weniger Eigenkapital

Magazine
Go Back   Computer-Saft > Computer Software > Viren, Spyware und Sicherheit
Reload this Page

Virus: iexplore.exe als System-Prozess

Registrieren Website Spy Member List Spenden Suche Die heutige Beiträge Alle Foren als gelesen markieren Forum-Regeln

Register


 Default 

Virus: iexplore.exe als System-Prozess




Reply
Seite 1 von 2 1 2
 
Thread Tools
  #1  
Old 6. November 2008, 02:16
Neues Mitglied Fraktion
  
Default Virus: iexplore.exe als System-Prozess

Ich kann nicht scheinen zu schließen iexplore.exe, auch wenn es kein Windows-Explorer geöffnet. Pop-up-Anzeigen immer von Zeit zu Zeit. Ich höre auch Ad-Stimmen / Geräusche im Hintergrund. Es ist ärgerlich, und ich fühle, wie die Performance des Systems verlangsamt hat nach unten. Bitte helfen Sie. Das ist mein HiJackThis log:

Logfile von HijackThis v1.99.1
Scan saved at 4:15:28 am 11/6/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Laufenden Prozesse:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe
C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Nokia \ MPAPI \ MPAPI3s.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Programme \ Gemeinsame Dateien \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ System32 \ PSIService.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Winamp \ winamp.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ WINDOWS \ system32 \ s1S8Dh6X.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programme \ Gemeinsame Dateien \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E) - C: \ Program Files \ easyMule \ modules \ IE2EM.dll
O2 - BHO: RealPlayer Download and Record Plugin für den Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [Ai Nap] "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe"
O4 - HKLM \ .. \ Run: [CPU Power Monitor] "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe"
O4 - HKLM \ .. \ Run: [Cpu Level Up help] C: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe
O4 - HKLM \ .. \ Run: [ASUS Energy Saving] "C: \ Program Files \ ASUS \ Ai Suite \ Energiesparen \ PwSave.exe"
O4 - HKLM \ .. \ Run: [Ulead AutoDetector v2] C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NSLauncher] C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe / startup
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [\ \ MING3 \ EPSON Stylus C120] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIC CA.EXE / FU" C: \ DOKUME ~ 1 \ MKJ \ LOKALE ~ 1 \ Temp \ E_S13.tmp "/ EF" HKCU "
O4 - HKCU \ .. \ Run: [PcSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog
O8 - Extra Kontext Menüpunkt: Add to Google Fotos Screensa & ver - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200
O8 - Extra context menu item: Download von easyMule - C: \ Program Files \ easyMule \ IE2EM.htm
O9 - Extra Knopf: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra-Taste: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ program files \ bonjour \ mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Kontrolle) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1224821007296
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1224825458984
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programme \ Gemeinsame Dateien \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - Unbekannt Eigentümer - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe "/ service (file missing)
O23 - Service: avast! Web Scanner - Unbekannt Eigentümer - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe "/ service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: ProtexisLicensing - Unbekannte Eigentümer - C: \ WINDOWS \ System32 \ PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
  #2  
Old 6. November 2008, 09:37
Moderator Group
  
Default Virus: iexplore.exe als System-Prozess

Herunterladen CCleaner Slim und speichern Sie sie auf Ihrem Desktop.
Wenn die Datei gespeichert wurde, gehen Sie zu Ihrem Desktop und doppelklicken Sie auf ccsetupxxx_slim.exe
Folgen Sie den Anweisungen um das Programm zu installieren.
Führen Sie die Installation dann:
  • Doppelklicken Sie auf den CCleaner Verknüpfung auf dem Desktop um das Programm zu starten.
  • Klicken Sie auf die Optionen Block auf der linken Seite, und wählen Sie dann Cookies.
    • Unter Cookies löschen, Markieren Sie alle Cookies Sie möchten dauerhaft behalten
    • Klicken Sie auf den Pfeil nach rechts > zu verschieben Sie sie auf die Cookies, um Sie Fenster.
  • Gehen Sie in Optionen > Advanced unprüfen Nur das Löschen von Dateien im Windows-Temp-Ordner die älter als 48 Stunden
  • Klicken Sie auf Cleaner auf der linken Seite, dann Run Cleaner auf der rechten Seite, um das Programm auszuführen.
  • Wichtiger Hinweis: Stellen Sie sicher, dass ALL Browser-Fenster geschlossen werden, bevor die Auswahl Run Cleaner
  • Achtung: Es wird nicht empfohlen, dass Sie die "Registry"-Funktion, es sei denn, Sie sind sehr vertraut mit der Registrierung.
  • Exit CCleaner nachdem sie hat den Prozess.

----------

Installieren Sie jetzt die neue Version von HijackThis und nach das Protokoll von ihm.

Herunterladen TrendMicro HijackThis.exe (HJT) auf den Desktop.
  • Doppelklicken Sie auf HJTInstall.
  • Klicken Sie auf die Installieren -Taste.
  • Es wird automatisch in HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Nach der Installation, HijackThis ist für Sie geöffnet.
  • Klicken Sie auf die Führen Sie einen System-Scan und speichern Sie eine Log-Datei -Taste
  • HijackThis scannt und dann ein Protokoll wird in Notepad geöffnet.
  • Kopieren und fügen Sie den gesamten Inhalt der Log-in Ihrem Post.
  • Nicht haben HijackThis fix leer. Meiste von dem, was sie werden harmlos oder sogar erforderlich.
__________________
  #3  
Old 6. November 2008, 16:19
Neues Mitglied Fraktion
  
Default Virus: iexplore.exe als System-Prozess

Ich lief den CCleaner und installiert die neue Version von HijackThis.

Logfile von Trend Micro HijackThis V2.0.2
Scan saved at 6:18:15 Uhr, am 11/6/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot-Modus: Normal
Laufenden Prozesse:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe
C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Programme \ Gemeinsame Dateien \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ System32 \ PSIService.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ s1S8Dh6X.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ AcroRd32.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ PCSuite \ DATALA ~ 1 \ DATALA ~ 1.EXE
C: \ WINDOWS \ system32 \ conime.exe
C: \ Program Files \ CCleaner \ CCleaner.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programme \ Gemeinsame Dateien \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E) - C: \ Program Files \ easyMule \ modules \ IE2EM.dll
O2 - BHO: RealPlayer Download and Record Plugin für den Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [Ai Nap] "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe"
O4 - HKLM \ .. \ Run: [CPU Power Monitor] "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe"
O4 - HKLM \ .. \ Run: [Cpu Level Up help] C: \ Program Files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe
O4 - HKLM \ .. \ Run: [ASUS Energy Saving] "C: \ Program Files \ ASUS \ Ai Suite \ Energiesparen \ PwSave.exe"
O4 - HKLM \ .. \ Run: [Ulead AutoDetector v2] C: \ Program Files \ Common Files \ Ulead Systems \ AutoDetector \ monitor.exe
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NSLauncher] C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe / startup
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [\ \ MING3 \ EPSON Stylus C120] "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIC CA.EXE / FU" C: \ DOKUME ~ 1 \ MKJ \ LOKALE ~ 1 \ Temp \ E_S13.tmp "/ EF" HKCU "
O4 - HKCU \ .. \ Run: [PcSync] C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog
O4 - HKCU \ .. \ Run: [LDM 2009] C: \ Program Files \ Uniblue \ RegistryBooster \ RegistryBooster.exe / S
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'Default User ")
O8 - Extra Kontext Menüpunkt: Add to Google Fotos Screensa & ver - res: / / C: \ WINDOWS \ system32 \ GPhotos.scr/200
O8 - Extra context menu item: Download von easyMule - C: \ Program Files \ easyMule \ IE2EM.htm
O9 - Extra Knopf: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra-Taste: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - ESC Trusted Zone: http:// *. update.microsoft.com
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5 Kontrolle) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1224821007296
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1224825458984
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programme \ Gemeinsame Dateien \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: ProtexisLicensing - Unbekannte Eigentümer - C: \ WINDOWS \ System32 \ PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
--
End of file - 7422 bytes



Was ist der nächste Schritt?

Vielen Dank für Ihre Hilfe.
  #4  
Old 6. November 2008, 16:53
Moderator Group
  
Default Virus: iexplore.exe als System-Prozess

Verdächtige Dateien zu scannen

Bitte gehen Sie auf VirSCAN.org kostenlosen Online-Scan-Service
(Wenn mehr als eine Datei gescannt sie muss separat gebucht und Protokolle für jeden einzelnen)

1. Kopieren und fügen Sie den folgenden Pfad in das Verdächtige Dateien zu scannen Feld oben auf der Seite.
Code:
C: \ WINDOWS \ system32 \ s1S8Dh6X.exe
2. Auf der Upload-Seite, klicken Sie einmal in das Fenster neben Navigieren.
3. Presse Strg + V auf der Tastatur (beide gleichzeitig), um den Pfad in das Fenster.
4. Klicken Sie auf die Hochladen -Taste.
Dies wird ein Scan über mehrere verschiedene Viren-Scan-Engines.
Ihre Datei wird möglicherweise in eine Warteschlange, die in der Regel in weniger als einer Minute klar.
Wichtiger Hinweis: Warten Sie, bis alle von der Scan-Module in Anspruch nehmen.
5. Sobald der Scan abgeschlossen ist, scrollen Sie nach unten und klicken Sie auf den In die Zwischenablage kopieren -Taste. Dadurch werden die Verknüpfung der Bericht in die Zwischenablage.
6. Fügen Sie den Inhalt der Zwischenablage in Ihre nächste Antwort.
__________________
  #5  
Old 6. November 2008, 17:19
Neues Mitglied Fraktion
  
Default Virus: iexplore.exe als System-Prozess

Hier wird die Zwischenablage Infos für die Datei s1S8Dh6X.exe.

Datei-Information Dateiname: s1S8Dh6X.exeFile Größe: 62464 byteFile Typ: PE32 executable for MS Windows (GUI) Intel 80386 32-bitMD5: 895f4e2eed5a30e317460e66989042d0SHA1: 8d133ba222ce2d511ff28d900586e79041a8b4cfScanner Ergebnisse Scanner der Ergebnisse: 8% Scanner (3 / 39) Malware gefunden! Time: 2008 / 11/06 19:15:08 (EST)ScannerEngine VersionSig. VerSig. DatumScan-ErgebnisZeita-squared4.0.0.232008.11.032008-11-03--
1.832AhnLab V32008.11.07.012008.11.072008-11-07--
0.987AntiVir7.9.0.267.1.0.492008-11-06--
1.503Antiy2.0.1820081106.15602992008-11-06--
0.122Arcavir1.0.52008110611442008-11-06--
1.227Authentium5.1.12008110611422008-11-06--
1.367AVAST! 3.0.1081106-02008-11-06--
0.725AVG7.5.52.442270.9.0/17722008-11-06Clicker.TXO
1.691BitDefender7.60825.20709477.217192008-11-07--
3.401CA (VET) 9.0.0.14331.6.61952008-11-06--
7.230ClamAV0.9485842008-11-07--
0.021Comodo2.112.0.0.6992008-11-06--
0.422CP Secure1.1.0.7152008.11.062008-11-06--
6.447Dr.Web4.44.0.91702008.11.062008-11-06--
3.465ewido4.0.0.22008.11.062008-11-06--
3.024F-Prot4.4.4.56200811062008-11-06--
1.293F-Secure5.51.61002008.11.06.112008-11-06--
3.681Fortinet2.81-3.1179.6922008-11-06--
0.215GData19.1393/19.94200811072008-11-07--
2.739IkarusT3.1.01.452008.11.06.718072008-11-06--
3.517JiangMin11.0.7062008.11.062008-11-06--
1.312Kaspersky5.5.102008.11.062008-11-06--
0.034KingSoft2008.9.8.182008.11.6.202008-11-06--
0.690McAfee5.3.0054262008-11-06--
2.352Microsoft1.41042008.11.072008-11-07--
8.785mks_vir2.012008.11.062008-11-06--
2.720Norman5.93.015.93.002008-11-06--
5.480nProtect2008-11-06,0023828662008-11-06--
5.379Panda9.05.012008.11.062008-11-06--
3.744Quick Heal9.502008.09.122008-09-12--
2.520Rising20.021.02.32.002008-11-06--
3.054Sophos2.80.04.352008-11-07Mal / EncPk-CZ
1.881Sunbelt3.1.1783.223742008-11-04--
1.058Symantec1.3.0.2420081106.0042008-11-06Infostealer
0.046The Hacker6.3.1.1v001432008-11-06--
0.445Trend Micro8.700-10045.642.172008-11-06--
0.028VBA323.12.8.920081106.17172008-11-06--
1.390ViRobot200811052008.11.052008-11-05--
0.398VirusBuster4.5.11.1010.90.27/6712492008-11-06--
0.876Thanks
  #6  
Old 6. November 2008, 17:30
Neues Mitglied Fraktion
  
Default Virus: iexplore.exe als System-Prozess

http://virscan.org/report/3510c11282...b9674c0c1.html

das ist der Link zu der gescannten Datei.
  #7  
Old 6. November 2008, 17:39
Moderator Group
  
Default Virus: iexplore.exe als System-Prozess

Download ComboFix von SUBs von einem der folgenden Links. Stellen Sie sicher, dass Sie es oben auf die Desktop.

Link # 1
Link # 2

** Hinweis: Es ist wichtig, dass sie gespeichert wird, direkt auf Ihren Desktop

Schließen Sie alle geöffneten Web-Browser. (Firefox, Internet Explorer, etc.) vor Beginn der ComboFix.

Vorübergehend deaktivieren dein Antivirus, Und alle Anti-Spyware Echtzeit-Schutz vor Durchführung eines Scan. Klicken Sie auf diesen Link , um eine Liste der Programme, die Sicherheit sollten daher deaktiviert werden, und wie sie zu deaktivieren.

Doppelklicken Sie auf combofix.exe und folgen Sie den Anweisungen.

Für Windows XP-Systemen installieren Sie die Wiederherstellungskonsole:

- Wenn Sie mit Windows XP und nicht bereits über die Wiederherstellungskonsole installiert haben, wenden Sie sich bitte sicher, dass Ihre Internet-Verbindung aktiv ist (wenn möglich), und klicken Sie auf Ja.
- Wenn aus irgendeinem Grund Ihres Internet nicht funktioniert klicken Sie auf Nein.
-- Wenn Sie nicht Windows XP verwenden, werden Sie nicht aufgefordert.
- Wenn Sie gefragt werden, klicken Sie auf die EULA OK.
- Nehmen Sie Microsoft-EULA (Klicken Sie auf Ja).
- Wenn Sie sagte, dass die RC korrekt installiert ist klicken Sie auf JA auch weiterhin die Suche nach Malware.

Wenn Sie fertig sind ComboFix wird ein Protokoll für Sie.
Post ComboFix Log in Ihrer nächsten Antwort.

Wichtiger Hinweis: Nicht per Mausklick ComboFix-Fenster, während es in Betrieb ist. Das kann dazu führen, dass es zu Stall.

Denken Sie daran, wieder zu aktivieren Sie die Antivirus-und Antispyware-Schutz, wenn ComboFix ist.
__________________
  #8  
Old 6. November 2008, 17:57
Neues Mitglied Fraktion
  
