-21 12:04:40 0 d -------- C: \ Program Files \ Die Mauern von Jericho 2008-02-21 12:04:31 0 d -------- C: \ Program Files \ HP Creative Idea CD 2008-02-21 12:04:11 0 d -------- C: \ Program Files \ XviD 2008-02-21 12:03:54 0 d -------- C: \ Program Files \ RegCure 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Removal Man 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Polarkubes 2008-02-21 12:01:40 0 d -------- C: \ Program Files \ PopCap Games 2008-02-18 19:38:17 16 - a ------ C: \ WINDOWS \ popcinfot.dat 2008-02-18 19:19:59 0 - a ------ C: \ WINDOWS \ popcreg.dat 2008-02-11 17:53:24 0 d -------- C: \ Program Files \ IDIGICON Limited 2008-01-21 18:36:58 1024 - a ------ C: \ WINDOWS \ jericho_game_ra.dat - Registry Dump ---------------------------------------------- ----------------- * Hinweis * leere Einträge & legit Standard-Einträge werden nicht angezeigt [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-C280-4F36-84AB-82D92ED1F68B)] [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [17/12/2005 00:32] "Toshiba Hotkey Utility" = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13] "TPSMain" = "TPSMain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ TPSMain.exe] "NDSTray.exe" = "NDSTray.exe" [] "Smoothview" = "C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe" [12/05/2005 11:31] "PadTouch" = "C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe" [21/12/2005 14:52] "DLA" = "C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE" [06/10/2005 06:20] "CFSServ.exe" = "CFSServ.exe" [] "REGSHAVE" = "C: \ Program Files \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32] "ACU" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [01/09/2006 16:57] "! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" [11/06/2007 10:25] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25] "OpwareSE2" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" [08/05/2003 12:00] "OPSE Erinnerung" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07.07.2003 10:29] "RegistryMechanic" = "" [] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "TOSCDSPD" = "C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [04/08/2004 14:00] "PnPUI Registrator" = "C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04] "MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [13/10/2004 17:24] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27/02/2007 12:39] C: \ Dokumente und Einstellungen \ All Users \ Startmenü \ Programme \ Startup \ Exif Launcher.lnk - C: \ Program Files \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [21/01/2000 09:15:54] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ System] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer] "NoWelcomeScreen" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ detcdzqc] athcfg11c.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] "Authentication Packages" = MSV1_0 nwprovau HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs buznlwxw [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (a2fd87dd-a192-11dc-B600-0016e375ed46)] AutoRun \ command-E: \ LaunchU3.exe - End of Deckard's System Scanner: Abgeschlossen am 2008-04-07 08:53:08 ------------ Hope all dies macht Sinn, Sie Grüße Iana |
|
| |
| Lesezeichen |
Ähnliche Themen | ||||
| Faden | Thread Starter | Forum | Antworten | Last Post |
| Trojan Horse & Worm? | ct122592 | Viren, Spyware und Sicherheit | 2 | 27. April 2009 21:52 |
| Trojanisches Pferd, Hilfe! | Phil1706 | Viren, Spyware und Sicherheit | 4 | 17. Mär 2008 08:39 |
| Trojanisches Pferd BHO.CVX hat mein Computer gestohlen !!!!! | Schleim | Viren, Spyware und Sicherheit | 34 | 28. Dez 2007 09:05 |
| AVG Berichterstattung Trojanisches Pferd BHO.CVX - Hilfe bitte | chrisleech11 | Viren, Spyware und Sicherheit | 24 | 20. Dezember 2007 11:17 |
| Trojanisches Pferd und AVG | chuckeruk | Viren, Spyware und Sicherheit | 8 | 2 Juli 2007 10:02 |
| Thread Tools | |
| |
