Logfile of HijackThis v1.99.1 Scan saved at 17:27:01, on 08.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avast4Home\aswUpdSv.exe C:\Programme\Avast4Home\ashServ.exe C:\PROGRA~1\AVAST4~1\ashDisp.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\PHILIP~1\VProperty.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\TechSmith\SnagIt 6\SnagIt32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE C:\Programme\Avast4Home\ashMaiSv.exe C:\Programme\Avast4Home\ashWebSv.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Rdiger\Desktop\virus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST4~1\ashDisp.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: SnagIt 6.lnk = C:\Programme\TechSmith\SnagIt 6\SnagIt32.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107864429265 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC551383-E02F-4723-B7F2-C60021897494}: NameServer = 217.237.149.225 217.237.150.188 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O21 - SSODL: detachments - {01d8d081-0f76-4ab5-b5e4-9b23a709670e} - C:\WINDOWS\system32\sacskza.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Avast4Home\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Avast4Home\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4Home\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4Home\ashWebSv.exe" /service (file missing) O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Platinum (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe Rdiger - 06-11-08 17:48:40,82 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Rdiger\Desktop\virus" ((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 )))))))))))))))))))))))))))))))))) 2006-11-08 10:12 106,496 --a------ C:\WINDOWS\system32\sacskza.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-08 17:29 -------- d-------- C:\Programme\CleanUp! 2006-11-08 11:43 -------- d-------- C:\Programme\Lavasoft 2006-11-08 11:43 -------- d-------- C:\Dokumente und Einstellungen\Rdiger\Anwendungsdaten\Lavasoft 2006-11-08 10:11 -------- d-------- C:\Programme\VidCodecs 2006-10-12 22:14 -------- d-------- C:\Dokumente und Einstellungen\Rdiger\Anwendungsdaten\Canon 2006-09-27 15:00 -------- d-------- C:\Programme\Avast4Home 2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-09-25 16:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2006-09-25 16:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2006-09-25 16:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2006-09-25 16:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-09-25 16:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2006-09-24 20:25 -------- d-------- C:\Programme\Gemeinsame Dateien\DeTeMedien 2006-09-24 17:52 -------- d-------- C:\Programme\Gemeinsame Dateien\LightScribe 2006-09-24 17:51 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-12 17:23 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="C:\\PROGRA~1\\AVAST4~1\\ashDisp.exe" "C-Media Mixer"="Mixer.exe /startup" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_01\\bin\\jusched.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\Launch Application 2.exe -onlytray" "DataLayer"="C:\\PROGRA~1\\GEMEIN~1\\PCSuite\\DATALA~1\\DATALA~1.EXE" "ToUcamVProperty"="C:\\PROGRA~1\\PHILIP~1\\VProperty.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{01d8d081-0f76-4ab5-b5e4-9b23a709670e}"="detachments" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "detachments"="{01d8d081-0f76-4ab5-b5e4-9b23a709670e}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BthServ"=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-08 17:49:22.43 C:\ComboFix.txt ... 06-11-08 17:49 Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: B0B6-9998 Verzeichnis von C:\WINDOWS\system32 08.11.2006 17:44 17.145 nvapps.xml 08.11.2006 10:12 106.496 sacskza.dll 29.10.2006 17:59 39.992 perfc009.dat 29.10.2006 17:59 311.604 perfh009.dat 29.10.2006 17:59 48.156 perfc007.dat 29.10.2006 17:59 316.594 perfh007.dat 29.10.2006 17:59 723.744 PerfStringBackup.INI 27.09.2006 14:59 2.995 CONFIG.NT 25.09.2006 16:45 666.240 aswBoot.exe 25.09.2006 16:37 90.112 AVASTSS.scr 26.07.2006 13:08 2.262 wpa.dbl Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: B0B6-9998 Verzeichnis von C:\ 08.11.2006 17:44 402.653.184 pagefile.sys 08.11.2006 11:10 211 boot.ini Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: B0B6-9998 Verzeichnis von C:\WINDOWS 08.11.2006 17:45 0 0.log 08.11.2006 17:45 159 wiadebug.log 08.11.2006 17:45 50 wiaservc.log 08.11.2006 17:44 2.048 bootstat.dat 08.11.2006 17:43 32.618 SchedLgU.Txt 08.11.2006 17:43 381.143 WindowsUpdate.log 08.11.2006 12:14 274 system.ini 08.11.2006 11:10 829 win.ini 08.11.2006 09:56 116 NeroDigital.ini 05.11.2006 18:45 432.269 setupapi.log 10.09.2006 23:35 870 videoimp.ini 10.08.2006 20:54 42.771 CSTBox.INI 22.03.2006 21:48 0 ROUTE 14.03.2006 12:35 25.297 wmsetup.log 25.09.2005 12:11 99.970 UninstallFirefox.exe 25.09.2005 12:11 9.139 mozver.dat 21.09.2005 21:18 5.907 KB887472.log 21.09.2005 21:18 87.716 iis6.log 21.09.2005 21:18 28.215 comsetup.log 21.09.2005 21:18 15.421 ntdtcsetup.log 21.09.2005 21:18 3.118 tabletoc.log 21.09.2005 21:18 27.113 tsoc.log 21.09.2005 21:18 1.374 imsins.log 21.09.2005 21:18 2.937 ocmsn.log 21.09.2005 21:18 9.288 netfxocm.log 21.09.2005 21:18 4.037 MedCtrOC.log 21.09.2005 21:18 32.228 ocgen.log 21.09.2005 21:18 2.725 msgsocm.log 21.09.2005 21:18 48.635 FaxSetup.log 21.09.2005 21:18 21.304 msmqinst.log Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: B0B6-9998 Verzeichnis von C:\DOKUME~1\RDIGER~1\LOKALE~1\Temp Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: B0B6-9998 Verzeichnis von C:\WINDOWS\Temp 08.11.2006 17:45 16.384 Perflib_Perfdata_650.dat 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 11.747.811.328 Bytes frei