Default Virus: iexplore.exe als System-Prozess

ComboFix Log

ComboFix 08-11-05.02 - MKJ 2008-11-06 19:51:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3144 [GMT -5:00]
Running from: C: \ Dokumente und Einstellungen \ MKJ \ Desktop \ ComboFix.exe
.
((((((((((((((((((((((((( Dateien erstellt von 2008-10-07 bis 2008-11-07 ))))))))))) ))))))))))))))))))))
.
2008-11-06 18:15. 2008-11-06 18:15 <DIR> d -------- c: \ program files \ CCleaner
2008-11-06 03:51. 2008-11-06 03:51 <DIR> d -------- c: \ program files \ Trend Micro
2008-11-06 03:22. 2008-11-06 03:22 <DIR> d -------- c: \ program files \ Alwil Software
2008-11-06 02:10. 2008-11-06 02:10 <DIR> d -------- C: \ Program Files \ Reference Assemblies
2008-11-06 02:07. 2008-11-06 02:07 <DIR> dr-h ----- C: \ AHCache
2008-11-05 23:11. 2008-11-06 02:12 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Uniblue
2008-11-05 22:05. 2008-11-05 22:05 <DIR> d -------- C: \ Dokumente und Einstellungen \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:04. 2008-11-05 22:04 <DIR> d -------- C: \ Dokumente und Einstellungen \ Administrator
2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- c: \ program files \ Xanga Uploader
2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \. Xuploader
2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- c: \ program files \ Malwarebytes 'Anti-Malware
2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Malwarebytes
2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Malwarebytes
2008-11-05 16:08. 2008-10-22 16:10 38.496 - a ------ c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2008-11-05 16:08. 2008-10-22 16:10 15.504 - a ------ c: \ windows \ system32 \ drivers \ mbam.sys
2008-11-05 15:38. 2008-11-05 15:38 62.464 - a ------ c: \ windows \ system32 \ s1S8Dh6X.exe
2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- c: \ windows \ system32 \ IOSUBSYS
2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- c: \ program files \ Google
2008-10-28 02:00. 2008-10-28 02:00 <DIR> d -------- c: \ program files \ MSXML 4.0
2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Nokia
2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ DataLayer
2008-10-28 01:18. 2008-10-30 05:43 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Phone Browser
2008-10-28 00:55. 2008-10-28 00:55 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ DivX
2008-10-28 00:54. 2008-10-28 00:54 <DIR> d -------- C: \ Programme \ Windows Media Components
2008-10-28 00:54. 2005-06-10 09:43 73.728 - a ------ c: \ windows \ system32 \ ISUSPM.cpl
2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- c: \ program files \ DIFX
2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Nokia
2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ Downloaded Installations
2008-10-28 00:50. 2006-05-29 07:26 127.488 - a ------ c: \ windows \ system32 \ drivers \ nmwcd.sys
2008-10-28 00:50. 2006-05-29 07:26 50.688 - a ------ c: \ windows \ system32 \ nmwcdcls.dll
2008-10-28 00:50. 2006-05-29 07:26 30.720 - a ------ c: \ windows \ system32 \ nmwcdcocls.dll
2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ c: \ windows \ system32 \ drivers \ nmwcdcm.sys
2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ c: \ windows \ system32 \ drivers \ nmwcdcj.sys
2008-10-28 00:50. 2006-05-29 07:26 8.704 - a ------ c: \ windows \ system32 \ drivers \ nmwcdc.sys
2008-10-28 00:50. 2006-05-29 07:26 4.608 - a ------ c: \ windows \ system32 \ nmwcdlog.dll
2008-10-28 00:49. 2008-10-28 00:49 <DIR> d -------- C: \ Windows \ Downloaded Installations
2008-10-28 00:49. 2008-10-28 00:51 <DIR> d -------- c: \ program files \ Nokia
2008-10-28 00:49. 2008-10-28 00:50 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ PCSuite
2008-10-27 23:54. 2008-10-27 23:54 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ EPSON
2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- c: \ program files \ Ventrilo
2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Wise Installation Wizard
2008-10-27 21:55. 2008-10-27 21:56 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Anwendungsdaten \ Ventrilo
2008-10-27 21:13. 2008-11-06 19:50 160.100 - a ------ c: \ windows \ system32 \ nvapps.xml
2008-10-27 21:05. 2008-11-05 16:09 <DIR> da ------ C: \ Dokumente und Einstellungen \ All Users \ Application Data \ TEMP
2008-10-26 23:48. 2008-11-06 05:29 <DIR> d -------- c: \ program files \ easyMule
2008-10-26 13:53. 2008-10-26 13:53 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Viewpoint
2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Programme \ iPod
2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Apple Computer
2008-10-25 19:37. 2008-04-17 12:12 107.368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2008-10-25 19:37. 2008-04-17 12:12 15.464 - a ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- c: \ program files \ QuickTime
2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- c: \ program files \ iTunes
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- c: \ program files \ Bonjour
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Programme \ Apple Software Update
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple Computer
2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6
2008-10-25 19:35. 2008-10-25 19:36 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Apple
2008-10-25 19:35. 2008-10-25 19:35 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple
2008-10-24 18:11. 2007-07-30 18:19 271.224 - a ------ c: \ windows \ system32 \ mucltui.dll
2008-10-24 18:11. 2007-07-30 18:19 30.072 - a ------ c: \ windows \ system32 \ mucltui.dll.mui
2008-10-24 15:39. 2008-10-24 15:39 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Blizzard
2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- c: \ program files \ Real
2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ xing shared
2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Real
2008-10-24 14:07. 2008-10-24 14:07 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Logs
2008-10-24 13:59. 2008-10-24 13:59 <DIR> d -------- C: \ Logs
2008-10-24 10:05. 2008-10-27 21:15 <DIR> d -------- C: \ Windows \ nView
2008-10-24 10:05. 2008-01-10 01:30 442.368-ra ------ c: \ windows \ system32 \ nvusmb.exe
2008-10-24 10:05. 2008-03-06 15:23 442.368 - a ------ c: \ windows \ system32 \ NVUNINST.EXE
2008-10-24 10:05. 2008-03-19 04:04 442.368 - a ------ c: \ windows \ system32 \ nvudisp.exe
2008-10-24 10:05. 2007-09-27 22:32 356.352-ra ------ c: \ windows \ system32 \ nvusmu.exe
2008-10-24 10:05. 2008-01-03 17:26 17.737 - a ------ c: \ windows \ system32 \ nvdisp.nvu
2008-10-24 10:05. 2007-10-12 03:53 13.312-ra ------ c: \ windows \ system32 \ drivers \ nvsmu.sys
2008-10-24 10:05. 2007-12-07 03:12 5.836 - a ------ c: \ windows \ system32 \ nvnrm.nvu
2008-10-24 10:05. 2008-01-16 17:17 3.948-ra ------ c: \ windows \ system32 \ drivers \ nvphy.bin
2008-10-24 10:05. 2007-12-07 01:34 2.016-ra ------ c: \ windows \ system32 \ nvsmb.nvu
2008-10-24 10:05. 2007-09-12 01:14 659-ra ------ c: \ windows \ system32 \ nvsmu.nvu
2008-10-24 10:04. 2008-10-23 22:44 35.647 - a ------ c: \ windows \ Ascd_log.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 10:37 --------- d ----- WC: \ program files \ AIMTunes
2008-11-04 21:36 --------- d ----- WC: \ Programme \ World of Warcraft
2008-10-28 05:55 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Ulead Systems
2008-10-28 05:55 --------- d ----- WC: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Ulead Systems
2008-10-28 05:54 --------- d ----- WC: \ Programme \ Ulead Systems
2008-10-28 05:54 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Ulead Systems
2008-10-28 05:53 --------- d - h - WC: \ Programme \ InstallShield Installation Information
2008-10-28 05:02 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Adobe
2008-10-24 19:24 499.712 ---- aw c: \ windows \ system32 \ msvcp71.dll
2008-10-24 19:24 348.160 ---- aw c: \ windows \ system32 \ msvcr71.dll
2008-10-24 14:51 --------- d ----- WC: \ Program Files \ Microsoft FrontPage
2008-10-24 07:55 --------- d ----- WC: \ program files \ MSN Messenger
2008-10-24 06:09 --------- d ----- WC: \ Program Files \ Microsoft CAPICOM 2.1.0.2
2008-10-24 05:44 --------- d ----- WC: \ Programme \ Winamp
2008-10-24 05:44 --------- d ----- WC: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Winamp
2008-10-24 05:40 --------- ----- WC: \ Dokumente und Einstellungen d \ MKJ \ Application Data \ acccore
2008-10-24 05:39 --------- d ----- WC: \ program files \ AIM6
2008-10-24 05:39 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ AOL Downloads
2008-10-24 05:38 --------- d ----- WC: \ program files \ Viewpoint
2008-10-24 05:38 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ AOL
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Viewpoint
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ AOL OCP
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ AOL
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ acccore
2008-10-24 05:32 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Blizzard Entertainment
2008-10-24 05:20 --------- d ----- WC: \ Programme \ Windows Media Connect 2
2008-10-24 05:10 --------- d ----- WC: \ program files \ DivX
2008-10-24 05:08 --------- d ----- WC: \ program files \ DefilerPak
2008-10-24 04:37 --------- d ----- WC: \ program files \ Realtek
2008-10-24 04:33 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Symantec
2008-10-24 04:18 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Symantec Shared
2008-10-24 03:58 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ InstallShield
2008-10-24 03:57 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ InstallShield
2008-10-24 03:54 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Corel
2008-10-24 03:33 --------- d ----- WC: \ program files \ ASUS
2008-10-24 03:08 315.392 ---- aw C: \ Windows \ HideWin.exe
2008-10-24 03:08 --------- d ----- WC: \ program files \ profile
2008-10-24 00:18 2.302.017 ---- aw c: \ windows \ system32 \ GPhotos.scr
2008-09-23 22:46 245.408 ---- aw c: \ windows \ system32 \ unicows.dll
2008-09-15 12:12 1.846.400 ---- aw C: \ Windows \ system32 \ win32k.sys
2008-09-08 10:41 333.824 ---- aw C: \ Windows \ System32 \ Drivers \ Srv.sys
2008-08-29 14:18 87.336 ---- aw c: \ windows \ system32 \ dns-sd.exe
2008-08-29 13:53 61.440 ---- aw c: \ windows \ system32 \ dnssd.dll
2008-08-26 07:24 826.368 ---- aw C: \ Windows \ system32 \ wininet.dll
2008-08-14 10:09 2.145.280 ---- aw c: \ windows \ system32 \ ntoskrnl.exe
2008-08-14 09:33 2.023.936 ---- aw C: \ Windows \ System32 \ Ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Hinweis * leere Einträge & legit Standard-Einträge werden nicht angezeigt
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E)]
2008-10-23 02:37 147928 - a ------ c: \ program files \ easyMule \ modules \ IE2EM.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"CTFMON.EXE" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360]
"\ \ MING3 \ EPSON Stylus C120 Serie "=" C: \ Windows \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATICCA.EXE "[2007-03-12 182272]
"PcSync" = "C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"MSPY2002" = "C: \ Windows \ System32 \ IME \ bin \ jusched.exe" [2004-08-04 455168]
"PHIME2002A" = "C: \ Windows \ System32 \ IME \ bin \ TIN TSETP.EXE" [2004-08-04 455168]
"Ai Nap" = "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor" = "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe" [2008-01-09 627200]
"CPU Level Up help" = "c: \ program files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving" = "C: \ Program Files \ ASUS \ Ai Suite \ Energiesparen \ PwSave.exe" [2008-01-28 1352704]
"CTFMON.EXE v2" = "C: \ Programme \ Gemeinsame Dateien \ Ulead Systems \ AutoDetector \ Monitor.exe" [2006-11-29 90112]
"SunJavaUpdateSched" = "C: \ Programme \ Gemeinsame Dateien \ Real \ QTTask.exe" [2008-10-24 185872]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-01-03 13508608]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-01-03 86016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NSLauncher" = "C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe" [2006-11-28 2658304]
"avast!" = "C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2008-07-19 78008]
"NvCplDaemon" = "SOUNDMAN.EXE" [2008-05-07 C: \ Windows \ SOUNDMAN.EXE]
"nwiz" = "nwiz.exe" [2008-01-03 C: \ Windows \ system32 \ nwiz.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ Windows \ System32 \ CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.dvacm" = c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ Vio \ Dvacm.acm
"msacm.divxa32" = DivXa32.acm
"msacm.ulmp3acm" = c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ ulmp3acm.acm
"msacm.mpegacm" = c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ mpegacm.acm
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnet3.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnet3 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnet3 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx30SP1setup.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx30SP1setup [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx30SP1setup [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35setup.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35setup [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35setup [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3setup.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3setup [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3setup [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Gemeinsame Dateien \ \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ Program Files \ \ World of Warcraft \ \ WoW-2.3.0-deDE-downloader.exe" =
"c: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" =
"c: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" =
"c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ Azureus \ \ emule.exe" =
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3724: TCP" = 3724: TCP: Blizzard Downloader: 3724
"12178: TCP" = 12178: TCP: BitComet 12178 TCP
"12178: UDP" = 12178: UDP: BitComet 12178 UDP
R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [2008-07-19 78416]
R2 aswFsBlk; aswFsBlk c: \ windows \ system32 \ drivers \ aswF sBlk.sys [2008-07-19 20560]
R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ program files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
R3 NVHDA; Service für NVIDIA High-Definition-Audio-Treiber c: \ windows \ system32 \ drivers \ nvhda32.sys [2008-05-04 38560]
.
Inhalt des "Geplante Tasks"-Ordner
2008-11-01 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-06 C: \ Windows \ Tasks \ At1.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At10.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At11.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At12.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At13.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At14.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At15.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At16.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At17.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At18.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At19.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At2.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-07 C: \ Windows \ Tasks \ At20.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At21.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At22.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At23.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At24.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At3.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At4.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At5.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At6.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At7.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At8.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
2008-11-06 C: \ Windows \ Tasks \ At9.job
- C: \ windows \ system32 \ s1S8Dh6X.exe [2008-11-05 15:38]
.
- - - - WAISEN ENTFERNT - - - --
HKCU-Run-Uniblue RegistryBooster 2009 - C: \ Program Files \ Uniblue \ RegistryBooster \ RegistryBooster.exe
MSConfigStartUp-LDM 2009 - c: \ program files \ Uniblue \ RegistryBooster \ RegistryBooster.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main, Start Page = ca.: blank
R1 -: HKCU-Internet Settings, ProxyOverride = *. local
O8 -: In den Google Fotos Screensa & ver - c: \ windows \ system32 \ GPhotos.scr/200
O8 -: Download von easyMule - c: \ program files \ easyMule \ IE2EM.htm
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth-Malware-Detektor von Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 19:54:20
Windows 5.1.2600 Service Pack 3 NTFS
Scannen versteckte Prozesse ...
Scannen versteckte Autostart-Einträge ...
Scannen versteckten Dateien ...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
************************************************** ************************
.
Zeit der Fertigstellung: 2008-11-06 19:54:45
ComboFix-quarantined-files.txt 2008-11-07 00:54:42
Pre-Run: 41621639168 bytes free
Post-Run: 41699291136 bytes free
396 --- EOF --- 2008-10-28 07:00:21
  #9  
Old 6. November 2008, 18:28
Moderator Group
  
Default Virus: iexplore.exe als System-Prozess

Hinweis: Das folgende Anweisungen wurden speziell für diesen Benutzer. Wenn Sie nicht dieses Benutzers, NICHT Beachten Sie die folgenden Hinweise, wie sie kann zu Schäden an der Funktionsweise des Systems

Löschen Sie diese Dateien / Ordner, wie folgt:

1. Gehe zu Start > Laufen > Type Notepad.exe und klicken Sie auf OK Notepad zu öffnen.
Es müssen werden, Notepad, Wordpad nicht.
2. Kopieren Sie den Text in das Feld Code unten, indem Sie den gesamten Text und drücken Strg + C

Code:
KillAll:: File:: c: \ windows \ system32 \ s1S8Dh6X.exe c: \ windows \ Tasks \ At1.job c: \ windows \ Tasks \ At10.job C: \ Windows \ Tasks \ At11.job C: \ Windows \ Tasks \ At12.job C: \ Windows \ Tasks \ At13.job C: \ Windows \ Tasks \ At14.job C: \ Windows \ Tasks \ At15.job C: \ Windows \ Tasks \ At16.job C: \ Windows \ Tasks \ At17.job C: \ Windows \ Tasks \ At18.job C: \ Windows \ Tasks \ At19.job C: \ Windows \ Tasks \ At2.job c: \ windows \ Tasks \ At20.job C: \ Windows \ Tasks \ At21.job C: \ Windows \ Tasks \ At22.job C: \ Windows \ Tasks \ At23.job C: \ Windows \ Tasks \ At24.job C: \ Windows \ Tasks \ At3.job c: \ windows \ Tasks \ At4.job c: \ windows \ Tasks \ At5.job c: \ windows \ Tasks \ At6.job c: \ windows \ Tasks \ At7.job c: \ windows \ Tasks \ At8.job c: \ windows \ Tasks \ At9.job
3. Öffnen Sie die Editor-Fenster und klicken Sie auf Bearbeiten > Einfügen
4. Klicken Sie anschließend auf Datei > Sichern
5. Name der Datei CFScript.txt - Speichern Sie die Datei auf Ihrem Desktop
6. Dann ziehen Sie die CFScript (halten Sie die linke Maustaste gedrückt, während Sie die Datei) und legen Sie es (lassen Sie die linke Maustaste) in ComboFix.exe wie Sie sehen in der Abbildung unten. Wichtiger Hinweis: Führen Sie diese Anleitung sorgfältig durch!



ComboFix wird zur Ausführung, so folgen Sie den Anweisungen.
Nach dem Neustart (für den Fall, werden Sie gefragt, neu zu starten), es wird ein Protokoll für Sie.
Post, dass log (Combofix.txt) in Ihrer nächsten Antwort.

Hinweis: Nicht per Mausklick ComboFix-Fenster, während es in Betrieb ist. Das kann dazu führen, dass Ihr System einfrieren
__________________
  #10  
Old 6. November 2008, 18:37
Neues Mitglied Fraktion
  
Default Virus: iexplore.exe als System-Prozess

ComboFix Log

ComboFix 08-11-05.02 - MKJ 2008-11-06 20:31:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2458 [GMT -5:00]
Running from: C: \ Dokumente und Einstellungen \ MKJ \ Desktop \ ComboFix.exe
Ausgeführt von:: C: \ Dokumente und Einstellungen \ MKJ \ Desktop \ CFScript.txt
* Erstellt einen neuen Wiederherstellungspunkt
FILE::
c: \ windows \ system32 \ s1S8Dh6X.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
.
Andere ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
c: \ windows \ system32 \ s1S8Dh6X.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
.
((((((((((((((((((((((((( Dateien erstellt von 2008-10-07 bis 2008-11-07 ))))))))))) ))))))))))))))))))))
.
2008-11-06 18:15. 2008-11-06 18:15 <DIR> d -------- c: \ program files \ CCleaner
2008-11-06 03:51. 2008-11-06 03:51 <DIR> d -------- c: \ program files \ Trend Micro
2008-11-06 03:22. 2008-11-06 03:22 <DIR> d -------- c: \ program files \ Alwil Software
2008-11-06 02:10. 2008-11-06 02:10 <DIR> d -------- C: \ Program Files \ Reference Assemblies
2008-11-06 02:07. 2008-11-06 02:07 <DIR> dr-h ----- C: \ AHCache
2008-11-05 23:11. 2008-11-06 02:12 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Uniblue
2008-11-05 22:05. 2008-11-05 22:05 <DIR> d -------- C: \ Dokumente und Einstellungen \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:04. 2008-11-05 22:04 <DIR> d -------- C: \ Dokumente und Einstellungen \ Administrator
2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- c: \ program files \ Xanga Uploader
2008-11-05 16:34. 2008-11-05 16:34 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \. Xuploader
2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- c: \ program files \ Malwarebytes 'Anti-Malware
2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Malwarebytes
2008-11-05 16:08. 2008-11-05 16:08 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Malwarebytes
2008-11-05 16:08. 2008-10-22 16:10 38.496 - a ------ c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2008-11-05 16:08. 2008-10-22 16:10 15.504 - a ------ c: \ windows \ system32 \ drivers \ mbam.sys
2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- c: \ windows \ system32 \ IOSUBSYS
2008-11-01 16:18. 2008-11-01 16:18 <DIR> d -------- c: \ program files \ Google
2008-10-28 02:00. 2008-10-28 02:00 <DIR> d -------- c: \ program files \ MSXML 4.0
2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Nokia
2008-10-28 01:19. 2008-10-28 01:19 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ DataLayer
2008-10-28 01:18. 2008-10-30 05:43 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Phone Browser
2008-10-28 00:55. 2008-10-28 00:55 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ DivX
2008-10-28 00:54. 2008-10-28 00:54 <DIR> d -------- C: \ Programme \ Windows Media Components
2008-10-28 00:54. 2005-06-10 09:43 73.728 - a ------ c: \ windows \ system32 \ ISUSPM.cpl
2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- c: \ program files \ DIFX
2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Nokia
2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:58 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ PC Suite
2008-10-28 00:50. 2008-10-28 00:50 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ Downloaded Installations
2008-10-28 00:50. 2006-05-29 07:26 127.488 - a ------ c: \ windows \ system32 \ drivers \ nmwcd.sys
2008-10-28 00:50. 2006-05-29 07:26 50.688 - a ------ c: \ windows \ system32 \ nmwcdcls.dll
2008-10-28 00:50. 2006-05-29 07:26 30.720 - a ------ c: \ windows \ system32 \ nmwcdcocls.dll
2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ c: \ windows \ system32 \ drivers \ nmwcdcm.sys
2008-10-28 00:50. 2006-05-29 07:26 13.312 - a ------ c: \ windows \ system32 \ drivers \ nmwcdcj.sys
2008-10-28 00:50. 2006-05-29 07:26 8.704 - a ------ c: \ windows \ system32 \ drivers \ nmwcdc.sys
2008-10-28 00:50. 2006-05-29 07:26 4.608 - a ------ c: \ windows \ system32 \ nmwcdlog.dll
2008-10-28 00:49. 2008-10-28 00:49 <DIR> d -------- C: \ Windows \ Downloaded Installations
2008-10-28 00:49. 2008-10-28 00:51 <DIR> d -------- c: \ program files \ Nokia
2008-10-28 00:49. 2008-10-28 00:50 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ PCSuite
2008-10-27 23:54. 2008-10-27 23:54 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ EPSON
2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- c: \ program files \ Ventrilo
2008-10-27 21:55. 2008-10-27 21:55 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Wise Installation Wizard
2008-10-27 21:55. 2008-10-27 21:56 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Anwendungsdaten \ Ventrilo
2008-10-27 21:13. 2008-11-06 20:34 160.100 - a ------ c: \ windows \ system32 \ nvapps.xml
2008-10-27 21:05. 2008-11-05 16:09 <DIR> da ------ C: \ Dokumente und Einstellungen \ All Users \ Application Data \ TEMP
2008-10-26 23:48. 2008-11-06 05:29 <DIR> d -------- c: \ program files \ easyMule
2008-10-26 13:53. 2008-10-26 13:53 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Viewpoint
2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Programme \ iPod
2008-10-25 19:37. 2008-10-25 19:37 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Apple Computer
2008-10-25 19:37. 2008-04-17 12:12 107.368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2008-10-25 19:37. 2008-04-17 12:12 15.464 - a ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- c: \ program files \ QuickTime
2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- c: \ program files \ iTunes
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- c: \ program files \ Bonjour
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Programme \ Apple Software Update
2008-10-25 19:36. 2008-10-25 19:36 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple Computer
2008-10-25 19:36. 2008-10-25 19:37 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ () 3276BE95_AF08_429F_A64F_CA64CB79BCF6
2008-10-25 19:35. 2008-10-25 19:36 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Apple
2008-10-25 19:35. 2008-10-25 19:35 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Apple
2008-10-24 18:11. 2007-07-30 18:19 271.224 - a ------ c: \ windows \ system32 \ mucltui.dll
2008-10-24 18:11. 2007-07-30 18:19 30.072 - a ------ c: \ windows \ system32 \ mucltui.dll.mui
2008-10-24 15:39. 2008-10-24 15:39 <DIR> d -------- C: \ Dokumente und Einstellungen \ All Users \ Application Data \ Blizzard
2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- c: \ program files \ Real
2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ xing shared
2008-10-24 14:24. 2008-10-24 14:24 <DIR> d -------- C: \ Programme \ Gemeinsame Dateien \ Real
2008-10-24 14:07. 2008-10-24 14:07 <DIR> d -------- C: \ Dokumente und Einstellungen \ MKJ \ Logs
2008-10-24 13:59. 2008-10-24 13:59 <DIR> d -------- C: \ Logs
2008-10-24 10:05. 2008-10-27 21:15 <DIR> d -------- C: \ Windows \ nView
2008-10-24 10:05. 2008-01-10 01:30 442.368-ra ------ c: \ windows \ system32 \ nvusmb.exe
2008-10-24 10:05. 2008-03-06 15:23 442.368 - a ------ c: \ windows \ system32 \ NVUNINST.EXE
2008-10-24 10:05. 2008-03-19 04:04 442.368 - a ------ c: \ windows \ system32 \ nvudisp.exe
2008-10-24 10:05. 2007-09-27 22:32 356.352-ra ------ c: \ windows \ system32 \ nvusmu.exe
2008-10-24 10:05. 2008-01-03 17:26 17.737 - a ------ c: \ windows \ system32 \ nvdisp.nvu
2008-10-24 10:05. 2007-10-12 03:53 13.312-ra ------ c: \ windows \ system32 \ drivers \ nvsmu.sys
2008-10-24 10:05. 2007-12-07 03:12 5.836 - a ------ c: \ windows \ system32 \ nvnrm.nvu
2008-10-24 10:05. 2008-01-16 17:17 3.948-ra ------ c: \ windows \ system32 \ drivers \ nvphy.bin
2008-10-24 10:05. 2007-12-07 01:34 2.016-ra ------ c: \ windows \ system32 \ nvsmb.nvu
2008-10-24 10:05. 2007-09-12 01:14 659-ra ------ c: \ windows \ system32 \ nvsmu.nvu
2008-10-24 10:04. 2008-10-23 22:44 35.647 - a ------ c: \ windows \ Ascd_log.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 10:37 --------- d ----- WC: \ program files \ AIMTunes
2008-11-04 21:36 --------- d ----- WC: \ Programme \ World of Warcraft
2008-10-28 05:55 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Ulead Systems
2008-10-28 05:55 --------- d ----- WC: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Ulead Systems
2008-10-28 05:54 --------- d ----- WC: \ Programme \ Ulead Systems
2008-10-28 05:54 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Ulead Systems
2008-10-28 05:53 --------- d - h - WC: \ Programme \ InstallShield Installation Information
2008-10-28 05:02 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Adobe
2008-10-24 19:24 499.712 ---- aw c: \ windows \ system32 \ msvcp71.dll
2008-10-24 19:24 348.160 ---- aw c: \ windows \ system32 \ msvcr71.dll
2008-10-24 14:51 --------- d ----- WC: \ Program Files \ Microsoft FrontPage
2008-10-24 07:55 --------- d ----- WC: \ program files \ MSN Messenger
2008-10-24 06:09 --------- d ----- WC: \ Program Files \ Microsoft CAPICOM 2.1.0.2
2008-10-24 05:44 --------- d ----- WC: \ Programme \ Winamp
2008-10-24 05:44 --------- d ----- WC: \ Dokumente und Einstellungen \ MKJ \ Application Data \ Winamp
2008-10-24 05:40 --------- ----- WC: \ Dokumente und Einstellungen d \ MKJ \ Application Data \ acccore
2008-10-24 05:39 --------- d ----- WC: \ program files \ AIM6
2008-10-24 05:39 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ AOL Downloads
2008-10-24 05:38 --------- d ----- WC: \ program files \ Viewpoint
2008-10-24 05:38 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ AOL
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Viewpoint
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Anwendungsdaten \ AOL OCP
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ AOL
2008-10-24 05:38 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ acccore
2008-10-24 05:32 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Blizzard Entertainment
2008-10-24 05:20 --------- d ----- WC: \ Programme \ Windows Media Connect 2
2008-10-24 05:10 --------- d ----- WC: \ program files \ DivX
2008-10-24 05:08 --------- d ----- WC: \ program files \ DefilerPak
2008-10-24 04:37 --------- d ----- WC: \ program files \ Realtek
2008-10-24 04:33 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Symantec
2008-10-24 04:18 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ Symantec Shared
2008-10-24 03:58 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ InstallShield
2008-10-24 03:57 --------- d ----- WC: \ Programme \ Gemeinsame Dateien \ InstallShield
2008-10-24 03:54 --------- d ----- WC: \ Dokumente und Einstellungen \ All Users \ Application Data \ Corel
2008-10-24 03:33 --------- d ----- WC: \ program files \ ASUS
2008-10-24 03:08 315.392 ---- aw C: \ Windows \ HideWin.exe
2008-10-24 03:08 --------- d ----- WC: \ program files \ profile
2008-10-24 00:18 2.302.017 ---- aw c: \ windows \ system32 \ GPhotos.scr
2008-09-23 22:46 245.408 ---- aw c: \ windows \ system32 \ unicows.dll
2008-09-15 12:12 1.846.400 ---- aw C: \ Windows \ system32 \ win32k.sys
2008-09-08 10:41 333.824 ---- aw C: \ Windows \ System32 \ Drivers \ Srv.sys
2008-08-29 14:18 87.336 ---- aw c: \ windows \ system32 \ dns-sd.exe
2008-08-29 13:53 61.440 ---- aw c: \ windows \ system32 \ dnssd.dll
2008-08-26 07:24 826.368 ---- aw C: \ Windows \ system32 \ wininet.dll
2008-08-14 10:09 2.145.280 ---- aw c: \ windows \ system32 \ ntoskrnl.exe
2008-08-14 09:33 2.023.936 ---- aw C: \ Windows \ System32 \ Ntkrnlpa.exe
.
((((((((((((((((((((((((((((( Snapshot@2008-11-06_19.54.31.75 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-11-06 23:26:54 49.198 ---- aw c: \ windows \ system32 \ Perfc009.dat
+ 2008-11-07 00:54:48 49.198 ---- aw c: \ windows \ system32 \ Perfc009.dat
- 2008-11-06 23:26:54 390.094 ---- aw c: \ windows \ system32 \ Perfh009.dat
+ 2008-11-07 00:54:48 390.094 ---- aw c: \ windows \ system32 \ Perfh009.dat
+ 2008-11-07 01:33:47 16.384 ---- atw C: \ Windows \ Temp \ Perflib_Perfdata_584.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Hinweis * leere Einträge & legit Standard-Einträge werden nicht angezeigt
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (0A0DDBD3-6641-40B9-873F-BBDD26D6C14E)]
2008-10-23 02:37 147928 - a ------ c: \ program files \ easyMule \ modules \ IE2EM.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"CTFMON.EXE" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-13 15360]
"\ \ MING3 \ EPSON Stylus C120 Serie "=" C: \ Windows \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATICCA.EXE "[2007-03-12 182272]
"PcSync" = "C: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"MSPY2002" = "C: \ Windows \ System32 \ IME \ bin \ jusched.exe" [2004-08-04 455168]
"PHIME2002A" = "C: \ Windows \ System32 \ IME \ bin \ TIN TSETP.EXE" [2004-08-04 455168]
"Ai Nap" = "C: \ Program Files \ ASUS \ Ai Suite \ AiNap \ AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor" = "C: \ Program Files \ ASUS \ Ai Suite \ AiGear3 \ CpuPowerMonitor.exe" [2008-01-09 627200]
"CPU Level Up help" = "c: \ program files \ ASUS \ Ai Suite \ CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving" = "C: \ Program Files \ ASUS \ Ai Suite \ Energiesparen \ PwSave.exe" [2008-01-28 1352704]
"CTFMON.EXE v2" = "C: \ Programme \ Gemeinsame Dateien \ Ulead Systems \ AutoDetector \ Monitor.exe" [2006-11-29 90112]
"SunJavaUpdateSched" = "C: \ Programme \ Gemeinsame Dateien \ Real \ QTTask.exe" [2008-10-24 185872]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-01-03 13508608]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-01-03 86016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NSLauncher" = "C: \ Program Files \ Nokia \ Nokia Software Launcher \ NSLauncher.exe" [2006-11-28 2658304]
"NvCplDaemon" = "SOUNDMAN.EXE" [2008-05-07 C: \ Windows \ SOUNDMAN.EXE]
"nwiz" = "nwiz.exe" [2008-01-03 C: \ Windows \ system32 \ nwiz.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ Windows \ System32 \ CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.dvacm" = c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ Vio \ Dvacm.acm
"msacm.divxa32" = DivXa32.acm
"msacm.ulmp3acm" = c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ ulmp3acm.acm
"msacm.mpegacm" = c: \ progra ~ 1 \ COMMON ~ 1 \ ULEADS ~ 1 \ MPEG \ mpegacm.acm
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnet3.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnet3 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnet3 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx30SP1setup.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx30SP1setup [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx30SP1setup [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35setup.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35setup [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35setup [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx35 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3setup.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3setup [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3setup [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx3_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ dotnetfx [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP1_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx20SP2_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx30SP1_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_ia64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_ia64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_ia64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x86.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x86 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx35_x86 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx64.exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx64 [1]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ NetFx64 [2]. Exe]
"Debugger" = c: \ Windows \ Microsoft.NET \ Framework \ v2.0 ,50727 \ DotNetFxInstallBlock.exe
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Gemeinsame Dateien \ \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ Program Files \ \ World of Warcraft \ \ WoW-2.3.0-deDE-downloader.exe" =
"c: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" =
"c: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" =
"c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ Azureus \ \ emule.exe" =
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3724: TCP" = 3724: TCP: Blizzard Downloader: 3724
"12178: TCP" = 12178: TCP: BitComet 12178 TCP
"12178: UDP" = 12178: UDP: BitComet 12178 UDP
R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [2008-07-19 78416]
R2 aswFsBlk; aswFsBlk c: \ windows \ system32 \ drivers \ aswF sBlk.sys [2008-07-19 20560]
R2 Viewpoint Manager Service; Viewpoint Manager Service; c: \ program files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
R3 NVHDA; Service für NVIDIA High-Definition-Audio-Treiber c: \ windows \ system32 \ drivers \ nvhda32.sys [2008-05-04 38560]
.
Inhalt des "Geplante Tasks"-Ordner
2008-11-01 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 11:34]
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth-Malware-Detektor von Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:34:11
Windows 5.1.2600 Service Pack 3 NTFS
Scannen versteckte Prozesse ...
Scannen versteckte Autostart-Einträge ...
Scannen versteckten Dateien ...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
************************************************** ************************
.
------------------------ Weitere laufende Prozesse ----------------------- --
.
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
c: \ windows \ system32 \ nvsvc32.exe
c: \ windows \ system32 \ PSIService.exe
c: \ program files \ ASUS \ AASP \ 1.00.61 \ aaCenter.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
c: \ windows \ system32 \ rundll32.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Common Files \ pcsuite \ Services \ ServiceLayer.exe
c: \ progra ~ 1 \ COMMON ~ 1 \ Nokia \ MPAPI \ MPAPI3s.exe
.
************************************************** ************************
.
Zeit der Fertigstellung: 2008-11-06 20:36:06 - Computer wurde neu gestartet
ComboFix-quarantined-files.txt 2008-11-07 01:36:02
ComboFix2.txt 2008-11-07 00:54:46
Pre-Run: 41668276224 bytes free
Post-Run: 41678303232 bytes free
418 --- EOF --- 2008-10-28 07:00:21

Danke
Reply
Seite 1 von 2 1 2

Register

Lesezeichen

Ähnliche Themen
Faden Thread Starter Forum Antworten Last Post
System Idle-Prozess weniger als oder gleich zu 99 Cpu sgonzalez90 Windows-Betriebssysteme 4 6. Apr 2009 14:50
System im Leerlauf Prozess - Windows Task-Manager pest79456 Windows-Betriebssysteme 3 8. Feb. 2009 09:20
Klicken Sie, Signalton und versteckte iexplore.exe Prozess Ad-hoc - Viren, Spyware und Sicherheit 5 7 Oktober 2008 18:44
IEXPLORE.EXE Virus System? HijackThis-Log, werfen Sie bitte einen Blick. samDd Viren, Spyware und Sicherheit 4 29. Sep 2008 17:13
Probleme mit Pop-ups und iexplore laufenden Prozess 1carly1 Viren, Spyware und Sicherheit 3 15. Feb. 2008 10:36
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer-Saft.
Kontakt -- Privatsphäre und Datenschutz -- Sitemap -- Spitze

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc.