14.10.2006 10:50 25.068 KB917953.log 14.10.2006 10:48 24.929 KB901214.log 14.10.2006 10:47 24.455 KB923191.log 14.10.2006 10:45 22.717 KB917422.log 14.10.2006 10:45 20.377 KB892944.log 14.10.2006 10:44 21.651 KB888302.log 14.10.2006 10:43 23.524 KB900725.log 14.10.2006 10:43 21.257 KB912919.log 14.10.2006 10:42 9.528 KB918899-IE6SP1-20060725.123917.log 14.10.2006 10:41 14.949 KB911567-OE6SP1-20060316.165634.log 13.10.2006 23:07 25.214 KB908531.log 13.10.2006 23:05 21.890 KB905749.log 13.10.2006 23:04 22.404 KB913580.log 13.10.2006 23:01 19.607 KB896428.log 13.10.2006 22:58 16.589 KB835409.log 13.10.2006 22:57 20.079 KB908519.log 13.10.2006 22:57 20.209 KB920683.log 13.10.2006 22:55 19.601 KB914389.log 13.10.2006 22:53 20.105 KB890859.log 13.10.2006 18:58 7.663 KB899587.log 13.10.2006 18:57 7.564 KB924191.log 13.10.2006 18:57 7.730 KB922819.log 13.10.2006 18:57 7.856 KB885835.log 13.10.2006 18:57 7.347 KB885836.log 13.10.2006 18:56 7.168 KB923414.log 13.10.2006 18:56 7.065 KB911927.log 13.10.2006 18:56 6.968 KB922616.log 13.10.2006 18:56 6.876 KB901017.log 13.10.2006 18:56 6.768 KB899591.log 13.10.2006 18:56 6.676 KB920685.log 13.10.2006 18:55 6.583 KB896424.log 13.10.2006 18:55 6.474 KB893756.log 13.10.2006 18:55 6.381 KB911280.log 13.10.2006 18:55 6.648 KB911562.log 13.10.2006 18:54 6.254 KB873339.log 13.10.2006 18:54 6.084 KB924496.log 13.10.2006 18:54 5.998 KB921398.log 13.10.2006 18:53 5.885 KB896358.log 13.10.2006 18:53 5.877 KB905495.log 13.10.2006 18:24 3.504 KB921883.log 13.10.2006 18:24 3.600 KB896423.log 13.10.2006 18:08 7.320 KB842773.log 13.10.2006 18:07 9.043 KB893803v2.log 13.10.2006 18:06 8.531 KB898461.log ------------------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 08BF-B934 Verzeichnis von C:\WINDOWS\Temp ------------------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 08BF-B934 Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.11.2006 14:36 5.019 swflash.inf ------------------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 08BF-B934 Verzeichnis von C:\ 22.12.2006 14:42 0 sys.txt 22.12.2006 14:42 188 down.txt 22.12.2006 14:42 117 temp.txt 22.12.2006 14:41 117 tmp.txt 22.12.2006 14:41 10.877 system.txt 22.12.2006 14:41 56.353 systemtemp.txt 22.12.2006 14:41 98.012 system32.txt 22.12.2006 14:41 7.378 windows.txt 22.12.2006 14:26 116 myDelm.bat 22.12.2006 14:25 267.968.512 hiberfil.sys 22.12.2006 14:25 402.653.184 pagefile.sys 22.12.2006 14:23 126.976 zip.exe 22.12.2006 14:23 1.080 hhwimxtw.bat 22.12.2006 14:23 11.662 jmlxkapo.txt 22.12.2006 14:23 1.271 avexport.bat 21.12.2006 20:11 21.102 der rest.txt 21.12.2006 19:50 1.175 c.txt 21.12.2006 19:25 15.006 ComboFix.txt 21.12.2006 18:48 4.161 ComboFix2.txt _______________________________________________________________ Hijackthis auch durchgeführt _______________________________________________________________ Service Filter durchgeführt + log: The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 1 Dez 22, 2006 14:56:31 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: Adobe LM Service Display Name: Adobe LM Service Start Mode: Manual Start Name: LocalSystem Description: Adobe LM ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\adobe systems shared\service\adobelmsvc.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 2 Service Name: AntiVirScheduler Display Name: AntiVir PersonalEdition Classic Planer Start Mode: Auto Start Name: LocalSystem Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\sched.exe State: Running Process ID: 1960 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 3 Service Name: AntiVirService Display Name: AntiVir PersonalEdition Classic Guard Start Mode: Auto Start Name: LocalSystem Description: Bietet permanente Schutz vor Viren und Malware mit der AntiVir ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\avguard.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1067 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #4 Service Name: AOL ACS Display Name: AOL Connectivity Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\progra~1\gemein~1\aol\acs\aolacsd.exe State: Running Process ID: 1984 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 5 Service Name: COM+ Messages Display Name: COM+ Messages Start Mode: Disabled Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\windows\system32\svchosts.exe" -e te-110-12-0000175 State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 7 Service Name: PigeonServer1.23 Display Name: Pigeon_Server1.23 Start Mode: Auto Start Name: LocalSystem Description: ¹§Ï²°¡!!!... Service Type: Own Process Path: c:\windows\g_server1.23.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1067 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 8 Service Name: RpcS Display Name: Remote Procedure Call System(RPCS) Start Mode: Auto Start Name: LocalSystem Description: ¹ÜÀí²¢¿ØÖÆRPC·þÎñÊý¾Ý¿â¡£... Service Type: Own Process Path: c:\windows\system32\rpcs.exe State: Running Process ID: 360 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 9 Service Name: Sbscpw Display Name: Transaction Provisioning Service Start Mode: Auto Start Name: LocalSystem Description: ½âÎöºÍ»º³åÓòÃûϵͳ (DNS) Ãû³Æ¡£Èç¹û´Ë·þÎñ±»Í£Ö¹£¬¼ÆËã»ú½«²»ÄܽâÎö DNS Ãû³Æ²¢¶¨Î» Active Directory ... Service Type: Own Process Path: c:\windows\system32\ozipt.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #10 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{9dec5113-b4aa-455c-b16f-939ea75a17f1} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 11 Service Name: usnsvc Display Name: Messenger Sharing USN Journal Reader-Service Start Mode: Manual Start Name: LocalSystem Description: Ein von Messenger installierter Service, der Freigabeszenarien ... Service Type: Own Process Path: c:\windows\system32\svchost.exe -k usnsvc State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 12 Service Name: VisionService Display Name: VisionService Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\rundll32.exe c:\progra~1\vision\visver.dll,service State: Running Process ID: 460 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 13 Service Name: Win32DDS Display Name: Win32 Display Driver Start Mode: Auto Start Name: LocalSystem Description: Provides system and desktop level support to the display ... Service Type: Own Process Path: c:\windows\system32\rundll32.exe windds32.dll,start State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 14 Service Name: WinDHCPsvc Display Name: Windows DHCP Service Start Mode: Auto Start Name: LocalSystem Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ... Service Type: Own Process Path: c:\windows\system32\rundll32.exe windhcp.ocx,start State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 15 Service Name: WinXPDHCPsvc Display Name: WinXP DHCP Service Start Mode: Auto Start Name: LocalSystem Description: ΪԶ³Ì¼ÆËã»ú×¢²á²¢¸üРIP ... Service Type: Own Process Path: c:\windows\system32\rundll32.exe xpdhcp.dll,start State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 16 Service Name: www.ppandora.com Display Name: www.ppandora.com Start Mode: Disabled Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\nsvc32.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 17 Service Name: zhongguozhizao.3322.org Display Name: zhongguozhizao.3322.org Start Mode: Disabled Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\zhongguozhizao.3322.org.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 93 Win32 services on this machine. 17 were unrecognized. Script Execution Time: 4,835938 seconds. lG Frank