Home » Viren, Trojaner & Malware Forum » Mein pc dreht durch !!! popups ohne ende » Themenansicht

Mein pc dreht durch !!! popups ohne ende

Thema ist geschlossen!
Thema ist geschlossen!
#0
18.03.2006, 20:24
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 aproposfix
http://swandog46.geekstogo.com/aproposfix.exe
im abgesicherten Modus !!!!!!!!!!!!!!!!
poste dann erst mal diesen Scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.03.2006, 22:35
Harbs
Member

Themenstarter

Beiträge: 18
#17 Log of AproposFix v1.1

************

Running from directory:
C:\Dokumente und Einstellungen\Start\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!
Seitenanfang Seitenende
18.03.2006, 23:32
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 4.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

5.
scanne mit ewido--> poste den scanreport
http://virus-protect.org/ewido.html

6.
Panda (scanne und poste den scanbericht)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.03.2006, 08:16
Harbs
Member

Themenstarter

Beiträge: 18
#19 ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 08:11:25, 19.03.2006
+ Report-Checksumme: 1CDCCFE3

+ Scanergebnis:


C:\Dokumente und Einstellungen\Start\Cookies\start@2o7[2].txt -> TrackingCookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Start\Cookies\start@ivwbox[1].txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup
C:\Programme\winupdates\a.zip/Setup.exe -> Worm.VB.an : Gesäubert mit Backup


::Report Ende

........................................................................................................
--------------------------------------------------------------------------
.......................................................................................................
Hier der scnreport von Panda :


Incident Status Location

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\WinAntiVirus Pro 2006
Adware:adware/cydoor Not disinfected C:\WINDOWS\cache277
Adware:adware/blazefind Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Start\Cookies\start@as-eu.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Start\Cookies\start@sel.as-eu.falkag[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Dokumente und Einstellungen\Start\Cookies\start@weborama[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Start\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-4178254473-1185888952-1865586159-1012\Dc11.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected
Dieser Beitrag wurde am 19.03.2006 um 09:17 Uhr von Harbs editiert.
Seitenanfang Seitenende
19.03.2006, 12:15
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 avenger:
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

Files to delete:

C:\WINDOWS\system32\fwsvc.sys
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe
C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll
C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
C:\Programme\WinAntiVirus Pro 2006\Support.exe
C:\Programme\WinAntiVirus Pro 2006\Updater.exe
C:\Programme\WinAntiVirus Pro 2006\winav.exe
C:\Programme\WinAntiVirus Pro 2006\manual.exe
C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll
C:\Programme\WinAntiVirus Pro 2006\pv.exe

gruene Ampel klicken + neustarten

poste mir unbedingt den scanreport !

loesche:
C:\WINDOWS\cache277
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
C:\Programme\WinAntiVirus Pro 2006

WinAntiVirus Pro 2006
http://virus-protect.org/artikel/spyware/winantivirus_%20pro_%202006.html

-------------------------------------------------------------------------------

RootkitRevealer--> poste den scanreport
http://www.sysinternals.com/Utilities/RootkitRevealer.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.03.2006, 12:38
Harbs
Member

Themenstarter

Beiträge: 18
#21 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dpwvcfnh

*******************

Script file located at: \??\C:\WINDOWS\system32\abwmpext.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\fwsvc.sys not found!
Deletion of file C:\WINDOWS\system32\fwsvc.sys failed!

Could not process line:
C:\WINDOWS\system32\fwsvc.sys
Status: 0xc0000034

File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll deleted successfully.


File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe not found!
Deletion of file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe
Status: 0xc0000034



Could not open file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\Support.exe for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\Support.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\Support.exe
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\Updater.exe for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\Updater.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\Updater.exe
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\winav.exe for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\winav.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\winav.exe
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\manual.exe for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\manual.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\manual.exe
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll
Status: 0xc000003a



Could not open file C:\Programme\WinAntiVirus Pro 2006\pv.exe for deletion
Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.exe failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006\pv.exe
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.



C:\Programme\WinAntiVirus Pro 2006 <==== Der Ordner existiert nicht
RootkitRevealer--> poste den scanreport < ===== Da erhalte ich kein scanreport
Dieser Beitrag wurde am 19.03.2006 um 13:04 Uhr von Harbs editiert.
Seitenanfang Seitenende
19.03.2006, 12:48
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 1.
RootkitRevealer--> poste den scanreport
http://www.sysinternals.com/Utilities/RootkitRevealer.html

2.
HijackThis (StartupListe)
erstelle ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lasse

*HijackThis - Config
*List also minor sections (full) -- Häkchen setzen
*List empty sections (complete) -- Häkchen setzen
*HijackThis - Config - MiscTools -- Generate StartupListlog
*(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.03.2006, 13:15
Harbs
Member

Themenstarter

Beiträge: 18
#23 1.
RootkitRevealer--> poste den scanreport
http://www.sysinternals.com/Utilities/RootkitRevealer.html


irgendwie bekomme ich da kein scanreport


----------------------------------------------------------------------------
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
---------------------------------------------------------------------------
StartupList report, 19.03.2006, 13:13:10
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\Start\Eigene Dateien\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Start\Desktop\RootkitRevealer\RootkitRevealer.exe
C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe
C:\Dokumente und Einstellungen\Start\Eigene Dateien\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\Start\Startmenü\Programme\Autostart]
Anti-Hijacker.lnk = C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PCMService = C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
SunJavaUpdateSched = C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
zBrowser Launcher = C:\Programme\Logitech\iTouch\iTouch.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
SoundMan = SOUNDMAN.EXE
Microsoft Works Update Detection = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
Dit = Dit.exe
TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
Advanced Tools Check = C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
Nokia Tray Application = C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe
QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
snpstd = C:\WINDOWS\vsnpstd.exe
Anti-Blaxx Manager = D:\Antiblaxx an 192.168.0.254\Anti-Blaxx\Anti-Blaxx.exe
DAEMON Tools = "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
Adobe Photo Downloader = "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
HTpatch = C:\WINDOWS\htpatch.exe
I downloaded pirated Software from P2P and now I post my Hijack log whining = C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
mmtask = "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -minimize
Zone Labs Client = C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Steam =
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
STYLEXP = C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -trayboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\LavaLamp.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

AE5B97219108085D.job
XoftSpy.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Java Plug-in 1.5.0_05]
InProcServer32 = C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

[Java Plug-in 1.5.0_05]
InProcServer32 = C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll
Protocol #37: C:\WINDOWS\system32\mswsock.dll
Protocol #38: C:\WINDOWS\system32\mswsock.dll
Protocol #39: C:\WINDOWS\system32\mswsock.dll
Protocol #40: C:\WINDOWS\system32\mswsock.dll
Protocol #41: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start)
Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (autostart)
Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
Aspi32: System32\drivers\aspi32.sys (autostart)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
avast! iAVS4 Control Service: "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start)
Allied Telesyn AT-USB100 10/100 USB Ethernet Adapter: System32\DRIVERS\ATUSB100.sys (manual start)
ATWPKT: \??\C:\WINDOWS\system32\Drivers\ATWPKT.SYS (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Programme\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
AVM FRITZ!Box: system32\DRIVERS\avmunet.sys (manual start)
NDIS WAN CAPI Treiber: System32\DRIVERS\avmwan.sys (manual start)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)
MAC-Brücke: System32\DRIVERS\bridge.sys (manual start)
MAC-Brückenminiport: System32\DRIVERS\bridge.sys (manual start)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)
Bluetooth Audio: System32\DRIVERS\btaudio.sys (manual start)
Bluetooth Virtual Communications Driver: System32\DRIVERS\btport.sys (manual start)
Bluetooth-Anforderungsblocktreiber: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)
Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)
Serieller Kommunikationstreiber für Bluetooth: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth-Gerät (PAN): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth-Porttreiber: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
USB-Treiber für Bluetooth-Funkgerät: System32\Drivers\BTHUSB.sys (manual start)
Bluetooth LAN Access Server: System32\DRIVERS\btwdndis.sys (manual start)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)
MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.sys (manual start)
Untertiteldecoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system)
Indexdienst: %SystemRoot%\system32\cisvc.exe (autostart)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: system32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
AVM FRITZ!web Routing Service: C:\PROGRAMME\FRITZ!\de_serv.exe (disabled)
DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Laufwerktreiber: System32\DRIVERS\disk.sys (system)
Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start)
dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)
Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Programme\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Programme\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Programme\ewido anti-malware\ewidoguard.exe (autostart)
Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start)
Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system)
1&1 NetXXL (WinXP/2000): System32\DRIVERS\fxusbase.sys (manual start)
Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: system32\drivers\GEARAspiWDM.sys (manual start)
GEARSecurity: system32\gearsec.exe (autostart)
Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start)
Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID-zu-Joystickanschlussaktivierung: system32\DRIVERS\hidgame.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system)
Kernel Anti-Spyware Driver: \??\C:\WINDOWS\system32\drivers\ikhlayer.sys (system)
Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system)
IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start)
Intel-Prozessortreiber: System32\DRIVERS\intelppm.sys (system)
Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sys (manual start)
IPv6-Windows-Firewalltreiber: system32\drivers\ip6fw.sys (manual start)
Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start)
IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start)
Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start)
IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system)
IRCOMM: system32\drivers\Ircomm.sys (manual start)
Virtueller Infrarot-Kommunikationsanschluß: System32\DRIVERS\ircomm2k.sys (manual start)
IrDA-Protokoll: System32\DRIVERS\irda.sys (autostart)
IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start)
Infrarotüberwachung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft serieller Infrarottreiber: System32\DRIVERS\irsir.sys (manual start)
PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system)
Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-Treiber: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start)
IrBridge Kernel-Level Interface: System32\DRIVERS\krnbridg.sys (manual start)
Logitech SetPoint Keyboard Driver: System32\Drivers\L8042Kbd.sys (manual start)
Logitech SetPoint PS/2 Mouse Filter Driver: System32\Drivers\L8042mou.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech USB Filter Driver: system32\drivers\lccfltr.sys (manual start)
Logitech SetPoint HID Mouse Filter Driver: system32\DRIVERS\LHidKE.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
Logitech SetPoint USB Receiver device driver: System32\Drivers\LHidUsbK.Sys (manual start)
TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech SetPoint Mouse Filter Driver: System32\Drivers\LMouKE.sys (manual start)
Mobile Action MA-620 USB Infrared Adapter: System32\DRIVERS\MA-620.sys (manual start)
Machine Debug Manager: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mausklassentreiber: System32\DRIVERS\mouclass.sys (system)
Maus-HID-Treiber: System32\DRIVERS\mouhid.sys (manual start)
Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft IR Communications Driver: System32\DRIVERS\MSIRCOMM.sys (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start)
Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI-Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
naecd: \??\C:\DOKUME~1\herbstge\LOKALE~1\Temp\naecd.sys (manual start)
Microsoft TV-/Videoverbindung: System32\DRIVERS\NdisIP.sys (manual start)
RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start)
NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start)
RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled)
Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled)
AVM FRITZ!web PPP over ISDN: System32\DRIVERS\NETFRITZ.SYS (manual start)
NETGEAR 802.11b MA111 Driver: system32\DRIVERS\MA111nd5.sys (manual start)
Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start)
Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-Netzwerktreiber: System32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: "C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE" (autostart)
NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start)
Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start)
Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-konformer IEEE 1394-Hostcontroller: System32\DRIVERS\ohci1394.sys (system)
Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start)
PCANDIS5 Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune.sys (manual start)
Logitech QuickCam Express(PID_0920): System32\DRIVERS\LV532AV.SYS (manual start)
Plug & Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart)
WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prozessortreiber: System32\DRIVERS\processr.sys (system)
StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart)
Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Casio-Digitalkamera: System32\DRIVERS\qv2kux.sys (manual start)
Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system)
Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start)
Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system)
Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Bluetooth-Gerät (RFCOMM-Protokoll-TDI): system32\DRIVERS\rfcomm.sys (manual start)
RO: C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
RPC-Locator: %SystemRoot%\System32\locator.exe (manual start)
Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart)
Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start)
Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PC Tools Spyware Doctor: C:\Programme\Spyware Doctor\sdhelp.exe (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Treiber für seriellen Anschluss: System32\DRIVERS\serial.sys (system)
StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
High-Capacity-Diskettenlaufwerk: System32\DRIVERS\sfloppy.sys (manual start)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
USB PC Camera (SN9C102): system32\DRIVERS\snpstd.sys (manual start)
Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start)
Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Filtertreiber für Systemwiederherstellung: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
SSHDRV61: \??\C:\WINDOWS\System32\drivers\SSHDRV61.sys (system)
SSI: system32\Drivers\SSI.SYS (system)
Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA-IPSink: System32\DRIVERS\StreamIP.sys (manual start)
StyleXPHelper: \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe (system)
StyleXPService: "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (autostart)
Webroot Spy Sweeper Engine: C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{51ECA7DD-CEA3-4134-AEA7-C540872CEE88} (manual start)
SymEvent: \??\C:\Programme\Symantec\SYMEVENT.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys (manual start)
Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start)
Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system)
Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system)
Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start)
Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start)
Microsoft Standard-USB-Haupttreiber: System32\DRIVERS\usbccgp.sys (manual start)
Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB-Standardhubtreiber: System32\DRIVERS\usbhub.sys (manual start)
Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start)
USB-Scannertreiber: System32\DRIVERS\usbscan.sys (manual start)
USB-Massenspeichertreiber: System32\DRIVERS\USBSTOR.SYS (manual start)
IrBridge User-Level Interface: C:\WINDOWS\system32\usrbridg.exe (autostart)
Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)
Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)
VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start)
Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (manual start)
Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext-Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (manual start)
%DESCRIPTION%: System32\Drivers\x10uif.sys (manual start)
Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 42.724 bytes
Report generated in 0,125 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
---------------------------------------------------------------------------
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Logfile of HijackThis v1.99.1
Scan saved at 13:15:03, on 19.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Start\Desktop\RootkitRevealer\RootkitRevealer.exe
C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe
C:\Dokumente und Einstellungen\Start\Eigene Dateien\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\Antiblaxx an 192.168.0.254\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Anti-Hijacker.lnk = C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: RO - Sysinternals - www.sysinternals.com - C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Dieser Beitrag wurde am 19.03.2006 um 13:20 Uhr von Harbs editiert.
Seitenanfang Seitenende
19.03.2006, 17:13
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 1.
RootkitRevealer--> versuche es noch mal...es gibt immer einen scanreport.......

2.
gehe in die Registry
Start-->ausfuehren--> regedit

loeschen (rechts in der Registry)

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

I downloaded pirated Software from P2P and now I post my Hijack log whining = C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe

PC neustarten

-------------------------------------------------------------------------------
3.
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

Zitat

naecd: \??\C:\DOKUME~1\herbstge\LOKALE~1\Temp\naecd.sys
La presenza di quest’ultimo impedisce un’estrazione di qualità delle tracce audio.

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.03.2006, 18:37
Harbs
Member

Themenstarter

Beiträge: 18
#25 SOFTWARE 01.01.1601 01:00 0 bytes Error dumping hive: Das System kann die angegebene Datei nicht finden.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 19.01.2006 18:31 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 19.01.2006 18:31 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 19.01.2006 18:31 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 19.01.2006 18:31 32 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 19.01.2006 18:31 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 02.12.2005 13:33 0 bytes Hidden from Windows API.


-----------------------------------------------------------------------
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-----------------------------------------------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run <==== find ich nicht

C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe <===== find ich nicht

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 2
Mrz 19, 2006 18:47:10


===> Begin Service Listing <===

Unknown Service #1
Service Name: aswUpdSv
Display Name: avast! iAVS4 Control Service
Start Mode: Auto
Start Name: LocalSystem
Description: Bietet das automatische Update für avast! ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\aswupdsv.exe"
State: Running
Process ID: 1628
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #2
Service Name: avast! Antivirus
Display Name: avast! Antivirus
Start Mode: Auto
Start Name: LocalSystem
Description: Verwaltet und implementiert avast! Antivirus Dienste für diesen Computer. Dies beinhaltet den ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\ashserv.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 3
Service Name: avast! Mail Scanner
Display Name: avast! Mail Scanner
Start Mode: Manual
Start Name: LocalSystem
Description: Implementiert Mailüberprüfung durch avast! ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\ashmaisv.exe" /service
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 4
Service Name: avast! Web Scanner
Display Name: avast! Web Scanner
Start Mode: Manual
Start Name: LocalSystem
Description: Implementiert Internetüberprüfung (HTTP) durch avast! ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\ashwebsv.exe" /service
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 5
Service Name: BthServ
Display Name: Bluetooth Support Service
Start Mode: Auto
Start Name: NT AUTHORITY\LocalService
Description: ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k bthsvcs
State: Running
Process ID: 1668
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 6
Service Name: de_serv
Display Name: AVM FRITZ!web Routing Service
Start Mode: Disabled
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\fritz!\de_serv.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 7
Service Name: ewido security suite control
Display Name: ewido security suite control
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\ewido anti-malware\ewidoctrl.exe
State: Running
Process ID: 1712
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 8
Service Name: ewido security suite guard
Display Name: ewido security suite guard
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\ewido anti-malware\ewidoguard.exe
State: Running
Process ID: 1736
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 9
Service Name: kavsvc
Display Name: Kaspersky Anti-Virus service
Start Mode: Auto
Start Name: LocalSystem
Description: Gewährleistet die Antivirenfunktionalität des auf Ihrem Computer installierten Personal ...
Service Type: Own Process
Path: "c:\programme\kaspersky lab\kaspersky anti-virus personal pro\kavsvc.exe"
State: Running
Process ID: 1788
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #10
Service Name: MDM
Display Name: Machine Debug Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Manages local and remote debugging for Visual Studio ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe"
State: Running
Process ID: 1988
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #11
Service Name: NProtectService
Display Name: Norton Unerase Protection
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\norton antivirus\advtools\nprotect.exe"
State: Running
Process ID: 2016
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 12
Service Name: SDhelper
Display Name: PC Tools Spyware Doctor
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\spyware doctor\sdhelp.exe
State: Running
Process ID: 252
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #13
Service Name: StyleXPService
Display Name: StyleXPService
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\tgtsoft\stylexp\stylexpservice.exe"
State: Running
Process ID: 1056
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 14
Service Name: svcWRSSSDK
Display Name: Webroot Spy Sweeper Engine
Start Mode: Auto
Start Name: LocalSystem
Description: Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for ...
Service Type: Own Process
Path: c:\programme\webroot\spy sweeper\wrsssdk.exe
State: Running
Process ID: 376
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #15
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{51eca7dd-cea3-4134-aea7-c540872cee88}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 16
Service Name: USRBRIDG
Display Name: IrBridge User-Level Interface
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\usrbridg.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1067
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 99 Win32 services on this machine.
16 were unrecognized.

Script Execution Time: 1,609375 seconds.
Dieser Beitrag wurde am 19.03.2006 um 18:52 Uhr von Harbs editiert.
Seitenanfang Seitenende
19.03.2006, 20:31
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 scanne mit counterspy und kopiere hier den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.03.2006, 20:59
Harbs
Member

Themenstarter

Beiträge: 18
#27 is mein pc denn langsam wieder clean ?
Seitenanfang Seitenende
19.03.2006, 21:00
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 ja...aber du musst dann die WindowsUpdates laden, denn wenn du wiederkommst (beim naechsten Problem) ..und ich sehe, dass dein System weiter ungepatcht ist... wirst du bei mir auf taube Ohren stossen...........
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.03.2006, 21:14
Harbs
Member

Themenstarter

Beiträge: 18
#29 hmmm...hab ich die nicht ? .... eigentlich müsste ich ziehmlich aktuelle updates haben !?
Seitenanfang Seitenende
19.03.2006, 21:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#30 ja ...sorry...du hast sie ;)
Da hab ich dich verwechselt... nun gut. Da bleibt als Hinweis... surfe mit Bedacht ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123