Win32:VBStat-C, Win32:Virtumonde-G und System Doctor |
|
---|---|
09.05.2007, 15:23
...neu hier
Beiträge: 4 |
|
|
|
09.05.2007, 15:27
Moderator
Beiträge: 7805 |
#2
Nutze bitte Vundofix: http://virus-protect.org/artikel/tools/vundofixx.html
und danach combofix: http://virus-protect.org/artikel/tools/combofix.html Poste bitte beide Reporte. Weisst du, wo du dir die Malware eingefangen hast? __________ MfG Ralf SEO-Spam Hunter |
|
|
09.05.2007, 16:03
...neu hier
Themenstarter Beiträge: 4 |
#3
Den ganzen Kram habe ich mir bestimm eingefangen, als ich auf astalavista war um einen key zu suchen für eine gaaaaanz alte version eines Programmes. Ja, so böde bin ich ;-)
Dank dir schon mal für die Hilfe Vundofix report: habe da keinen gesehen... combofix report: "name" - 2007-05-09 15:56:05 Service Pack 2 ComboFix 07-05.08.3.V - Running from: "C:\Programme\Mozilla Firefox\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bywrxudt.dll C:\WINDOWS\system32\iusgaihm.dll C:\WINDOWS\system32\qcniqgln.dll C:\WINDOWS\system32\nlgqincq.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 )))))))))))))))))))))))))))))))))) 2007-05-09 15:55 1,088,478 --a------ C:\ComboFix.exe 2007-05-07 18:09 <DIR> d---s---- C:\DOKUME~1\TORSTE~1\UserData 2007-05-07 17:33 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-05-07 17:31 164 --a------ C:\install.dat 2007-05-04 16:59 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP 2007-04-20 22:04 <DIR> d-------- C:\Programme\TVAnts 2007-04-19 23:12 155,648 --a------ C:\WINDOWS\system32\igfxres.dll 2007-04-19 19:03 <DIR> d-------- C:\DOKUME~1\TORSTE~1\ANWEND~1\DisplayTune 2007-04-19 19:00 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys 2007-04-19 18:59 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys 2007-04-19 18:59 <DIR> d-------- C:\Programme\Portrait Displays 2007-04-10 00:04 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-04-09 17:03 <DIR> d-------- C:\DOKUME~1\TORSTE~1\ANWEND~1\gtk-2.0 2007-04-09 17:03 <DIR> d-------- C:\DOKUME~1\TORSTE~1\.thumbnails 2007-04-09 17:01 <DIR> d-------- C:\DOKUME~1\TORSTE~1\.gimp-2.2 2007-04-09 17:00 <DIR> d-------- C:\Programme\GIMP-2.0 2007-04-09 16:59 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK 2007-04-09 16:29 <DIR> d-------- C:\Programme\IrfanView (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-09 01:42:42 -------- d-----w C:\Programme\PokerStars 2007-05-08 16:30:26 -------- d-----w C:\Programme\mIRC 2007-04-29 22:21:23 -------- d-----w C:\DOKUME~1\TORSTE~1\ANWEND~1\Skype 2007-04-27 22:26:39 -------- d-----w C:\Programme\PartyGaming 2007-04-19 16:59:44 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-04-18 16:16:59 733,824 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-18 16:12:31 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-18 16:12:12 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-18 16:10:01 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-18 16:09:10 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-18 16:07:49 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-18 16:06:59 90,112 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-18 14:45:59 -------- d-----w C:\Programme\Full Tilt Poker 2007-04-06 17:12:24 -------- d-----w C:\DOKUME~1\TORSTE~1\ANWEND~1\FMA 2007-04-06 17:10:59 -------- d-----w C:\Programme\FMA 2 2007-04-06 17:06:02 70,778 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-04-06 17:06:02 405,362 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-04-04 15:08:50 -------- d-----w C:\Programme\FLVPlayer 2007-03-16 18:14:39 153,751 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys 2007-03-16 12:39:32 -------- d-----w C:\DOKUME~1\TORSTE~1\ANWEND~1\Lavasoft 2007-03-16 12:39:19 -------- d-----w C:\Programme\Lavasoft 2007-03-16 12:38:59 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-03-15 19:29:12 -------- d-----w C:\DOKUME~1\TORSTE~1\ANWEND~1\Hamachi (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" "{E98AC0E0-843B-487A-ACD4-9CD42F8CBC8A}"="C:\WINDOWS\system32\tuvsp.dll" [x] "{EA46D6B5-32BD-4DBE-BAA3-2E50BDC33FBf}"="C:\WINDOWS\system32\bywrxudt.dll" [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "Cpqset"="C:\\Programme\\HPQ\\Default Settings\\cpqset.exe" "eabconfg.cpl"="\"C:\\Programme\\HPQ\\Quick Launch Buttons\\EabServr.exe\" /Start" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent" "DT Task"="\"C:\\Programme\\Portrait Displays\\HP Display Assistant\\DTHtml.exe\" -startup_folder" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "WindowsService"="rundll32.exe \"C:\\WINDOWS\\system32\\qcniqgln.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 bthsvcs BthServ\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-09 16:00:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programme\HPQ\Default Settings\cpqset.exe???????????????????|?????? ???B???????????????B???????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-09 16:00:55 C:\ComboFix-quarantined-files.txt ... 2007-05-09 16:00 |
|
|
09.05.2007, 16:10
Moderator
Beiträge: 7805 |
#4
Hm, sieht ganz gut aus. Poste bitte ein neues aktuelles Hijackthis log
__________ MfG Ralf SEO-Spam Hunter |
|
|
09.05.2007, 16:21
...neu hier
Themenstarter Beiträge: 4 |
#5
Hi, habe ja nur 2 Programme benutzt. Meinst du, dass alle drei Probleme beseitigt sind? Hier auf jeden Fall erstmal HJT-logfile:
Logfile of HijackThis v1.99.1 Scan saved at 4:17:16 PM, on 05/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Portrait Displays\HP Display Assistant\DTHtml.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Portrait Displays\HP Display Assistant\DTSRVC.exe C:\WINDOWS\system32\svchost.exe C:\Programme\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Sonstiges\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {E98AC0E0-843B-487A-ACD4-9CD42F8CBC8A} - C:\WINDOWS\system32\tuvsp.dll (file missing) O2 - BHO: (no name) - {EA46D6B5-32BD-4DBE-BAA3-2E50BDC33FBf} - C:\WINDOWS\system32\bywrxudt.dll (file missing) O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DT Task] "C:\Programme\Portrait Displays\HP Display Assistant\DTHtml.exe" -startup_folder O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\qcniqgln.dll",realset O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Portrait Displays\HP Display Assistant\DTSRVC.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Programme\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - PostgreSQL Global Development Group - C:\poker\PostgreSQL\bin\pg_ctl.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing) |
|
|
09.05.2007, 16:40
Moderator
Beiträge: 7805 |
#6
Meldet Avast denn noch etwas?
Diesen Eintrag musst du auch noch fixen(anhaken und fix checked druecken) O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\qcniqgln.dll",realset __________ MfG Ralf SEO-Spam Hunter |
|
|
09.05.2007, 16:54
...neu hier
Themenstarter Beiträge: 4 |
#7
Vielen vielen Dank für die schnelle und kompetente Hilfe. Weiter so...Gruß
|
|
|
09.05.2007, 17:03
Ehrenmitglied
Beiträge: 6028 |
#8
Schliesse alle Fenster und starte Hijack This
Klicke: 'Do a system scan only' Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O2 - BHO: (no name) - {E98AC0E0-843B-487A-ACD4-9CD42F8CBC8A} - C:\WINDOWS\system32\tuvsp.dll (file missing) O2 - BHO: (no name) - {EA46D6B5-32BD-4DBE-BAA3-2E50BDC33FBf} - C:\WINDOWS\system32\bywrxudt.dll (file missing) klicke: Fix checked Dein Java software ist veraltet,download jre-6-windows-i586.exe Srcolle runter nach "Java Runtime Environment (JRE) 6u1 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Klicke auf "Download" Setze in haeckchen bei "Accept License Agreement". Klicke “Windows Offline Installation, Multi-language” um “jre-6-windows-i586.exe”zum Desktop zu installieren Schliesse alle Programme auch dein Webbrowser Ueber "Start -> Einstellungen -> Systemsteuerung -> Software Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE) Nachdem alles entfernt wurde,Rechner neu starten Installiere jetzt vom Desktop aus “jre-6-windows-i586.exe” Entferne C:\Qoobox __________ MfG Argus |
|
|
22.05.2007, 10:46
...neu hier
Beiträge: 7 |
#9
Hallo!
Ich habe (fast) die gleichen Symptome, beim Keygen runterladen Virus installiert. Vundofix habe ich installiert, allerdings bekomme ich bei der Installation von ComboFix eine Fehlermeldung: Some installation files are corrupt. please download a freh copy and retry the installation. Kann mir jemand helfen??? Bekomme die Trojaner nicht weg, werden aber von Avast erkannt. Es kommen unterschiedliche Virenmeldungen mit Win32:VB-Stat-c, mit win32urityscan-af, win32:alphabet, win32:agent, ohjeohje! Bitte sagt, dass es auch ohne neu formatieren geht... hier mein Hijack-Logfile: Logfile of HijackThis v1.99.1 Scan saved at 10:47, on 2007-05-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\AvidSDMService.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Arcade\PCMService.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programme\Launch Manager\QtZgAcer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\Programme\FreePDF_XP\fpassist.exe C:\WINDOWS\retadpu1000272.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Dokumente und Einstellungen\Matthias\Desktop\ComboFix.exe C:\Dokumente und Einstellungen\Matthias\Desktop\HijackThis.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Programme\Arcade\PCMService.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\diedpljk.dll",realset O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FB4D660A-B846-4386-9A7A-CB7688EBCD09}: NameServer = 10.70.255.1,131.188.3.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = asgard O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = asgard O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = asgard O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe DANKE!!!! |
|
|
22.05.2007, 12:10
Moderator
Beiträge: 7805 |
#10
Bitte einmal Combofix erneut herunterladen und im abgesicherten Modus ausfuehren. Das selbe bitte mit Vundofix.
__________ MfG Ralf SEO-Spam Hunter |
|
|
22.05.2007, 12:53
...neu hier
Beiträge: 7 |
#11
Hallo Ralf,
habe es versucht, Combofix zeigt immernoch den gleichen Fehler an. Im Installationsprotokoll steht: Extracting ComboFixT\Boot.bat Extracting ComboFixT\CF_anti-viking.bat Extracting ComboFixT\CFCleanUp.bat Extracting ComboFixT\Combobatch.bat Extracting ComboFixT\ComboFix.bat Extracting ComboFixT\FIND3M.bat Extracting ComboFixT\FixLSP.bat Extracting ComboFixT\history.bat Extracting ComboFixT\List-C.bat Extracting ComboFixT\Look2Me.bat Extracting ComboFixT\MoveIt.bat Extracting ComboFixT\NTP.bat Extracting ComboFixT\Qoo.bat Extracting Start.bat Extracting ComboFixT\Sys.bat Extracting ComboFixT\nircmd.exe Extracting ComboFixT\ntp.exe Extracting ComboFixT\NTPBack.exe Extracting ComboFixT\swreg.exe Extracting ComboFixT\bad_netsvc.cf Extracting ComboFixT\Creg.cf Extracting ComboFixT\def_safeboot.cf Extracting ComboFixT\erunt.cf Extracting ComboFixT\executables.cf Extracting ComboFixT\L2M_combofix.cf Extracting ComboFixT\ndis_combofix.cf Extracting ComboFixT\net_svc.cf Extracting ComboFixT\notifykeys.cf Extracting ComboFixT\Qoo_combofix.cf Extracting ComboFixT\Qoo2_combofix.cf Extracting ComboFixT\region.cf Extracting ComboFixT\start.cf Extracting ComboFixT\svc_wht.cf Extracting ComboFixT\v_combofix.cf Extracting ComboFixT\whitedirB.cf Extracting ComboFixT\WhiteLegacy.cf Extracting ComboFixT\winlogondef.cf Extracting ComboFixT\catchme.cfexe Extracting ComboFixT\dd.cfexe Extracting ComboFixT\dumphive.cfexe Extracting ComboFixT\ERUNT.cfexe Extracting ComboFixT\handle.cfexe Extracting ComboFixT\moveex.cfexe Extracting ComboFixT\mtee.cfexe Extracting ComboFixT\Ntrights.cfexe Extracting ComboFixT\regbindump.cfexe Extracting ComboFixT\RestartIt.cfexe Extracting ComboFixT\sed.cfexe CRC failed in ComboFixT\sed.cfexe Unexpected end of archive Vundofix hat einige Dateien gefunden, und ich musste neu hochfahren, um die restlichen zu löschen (C:\Windows\system32\jkhhg.dll, ...\ljjihij.dll, ...\ghhkj.ini) Hat aber laut Vundofix geklappt. Nochmal mein Hijack-Logfile: Logfile of HijackThis v1.99.1 Scan saved at 12:49, on 2007-05-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Dokumente und Einstellungen\Matthias\Desktop\HijackThis.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Programme\Arcade\PCMService.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FB4D660A-B846-4386-9A7A-CB7688EBCD09}: NameServer = 10.70.255.1,131.188.3.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = asgard O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = asgard O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = asgard O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe Danke für die schnelle Antwort. |
|
|
22.05.2007, 13:48
Moderator
Beiträge: 7805 |
#12
Stimmt, die conbofix.exe auf dem Server ist defekt!
Du kannst es mit dieser Beta versuchen: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe bitte nicht vergessen, den Report zu posten __________ MfG Ralf SEO-Spam Hunter |
|
|
22.05.2007, 18:52
...neu hier
Beiträge: 7 |
#13
Ok, das ComboFix hat funktioniert. Hier nun der Report:
"Matthias" - 2007-05-22 18:43:18 Service Pack 2 [SAFE MODE] ComboFix 07-05.21.6.V - Running from: "C:\Dokumente und Einstellungen\Matthias\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ghhkj.ini C:\WINDOWS\system32\jkhhg.dll C:\WINDOWS\system32\ljjihij.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Programme\Gemeinsame Dateien\Yazzle1162OinUninstaller.exe C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\media\AvidRender.wav C:\install.log C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\media ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\nm -------\NPF ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-22 10:18 <DIR> d-------- C:\WINDOWS\Content.IE5 2007-05-22 09:55 786,432 --ah----- C:\DOKUME~1\ADMINI~1\NTUSER.DAT 2007-05-22 09:55 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten 2007-05-22 09:55 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen 2007-05-22 09:55 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Favoriten 2007-05-22 09:55 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Eigene Dateien 2007-05-22 09:55 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen 2007-05-22 09:55 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2007-05-22 09:55 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2007-05-22 09:55 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung 2007-05-22 09:55 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver 2007-05-22 09:55 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL 2007-05-22 09:43 <DIR> d-------- C:\VundoFix Backups 2007-05-22 09:17 4,272 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-21 09:32 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-05-20 23:02 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2007-05-20 23:02 <DIR> d-------- C:\WINDOWS\system32\windows media 2007-05-20 23:02 <DIR> d-------- C:\DOKUME~1\Matthias\ANWEND~1\DivX 2007-05-20 23:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SONY Digital Images 2007-05-20 23:00 73,728 --a------ C:\WINDOWS\system32\mplaw7.dll 2007-05-20 23:00 73,728 --a------ C:\WINDOWS\system32\mplaa6.dll 2007-05-20 23:00 61,440 --a------ C:\WINDOWS\system32\mplam6.dll 2007-05-16 18:21 <DIR> d-------- C:\Programme\Onlineeye Pro 2007-05-16 08:17 <DIR> d-------- C:\DOKUME~1\Matthias\ANWEND~1\Locktime 2007-05-16 08:14 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Locktime 2007-05-11 19:54 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-05-11 06:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-11 06:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-11 06:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-11 06:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-07 23:24 <DIR> d-------- C:\DOKUME~1\Matthias\ANWEND~1\Apple Computer 2007-05-07 23:18 <DIR> d---s---- C:\DOKUME~1\Matthias\UserData 2007-04-30 13:40 <DIR> d-------- C:\Programme\foobar2000 2007-04-30 13:40 <DIR> d-------- C:\DOKUME~1\Matthias\ANWEND~1\foobar2000 2007-04-24 13:59 <DIR> d-------- C:\Programme\AudioNoise 2007-04-24 13:15 <DIR> d-------- C:\Programme\Apple Software Update 2007-04-24 13:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer 2007-04-24 12:51 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\SonicStage 2007-04-24 01:19 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys 2007-04-24 01:18 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll 2007-04-24 01:15 <DIR> d-------- C:\DOKUME~1\Matthias\ANWEND~1\Sony Corporation 2007-04-23 02:15 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 02:15 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-23 02:15 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-23 02:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-23 02:02 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 02:02 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-04-23 02:02 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 02:02 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-04-23 02:02 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-04-23 02:02 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-04-23 02:02 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-23 02:01 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-04-23 02:01 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-22 16:41:00 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-05-22 14:22:40 49,424 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-05-22 14:22:40 318,680 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-15 08:12:26 -------- d-----w C:\Programme\YASU 2007-04-12 21:15:06 -------- d--h--r C:\DOKUME~1\Matthias\ANWEND~1\SecuROM 2007-04-12 21:15:04 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-04-12 21:06:00 -------- d-----w C:\Programme\DAEMON Tools 2007-04-12 21:03:38 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-12 20:55:50 -------- d-----w C:\DOKUME~1\Matthias\ANWEND~1\Command & Conquer 3 Tiberium Wars 2007-04-08 15:39:46 -------- d-----w C:\Programme\7-Zip 2007-04-02 01:02:36 -------- d-----w C:\Programme\MSXML 4.0 2007-03-28 22:00:46 -------- d-----w C:\Programme\audiograbber 2007-03-23 09:00:36 356 ----a-w C:\drmHeader.bin 2007-03-17 13:44:26 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-14 20:38:06 -------- d-----w C:\Programme\RegCleaner 2007-03-12 22:43:22 -------- d-----w C:\DOKUME~1\Matthias\ANWEND~1\Command & Conquer 3 Tiberium Wars Demo 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-03-02 08:31:56 57,264 ----a-w C:\DOKUME~1\Matthias\ANWEND~1\GDIPFONTCACHEV1.DAT 2007-03-01 13:04:38 8,359 ----a-w C:\WINDOWS\mozver.dat 2007-02-05 20:18:44 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 03:25] {DED35538-2053-498C-9854-3A1DEA516FC0}=C:\WINDOWS\system32\pmnlk.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32] "SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PCMService"="C:\Programme\Arcade\PCMService.exe" [2005-03-09 18:59] "ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13] "LManager"="C:\Programme\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:20] "eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-02-24 16:35] "SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10] "@"="" [] "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2005-05-27 11:24] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-11-12 12:48] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32] winxtx32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CONNECTAUTrayApp.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CONNECTAUTrayApp.lnk backup=C:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Matthias^Startmenü^Programme^Autostart^Adobe Gamma.lnk] path=C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CONNECTScheduler] "C:\Programme\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] "C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bd675ae-9e45-11db-a3eb-00c09fc86ffa}] AutoRun\command- F:\setupSNK.exe Contents of the 'Scheduled Tasks' folder 2007-04-24 11:16:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 18:50:05 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\controlset001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\SYSTEM\controlset001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\SYSTEM\controlset001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}] Completion time: 2007-05-22 18:52:34 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-22 18:52 --- E O F --- Viele Grüße, Matthias ES WÄRE TOLL WENN NOCH JEMAND ANTWORTET!!!! WARTE NOCH AUF EINE EINSCHÄTZUNG! System läuft soweit wieder relativ stabil, allerdings tauchen einige ungewohnte Wartezeiten auf.... Danke!! Dieser Beitrag wurde am 24.05.2007 um 01:13 Uhr von matthiasw editiert.
|
|
|
Bräuchte deswegen eure Hilfe. Habe mir hier auch schon einige Beiträge durchgelesen, aber nicht wirklich viel verstanden, da ich nicht gerade ein PC-Crack bin...
Hier erstmal mein HiJackthis-Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 3:20:57 PM, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Portrait Displays\HP Display Assistant\DTSRVC.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Portrait Displays\HP Display Assistant\DTHtml.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\HPQ\SHARED\HPQWMI.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Sonstiges\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DT Task] "C:\Programme\Portrait Displays\HP Display Assistant\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\qcniqgln.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Portrait Displays\HP Display Assistant\DTSRVC.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Programme\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - PostgreSQL Global Development Group - C:\poker\PostgreSQL\bin\pg_ctl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)