Verzeichnis von C:\ 13.06.2006 10:54 0 sys.txt 13.06.2006 10:54 13.575 system.txt 13.06.2006 10:54 437 systemtemp.txt 13.06.2006 10:52 102.193 system32.txt 13.06.2006 10:42 535.875.584 hiberfil.sys 13.06.2006 10:42 805.306.368 pagefile.sys 27.03.2006 12:22 3.811 ads_err.dbf 19.03.2006 14:50 28 console.log 28.11.2004 11:31 211 boot.init Verzeichnis von C:\WINDOWS 13.06.2006 10:43 159 wiadebug.log 13.06.2006 10:43 0 0.log 13.06.2006 10:43 2.048 bootstat.dat 13.06.2006 10:42 1.994.024 WindowsUpdate.log 13.06.2006 10:42 50 wiaservc.log 13.06.2006 10:42 32.544 SchedLgU.Txt 10.06.2006 01:50 119.808 Thumbs.db 10.06.2006 01:49 963 spacer.gif' 10.06.2006 01:44 1.791 win_logo.gif 10.06.2006 01:44 3.877 warning_icon.gif 10.06.2006 01:44 283 x.gif 10.06.2006 01:44 1.014 warning-bar-ico.gif 10.06.2006 01:44 291 v.gif 10.06.2006 01:44 688 ts.gif 10.06.2006 01:44 2.374 ts_header.gif 10.06.2006 01:44 425 star_gray.gif 10.06.2006 01:44 639 star.gif 10.06.2006 01:44 550 star_small.gif 10.06.2006 01:44 223 star_gray_small.gif 10.06.2006 01:44 49 spacer.gif 10.06.2006 01:44 65 sep_hor.gif 10.06.2006 01:44 53 sep_vert.gif 10.06.2006 01:44 6.399 spyware-detected.gif 10.06.2006 01:44 10.809 security-center-logo.gif 10.06.2006 01:44 6.695 security_center_caption.gif 10.06.2006 01:44 177 security-center-bg.gif 10.06.2006 01:44 2.735 scan_btn.gif 10.06.2006 01:44 2.271 rf_header.gif 10.06.2006 01:44 611 rf.gif 10.06.2006 01:44 1.204 infected.gif 10.06.2006 01:44 215 main_back.gif 10.06.2006 01:44 10.193 header_3.gif 10.06.2006 01:44 11.077 header_4.gif 10.06.2006 01:44 25.023 header_1.gif 10.06.2006 01:44 15.421 header_2.gif 10.06.2006 01:44 2.306 footer_back.gif 10.06.2006 01:44 2.922 footer_back.jpg 10.06.2006 01:44 592 features.gif 10.06.2006 01:44 64 close-bar.gif 10.06.2006 01:44 2.238 download_box.gif 10.06.2006 01:44 2.067 button_freescan.gif 10.06.2006 01:44 1.682 button_buynow.gif 10.06.2006 01:44 11.602 box_3.gif 10.06.2006 01:44 12.019 box_2.gif 10.06.2006 01:44 5.741 box_1.gif 10.06.2006 01:44 847 as.gif 10.06.2006 01:44 72 bg.gif 10.06.2006 01:44 2.695 as_header.gif 10.06.2006 01:44 110 about_spyware_bg.gif 10.06.2006 01:44 372 about_spyware_bottom.gif 09.06.2006 22:57 9.472 BTGrab.dll 09.06.2006 22:57 28.160 dlmax.dll 09.06.2006 22:57 24.064 Pynix.dll 09.06.2006 22:57 29.696 ZServ.dll 09.06.2006 22:57 22.016 susp.exe 09.06.2006 22:57 13.568 alxie328.dll 09.06.2006 22:57 31.488 alexaie.dll 09.06.2006 22:57 29.952 alxtb1.dll 01.06.2006 18:01 65.729 wmsetup.log 23.05.2006 22:41 57.608 setupapi.log 10.05.2006 14:55 25.788 msgsocm.log 10.05.2006 14:55 24.726 ocmsn.log 10.05.2006 14:55 201.197 tsoc.log 10.05.2006 14:55 108.453 ntdtcsetup.log 10.05.2006 14:55 180.181 comsetup.log 10.05.2006 14:55 80.361 iis6.log 10.05.2006 14:55 506.288 FaxSetup.log 10.05.2006 14:55 12.508 KB913580.log 10.05.2006 14:55 1.374 imsins.log 10.05.2006 14:55 262.395 ocgen.log 10.05.2006 14:55 17.392 updspapi.log 08.05.2006 17:16 54.156 QTFont.qfn 27.04.2006 15:40 1.374 imsins.BAK 27.04.2006 15:40 11.188 KB900485.log 16.04.2006 17:43 31.599 spupdsvc.log 16.04.2006 02:24 15.038 KB908531.log 16.04.2006 02:24 14.226 KB911562.log 16.04.2006 02:23 16.280 KB912812.log 16.04.2006 02:23 29.208 KB911565.log 16.04.2006 02:22 10.645 KB911567.log 04.04.2006 15:25 216.029 setupact.log 02.04.2006 12:23 26 buffygame.INI 27.03.2006 01:02 364.496 Directx.log 27.03.2006 00:48 378 wmsetup10.log 27.03.2006 00:45 1.064.364 setupapi.log.1.old 27.03.2006 00:45 316.640 WMSysPr9.prx 27.03.2006 00:37 647 win.ini 26.03.2006 22:31 1.409 QTFont.for 26.03.2006 15:39 3.896 ModemLog_Mobile 115200.txt 26.03.2006 15:38 3.998 ModemLog_SENS LT56ADW Modem.txt 23.03.2006 01:12 2.909 mozver.dat 23.03.2006 01:03 0 nsreg.dat 23.03.2006 00:58 838 Active Setup Log.txt 18.03.2006 15:52 30.501 KB899587.log 18.03.2006 15:52 29.622 KB896422.log 18.03.2006 15:52 29.215 KB885250.log 18.03.2006 15:52 29.658 KB911927.log 18.03.2006 15:51 29.150 KB901017.log 18.03.2006 15:51 29.473 KB899591.log 18.03.2006 15:51 29.665 KB896424.log 18.03.2006 15:51 29.590 KB893756.log 18.03.2006 15:51 27.345 KB896423.log 18.03.2006 15:51 27.383 KB888113.log 18.03.2006 15:51 27.784 KB887742.log 18.03.2006 15:51 27.525 KB887472.log 18.03.2006 15:51 27.826 KB896358.log 18.03.2006 15:50 22.633 KB910437.log 18.03.2006 15:50 18.579 KB898458.log 18.03.2006 15:50 22.982 KB911564.log 18.03.2006 15:50 30.171 KB905915.log 18.03.2006 15:49 23.761 KB891781.log 18.03.2006 15:49 28.998 KB902400.log 18.03.2006 15:49 20.938 KB890046.log 18.03.2006 15:49 20.672 KB905414.log 18.03.2006 15:49 19.916 KB901214.log 18.03.2006 15:49 18.487 KB888302.log 18.03.2006 15:49 22.284 KB900725.log 18.03.2006 15:48 17.523 KB912919.log 18.03.2006 15:48 16.711 KB904706.log 18.03.2006 15:48 19.603 KB905749.log 18.03.2006 15:48 18.401 KB896428.log 18.03.2006 15:47 16.940 KB894391.log 18.03.2006 15:46 14.717 KB908519.log 18.03.2006 15:46 10.886 KB913446.log 18.03.2006 15:46 16.858 KB890859.log 18.03.2006 14:48 12.633 KB893803v2.log 18.03.2006 14:48 10.150 KB898461.log 18.03.2006 12:59 10 smdat32m.sys 17.03.2006 20:37 0 smdat32a.sys 16.03.2006 11:13 618 ULEAD32.INI 13.03.2006 00:34 134.050 ntbtlog.txt 04.05.2006 15:46 6.152 pujqfgoz.exe 04.05.2006 06:26 5.818.784 MRT.exe 29.04.2006 13:14 7.006 jupdate-1.5.0_06-b05.log 27.04.2006 12:17 6.222 phqghume.exe 25.04.2006 14:14 46.592 zlbw.dll 25.04.2006 14:14 15.001 taskdir~.exe 25.04.2006 14:09 61 svcp.csv 25.04.2006 14:09 52.117 parad.raw.exe 25.04.2006 14:09 4 winsub.xml 25.04.2006 14:04 7.045 internetoloper.exe 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 27.03.2006 00:45 23.392 nscompat.tlb 27.03.2006 00:45 16.832 amcompat.tlb 26.03.2006 15:25 1.398 mapisvc.inf 26.03.2006 13:49 251.088 FNTCACHE.DAT 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 15:57 41.170 perfc009.dat 18.03.2006 15:57 314.842 perfh009.dat 18.03.2006 15:57 732.166 PerfStringBackup.INI 18.03.2006 15:57 320.668 perfh007.dat 18.03.2006 15:57 49.570 perfc007.dat 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 1.022.976 browseui.dll 04.03.2006 05:34 152.064 cdfview.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 66.560 mtxclu.dll Verzeichnis von C:\DOKUME~1\HannesH\LOKALE~1\Temp 13.06.2006 10:47 1.048.576 RootRepStream_4CD76 13.06.2006 10:46 1.980 3.tmp 13.06.2006 10:44 769 RTEGPRS.rlg 30.01.2006 02:23 28.672 6.tmp 4 Datei(en) 1.079.997 Bytes 0 Verzeichnis(se), 10.259.103.744 Bytes frei Logfile of HijackThis v1.99.1 Scan saved at 10:58:05, on 13.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\ltmoh\Ltmoh.exe C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\SmartCom\RTEGPRS.exe C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe C:\WINDOWS\twain_32\C6U14K\WATCH.exe C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\HannesH\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file) O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file) O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file) O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing) O2 - BHO: adobepnl.ADOBE_PANEL - {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} - C:\WINDOWS\system32\adobepnl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file) O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file) O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file) O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Programme\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RTEGPRS] "C:\Programme\Gemeinsame Dateien\SmartCom\RTEGPRS.exe" tray O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROProj.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/slgwebinstall.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe