Command Service und Google-Meldung |
||
---|---|---|
#0
| ||
18.10.2006, 23:09
Member
Beiträge: 36 |
||
|
||
19.10.2006, 00:31
Ehrenmitglied
Beiträge: 29434 |
#2
arbeite das ab und poste alle logs
http://board.protecus.de/t23188.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 08:14
Member
Themenstarter Beiträge: 36 |
#3
XsoftSpySE fand
Command Servicein system\currentcontrolset\services\mchinjdrv\enim\0 Command Servicein system\currentcontrolset\services\mchinjdrv\enim\count Command Servicein system\currentcontrolset\services\mchinjdrv\enim\nextinstance Command Servicein system\currentcontrolset\services\mchinjdrv\enim\deleteflag Logfile of HijackThis v1.99.1 Scan saved at 07:37:37, on 19.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe c:\windows\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe c:\windows\system32\Ati2evxx.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Brother\ControlCenter2\brctrcen.exe C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\PROGRA~1\GEMEIN~1\Lexware\INTERN~1\LxTrans.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\Rainlendar\Rainlendar.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe C:\WINDOWS\System32\alg.exe c:\windows\system32\cidaemon.exe C:\Dokumente und Einstellungen\UlP\Desktop\Tools\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ulpcom R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {834AC5A7-9D01-4BDE-A3F8-1A26D0211AC5} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - C:\Programme\WinSweep\SurfBar.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE O4 - HKLM\..\Run: [KASP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TransferManager] C:\PROGRA~1\GEMEIN~1\Lexware\INTERN~1\LxTrans.exe /Embedding O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [OdTray.exe] "C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" O4 - HKLM\..\Run: [zinit32] C:\WINDOWS\ZInit32.exe O4 - HKLM\..\Run: [ascsched] C:\WINDOWS\ascsched.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [Ad-Watch System Protector] C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - Startup: Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kanzlei-Start.lnk = C:\AGENDA\KANZLEI-START\Kanzlei32.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ? O4 - Global Startup: Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {F907EDEF-4326-4148-922A-5BA5E28B8A92} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {F907EDEF-4326-4148-922A-5BA5E28B8A92} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136918032237 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O18 - Protocol: bw+0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: offline-8876480 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe ulp - 06-10-19 7:32:23,76 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\ulp\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\taskmgr.com ((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 )))))))))))))))))))))))))))))))))) 2006-10-06 22:42 333,824 --a------ C:\WINDOWS\ascsched.exe 2006-10-06 22:42 319,488 --a------ C:\WINDOWS\NTlog.dll 2006-10-06 22:42 3,982,848 --a------ C:\WINDOWS\ZINIT32.exe 2006-10-06 22:42 25,600 --a------ C:\WINDOWS\borlndmm.dll 2006-10-06 22:42 2,465,792 --a------ C:\WINDOWS\Aguninst.exe 2006-10-04 14:31 90,112 --a------ C:\WINDOWS\system32\CActiveList.Dll 2006-10-04 14:31 77,824 --a------ C:\WINDOWS\system32\SecurityBrowser.exe 2006-10-04 14:31 5,632 --a------ C:\WINDOWS\system32\bindll.dll 2006-10-04 14:31 102,400 --a------ C:\WINDOWS\system32\CFile.Dll 2006-10-04 08:50 917,504 --a------ C:\WINDOWS\system32\WinSweep.dll 2006-09-30 09:08 94,208 --a------ C:\WINDOWS\system32\evntwin.exe 2006-09-30 09:08 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe 2006-09-30 09:08 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll 2006-09-30 09:08 39,936 --a------ C:\WINDOWS\system32\hostmib.dll 2006-09-30 09:08 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll 2006-09-30 09:08 32,768 --a------ C:\WINDOWS\system32\snmp.exe 2006-09-30 09:08 26,112 --a------ C:\WINDOWS\system32\evntcmd.exe 2006-09-30 09:08 23,040 --a------ C:\WINDOWS\system32\lpdsvc.dll 2006-09-30 09:08 19,968 --a------ C:\WINDOWS\system32\lprmon.dll 2006-09-30 09:08 108,032 --a------ C:\WINDOWS\system32\evntagnt.dll 2006-09-29 22:28 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS 2006-09-29 22:28 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2006-09-29 22:27 69,504 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2006-09-29 22:27 53,632 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2006-09-29 22:27 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe 2006-09-29 22:27 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2006-09-29 22:27 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2006-09-29 22:25 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys 2006-09-24 21:06 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2006-09-24 21:06 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2006-09-20 14:14 153,600 --a------ C:\WINDOWS\REGEDIT.COM 2006-09-20 14:14 153,600 --a------ C:\WINDOWS\R.COM 2006-09-20 14:14 140,800 --a------ C:\WINDOWS\system32\T.COM 2006-09-20 06:06 60,416 --a------ C:\WINDOWS\system32\drivers\hsccwwhw.sys 2006-09-20 06:06 1,080 --a------ C:\fayrbtho.bat 2006-09-19 12:11 60,416 --a------ C:\WINDOWS\system32\drivers\sqlxgnmj.sys 2006-09-19 12:11 126,976 --a------ C:\zip.exe 2006-09-19 12:10 437 --a------ C:\avexport.bat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-19 07:28 -------- d-------- C:\Programme\Mozilla Firefox 2006-10-19 07:15 -------- d-------- C:\Programme\CleanUp! 2006-10-19 07:05 -------- d-------- C:\Programme\Mozilla Thunderbird 2006-10-18 17:46 -------- d-------- C:\Programme\StarMoney 5.0 2006-10-16 13:05 -------- d-------- C:\Programme\Microsoft ActiveSync 2006-10-16 08:20 5050748 --a------ C:\WINDOWS\system32\msmaindb.dll 2006-10-16 08:20 119 --ah----- C:\WINDOWS\system32\SWCTL.DLL 2006-10-16 08:19 -------- d-------- C:\Programme\Kisi 2006-10-15 19:41 -------- d-------- C:\Programme\XoftSpySE 2006-10-15 16:29 -------- d-------- C:\Programme\Gemeinsame Dateien\BDElster 2006-10-14 19:03 -------- d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service 2006-10-09 10:42 -------- d-------- C:\Programme\East-Tec Eraser 2006 2006-10-06 22:30 -------- d-------- C:\Programme\WebEx 2006-10-05 09:23 -------- d-------- C:\Programme\WinSweep 2006-10-04 16:22 -------- d-------- C:\Programme\AtomicClockPro 2006-10-04 12:34 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys 2006-10-04 12:33 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys 2006-10-04 07:21 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\EAST Technologies 2006-10-04 06:40 -------- d-------- C:\Programme\abylonsoft 2006-10-03 18:55 -------- d-------- C:\Programme\Spyware Doctor 2006-09-29 22:43 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-09-29 22:43 -------- d-------- C:\Programme\MUSICMATCH 2006-09-29 22:36 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\Logitech 2006-09-29 22:28 -------- d-------- C:\Programme\Logitech 2006-09-29 22:27 -------- d-------- C:\Programme\Gemeinsame Dateien\Logitech 2006-09-29 22:27 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-29 18:16 -------- d-------- C:\Programme\Cryptainer LE 2006-09-28 06:31 -------- d-------- C:\Programme\TuneUp Utilities 2006 2006-09-25 09:46 -------- d-------- C:\Programme\svnet 2006-09-24 21:06 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\PC Tools 2006-09-22 21:40 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-09-22 21:40 -------- d-------- C:\Programme\Gemeinsame Dateien\Lexware 2006-09-22 21:39 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\InstallShield 2006-09-21 16:40 -------- d-------- C:\Programme\RegCure 2006-09-21 16:40 -------- d-------- C:\Programme\Programmverknpfungen 2006-09-21 09:52 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\Registry Booster 2006-09-21 08:36 -------- d-------- C:\Programme\FaJo 2006-09-20 10:58 -------- d-------- C:\Programme\Rainlendar 2006-09-20 09:30 -------- d-------- C:\Programme\MozBackup 2006-09-19 21:43 -------- d-------- C:\Programme\PaperOffice Professional 2006-09-19 21:14 -------- d-------- C:\Programme\CCleaner 2006-09-19 19:50 -------- d-------- C:\Programme\RegCleaner 2006-09-19 10:09 -------- d-------- C:\Programme\WinRAR 2006-09-19 09:58 -------- d-------- C:\Programme\Internet Explorer 2006-09-19 09:56 -------- d-------- C:\Programme\Gemeinsame Dateien\Funk Software 2006-09-19 09:56 -------- d-------- C:\Programme\Gemeinsame Dateien\AccSys 2006-09-17 14:49 -------- d-------- C:\Programme\Alwil Software 2006-09-16 20:26 -------- d-------- C:\Programme\klickTel 2006-09-16 20:26 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\InstallShield Installation Information 2006-09-16 20:04 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\ScanSoft 2006-09-16 20:02 -------- d-------- C:\Programme\Yahoo! 2006-09-15 08:36 1179136 --a------ C:\WINDOWS\system32\AutoPartNt.exe 2006-09-15 08:22 388000 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2006-09-15 08:22 32288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2006-09-15 08:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Acronis 2006-09-13 13:58 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe 2006-09-13 13:42 1736 --a------ C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\AdobeDLM.log 2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll 2006-09-12 17:49 82432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-09-08 23:48 99776 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2006-09-08 23:48 -------- d-------- C:\Programme\Acronis 2006-09-08 08:04 -------- d-------- C:\Programme\Biet-O-Matic 2006-09-05 15:57 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2006-08-28 21:57 -------- d-------- C:\Programme\QuickTime 2006-08-28 21:55 -------- d-------- C:\Programme\Gemeinsame Dateien\Real 2006-08-28 21:55 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\Real 2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-23 08:59 -------- d-------- C:\Programme\s25atonce 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-08-08 18:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-08-05 08:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "Ad-Watch System Protector"="C:\\Programme\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe" "TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2006\\MemOptimizer.exe\" autostart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "SetDefPrt"="C:\\Programme\\Brother\\Brmfl05a\\BrStDvPt.exe" "ControlCenter2.0"="C:\\Programme\\Brother\\ControlCenter2\\brctrcen.exe /autorun" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Security Suite\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize" "OESpamTest"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\KASPER~3\\OESpamTest.ExE" "KASP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Security Suite\\Kaspersky Anti-Spam Personal\\OESpamTest.exe\"" "Alcmtr"="ALCMTR.EXE" "vspdfprsrv.exe"="C:\\Programme\\Visagesoft\\eXPert PDF\\vspdfprsrv.exe --background" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "TransferManager"="C:\\PROGRA~1\\GEMEIN~1\\Lexware\\INTERN~1\\LxTrans.exe /Embedding" "AlcWzrd"="ALCWZRD.EXE" "SoundMan"="SOUNDMAN.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "OdTray.exe"="\"C:\\Programme\\Fujitsu Siemens Computers\\Odyssey Client for Fujitsu Siemens Computers\\OdTray.exe\"" "zinit32"="C:\\WINDOWS\\ZInit32.exe" "ascsched"="C:\\WINDOWS\\ascsched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"=dword:00000000 "NoDispCPL"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoSetFolders"=dword:00000000 "NoSetTaskbar"=dword:00000000 "NoControlPanel"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoRun"=dword:00000000 "NoFind"=dword:00000000 "NoMultiIE"=dword:00000000 "LWA"=dword:00000000 "LWB"=dword:00000000 "LWC"=dword:00000000 "LWD"=dword:00000000 "LWE"=dword:00000000 "LWF"=dword:00000000 "LWG"=dword:00000000 "LWH"=dword:00000000 "LWI"=dword:00000000 "LWJ"=dword:00000000 "LWK"=dword:00000000 "LWL"=dword:00000000 "LWM"=dword:00000000 "LWN"=dword:00000000 "LWO"=dword:00000000 "LWP"=dword:00000000 "LWQ"=dword:00000000 "LWR"=dword:00000000 "LWS"=dword:00000000 "LWT"=dword:00000000 "LWU"=dword:00000000 "LWV"=dword:00000000 "LWW"=dword:00000000 "LWX"=dword:00000000 "LWY"=dword:00000000 "LWZ"=dword:00000000 "NoDrives"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "WINSWEEP Popupblocker"="C:\\Programme\\WinSweep\\WSPopup.Exe" "WINSWEEP"="C:\\Programme\\WinSweep\\WINSWEEP.Exe /AUTO" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SMSERIAL"="sm56hlpr.exe" "Alcmtr"="ALCMTR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndexSearch" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OdTray" "hkey"="HKLM" "command"="\"C:\\Programme\\Fujitsu Siemens Computers\\Odyssey Client for Fujitsu Siemens Computers\\OdTray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pptd40nt" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SSBkgdupdate" "hkey"="HKLM" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient\event [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\RegCure.job C:\WINDOWS\tasks\XoftSpy.job C:\WINDOWS\tasks\XoftSpySE.job Completion time: 06-10-19 7:34:28.78 C:\ComboFix.txt ... 06-10-19 07:34 C:\ComboFix2.txt ... 06-09-19 22:50 Datentr„ger in Laufwerk C: ist 435979 Volumeseriennummer: B8B6-AEC5 Verzeichnis von C:\WINDOWS\system32 19.10.2006 07:24 1.158 wpa.dbl 19.10.2006 07:21 1.304.049 ikhcore.log 16.10.2006 13:25 317.152 FNTCACHE.DAT 16.10.2006 08:20 5.050.748 msmaindb.dll 16.10.2006 08:20 119 SWCTL.DLL 14.10.2006 18:18 981 mapisvc.inf 04.10.2006 22:03 9.639.336 MRT.exe 30.09.2006 09:08 402.760 perfh009.dat 30.09.2006 09:08 419.222 perfh007.dat 30.09.2006 09:08 62.366 perfc009.dat 30.09.2006 09:08 970.320 PerfStringBackup.INI 30.09.2006 09:08 76.210 perfc007.dat 19.09.2006 09:41 0 asfiles.txt 19.09.2006 09:38 2.550 Uninstall.ico 19.09.2006 09:38 1.406 Help.ico 19.09.2006 09:38 30.590 pavas.ico 17.09.2006 14:49 3.002 CONFIG.NT 15.09.2006 08:37 1.024 AutoPartNt.let 15.09.2006 08:36 1.179.136 AutoPartNt.exe 13.09.2006 07:02 1.084.416 msxml3.dll 12.09.2006 17:51 1.245.184 msxml4.dll 12.09.2006 17:49 82.432 msxml4r.dll 05.09.2006 15:57 24.072 uxtuneup.dll 04.09.2006 08:13 1.497.088 shdocvw.dll 25.08.2006 17:46 617.472 comctl32.dll 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 16.08.2006 13:58 100.352 6to4svc.dll 08.08.2006 18:53 635.520 aswBoot.exe 05.08.2006 08:18 90.112 AVASTSS.scr 02.08.2006 12:39 73.728 asuninst.exe Datentr„ger in Laufwerk C: ist 435979 Volumeseriennummer: B8B6-AEC5 Verzeichnis von C:\DOKUME~1\ulp~1\LOKALE~1\Temp 19.10.2006 07:56 632 ~WRS0000.tmp 19.10.2006 07:56 512 ~DFD73A.tmp 19.10.2006 07:56 512 ~DFBB1C.tmp 19.10.2006 07:24 262.144 ima6.tmp 19.10.2006 07:24 262.144 ima5.tmp 19.10.2006 07:23 0 BCG4.tmp 19.10.2006 07:23 16.384 Perflib_Perfdata_610.dat 29.09.2006 22:28 24.613 IadHide5.dll 8 Datei(en) 566.941 Bytes 0 Verzeichnis(se), 42.010.521.600 Bytes frei Datentr„ger in Laufwerk C: ist 435979 Volumeseriennummer: B8B6-AEC5 Verzeichnis von C:\WINDOWS 19.10.2006 07:23 6.104 ModemLog_Bluetooth DUN Modem.txt 19.10.2006 07:23 6.098 ModemLog_Bluetooth Fax Modem.txt 19.10.2006 07:23 259 wiadebug.log 19.10.2006 07:23 0 0.log 19.10.2006 07:23 4.126 ModemLog_Motorola SM56 Data Fax Modem.txt 19.10.2006 07:22 1.513.499 WindowsUpdate.log 19.10.2006 07:22 50 wiaservc.log 19.10.2006 07:22 215 Aroey95.ini 19.10.2006 07:22 31 LxTrans.INI 19.10.2006 07:21 2.048 bootstat.dat 19.10.2006 07:19 32.574 SchedLgU.Txt 16.10.2006 14:29 26 Lic.xxx 16.10.2006 13:10 812 win.ini 16.10.2006 13:06 400 ODBC.INI 15.10.2006 16:29 436 tm.ini 14.10.2006 19:05 35 tdf.dii 09.10.2006 15:58 72 EurekaLog.ini 08.10.2006 16:51 73.728 ALCFDRTM.VER 06.10.2006 22:50 4.885 Aguninst.inf 05.10.2006 18:40 116 NeroDigital.ini 04.10.2006 06:46 79 SAWReg.ini 29.09.2006 22:28 118.784 bwUnin-7.2.0.137-8876480SL.exe 29.09.2006 17:21 734 Brpfx04a.ini 29.09.2006 17:19 2.591 A-T-PDF.ini 25.09.2006 18:17 10.327 mozver.dat 25.09.2006 09:46 4.359 ODBCINST.INI 21.09.2006 07:55 227 system.ini 16.09.2006 19:52 175 ktel.ini 09.09.2006 14:57 243 dateiliste.lis 09.09.2006 14:57 1.146 lernkartei.ini 28.08.2006 13:13 54.156 QTFont.qfn 23.07.2006 20:19 2.510 Microsoft.MIF Datentr„ger in Laufwerk C: ist 435979 Volumeseriennummer: B8B6-AEC5 Verzeichnis von C:\WINDOWS\Temp 19.10.2006 07:22 16.384 Perflib_Perfdata_830.dat 19.10.2006 07:22 16.384 Perflib_Perfdata_58c.dat 2 Datei(en) 32.768 Bytes 0 Verzeichnis(se), 42.010.230.784 Bytes frei Datentr„ger in Laufwerk C: ist 435979 Volumeseriennummer: B8B6-AEC5 Verzeichnis von C:\WINDOWS\Downloaded Program Files 24.08.2006 08:28 141.424 asinst.dll 22.08.2006 09:06 537 asinst.inf 11.07.2006 09:41 345.656 ewidoOnlineScan.dll 01.06.2006 02:57 1.331 oscan8.inf 01.06.2006 02:54 471.040 oscan8.ocx 31.05.2006 04:15 10 oscan81.ocx_x 26.04.2006 08:31 880.640 asquared.ocx 24.10.2005 04:16 65 desktop.ini 30.06.2005 13:38 218.816 ExentCtl.ocx 26.05.2005 05:19 293 muweb.inf 09.03.2005 15:44 7.276 scanoptions.tsi 09.03.2005 15:34 7.225 lang.ini 02.03.2005 13:43 126 live.ini 01.03.2005 14:08 53.248 ipsupd.dll 01.03.2005 14:08 118.784 bdupd.dll 07.12.2004 16:07 32 bdcore.dll 07.12.2004 16:07 32 libfn.dll 06.08.2004 15:42 64 uhr.bat 16.10.2003 14:55 299.008 isusweb.dll 25.07.2002 18:13 24.576 dwusplay.dll 25.07.2002 18:13 196.608 dwusplay.exe 21 Datei(en) 2.766.791 Bytes 0 Verzeichnis(se), 42.010.333.184 Bytes frei Datentr„ger in Laufwerk C: ist 435979 Volumeseriennummer: B8B6-AEC5 Verzeichnis von C:\ 19.10.2006 07:59 0 sys.txt 19.10.2006 07:58 1.265 down.txt 19.10.2006 07:58 344 tmp.txt 19.10.2006 07:57 7.281 system.txt 19.10.2006 07:57 637 systemtemp.txt 19.10.2006 07:53 112.914 system32.txt 19.10.2006 07:34 17.156 ComboFix.txt 19.10.2006 07:21 1.073.139.712 hiberfil.sys 19.10.2006 07:21 1.610.612.736 pagefile.sys 16.10.2006 14:30 3 AVPCallback.log 09.10.2006 00:15 0 23990098.$$$ 08.10.2006 22:17 2.207 smitfiles.txt 06.10.2006 23:54 202 TO_InstallLog.txt 21.09.2006 07:55 191 boot.ini 20.09.2006 06:07 1.794 avenger.txt 20.09.2006 06:06 1.080 fayrbtho.bat 19.09.2006 22:50 15.299 ComboFix2.txt 19.09.2006 12:11 126.976 zip.exe 19.09.2006 12:10 437 avexport.bat 18.09.2006 21:54 312.925 filelist.txt 28.08.2006 22:42 1.384 scripts-.log 23.07.2006 20:32 52.736 0TMCDemo.001 23.07.2006 20:32 268 ROYALT~1.000 23.07.2006 20:32 40.448 00RDSTMC.002 15.07.2006 22:09 10.667 mxfilerelatedcache.mxc2 |
|
|
||
19.10.2006, 12:10
Ehrenmitglied
Beiträge: 29434 |
#4
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 12:44
Member
Themenstarter Beiträge: 36 |
#5
Hallo,
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 1813 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\sbuckomk ******************* Script file located at: \??\C:\WINDOWS\system32\tpiqerbk.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchinjdrv deleted successfully. Completed script processing. ******************* Finished! Terminate. Aber XsoftSpySE findet immer noch 4x command service LG ulp |
|
|
||
19.10.2006, 13:15
Ehrenmitglied
Beiträge: 29434 |
#6
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinkopieren) mchinjdrv in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 13:46
Member
Themenstarter Beiträge: 36 |
#7
Hallo,
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.10.2006 13:41:42 for strings: ; 'mchinjdrv' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000] "Service"="mchInjDrv" "DeviceDesc"="mchInjDrv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control] "ActiveService"="mchInjDrv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum] "0"="Root\\LEGACY_MCHINJDRV\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000] "Service"="mchInjDrv" "DeviceDesc"="mchInjDrv" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000] "Service"="mchInjDrv" "DeviceDesc"="mchInjDrv" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control] "ActiveService"="mchInjDrv" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum] "0"="Root\\LEGACY_MCHINJDRV\\0000" ; End Of The Log... LG ulp |
|
|
||
19.10.2006, 13:55
Ehrenmitglied
Beiträge: 29434 |
#8
««
Start > Ausfuehren --> reinschreiben --> cmd.exe und ok. kopiere rein und poste alles, was im Texteditor erscheint dir /s /a "c:\mchInjDrv*.*" > c:\find.txt & start notepad c:\find.txt ---------------------------------------- ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren ---------------------------------------- «« Avenger Zitat registry keys to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 14:31
Member
Themenstarter Beiträge: 36 |
#9
Hallo,
Start > Ausfuehren --> reinschreiben --> cmd.exe und ok. kopiere rein und poste alles, was im Texteditor erscheint dir /s /a "c:\mchInjDrv*.*" > c:\find.txt & start notepad c:\find.txt dann kommt: Datei nicht gefunden LG ulp |
|
|
||
19.10.2006, 15:29
Ehrenmitglied
Beiträge: 29434 |
#10
dann gibt es die datei nicht mehr, nur noch den dienst...arbeite alles weitere ab
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 15:47
Member
Themenstarter Beiträge: 36 |
#11
Hallo,
bei "doppelklick auf die datei ServiceFilter.vbs" kommt die Meldung: "Der Zugriff auf Windows Script Host wurde für diesen PC deaktiviert. Wenden Sie sich an den Admin." Wie aktiviert man das? LG ulp |
|
|
||
19.10.2006, 16:17
Ehrenmitglied
Beiträge: 29434 |
#12
ganz unten auf der seite:
http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 17:06
Member
Themenstarter Beiträge: 36 |
#13
Hallo,
Service-Filter: The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Home Edition Version: 5.1.2600 Service Pack 2 Okt 19, 2006 16:53:17 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AccWLSvc Display Name: AccSys WiFi Server Start Mode: Auto Start Name: LocalSystem Description: Dient der Konfiguration von ... Service Type: Own Process Path: c:\programme\gemeinsame dateien\accsys\accwlsvc.exe State: Running Process ID: 1760 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #2 Service Name: AcrSch2Svc Display Name: Acronis Scheduler2 Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\acronis\schedule2\schedul2.exe" State: Running Process ID: 1780 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #3 Service Name: aswUpdSv Display Name: avast! iAVS4 Control Service Start Mode: Disabled Start Name: LocalSystem Description: Bietet das automatische Update für avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\aswupdsv.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #4 Service Name: avast! Antivirus Display Name: avast! Antivirus Start Mode: Disabled Start Name: LocalSystem Description: Verwaltet und implementiert avast! Antivirus Dienste für diesen Computer. Dies beinhaltet den ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashserv.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 5 Service Name: avast! Mail Scanner Display Name: avast! Mail Scanner Start Mode: Disabled Start Name: LocalSystem Description: Implementiert Mailüberprüfung durch avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashmaisv.exe" /service State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: avast! Web Scanner Display Name: avast! Web Scanner Start Mode: Disabled Start Name: LocalSystem Description: Implementiert Internetüberprüfung (HTTP) durch avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashwebsv.exe" /service State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 7 Service Name: BlueSoleil Hid Service Display Name: BlueSoleil Hid Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\ivt corporation\bluesoleil\btntservice.exe State: Running Process ID: 1828 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 8 Service Name: Brother XP spl Service Display Name: BrSplService Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\brsvc01a.exe State: Running Process ID: 1508 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 9 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 10 Service Name: InterBaseGuardian Display Name: InterBaseGuardian Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\progra~1\borland\interb~1\bin\ibguard.exe -s State: Running Process ID: 1880 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 11 Service Name: InterBaseServer Display Name: InterBaseServer Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\progra~1\borland\interb~1\bin\ibserver.exe -s -g State: Running Process ID: 1680 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 12 Service Name: kavsvc Display Name: kavsvc Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\kavsvc.exe" State: Running Process ID: 1908 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: LPDSVC Display Name: TCP/IP-Druckserver Start Mode: Manual Start Name: LocalSystem Description: Bietet einen TCP/IP-basierten Druckdienst, der das 'Line Printer'-Protokoll ... Service Type: Share Process Path: c:\windows\system32\tcpsvcs.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #14 Service Name: MDM Display Name: Machine Debug Manager Start Mode: Auto Start Name: LocalSystem Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe" State: Running Process ID: 1924 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 15 Service Name: MSSQL$MICROSOFTSMLBIZ Display Name: MSSQL$MICROSOFTSMLBIZ Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\microsoft sql server\mssql$microsoftsmlbiz\binn\sqlservr.exe" -smicrosoftsmlbiz State: Running Process ID: 2008 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 16 Service Name: MSSQLServerADHelper Display Name: MSSQLServerADHelper Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\microsoft sql server\80\tools\binn\sqladhlp.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 17 Service Name: odClientService Display Name: Odyssey Client for Fujitsu Siemens Computers Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\fujitsu siemens computers\odyssey client for fujitsu siemens computers\odclientservice.exe" State: Running Process ID: 1220 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #18 Service Name: ose Display Name: Office Source Engine Start Mode: Manual Start Name: LocalSystem Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist für den ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 19 Service Name: SDhelper Display Name: PC Tools Spyware Doctor Start Mode: Auto Start Name: LocalSystem Description: Provides spyware and malware protection for the system. If this service is disabled spyware ... Service Type: Own Process Path: c:\programme\spyware doctor\sdhelp.exe State: Running Process ID: 212 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 20 Service Name: SQLAgent$MICROSOFTSMLBIZ Display Name: SQLAgent$MICROSOFTSMLBIZ Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\microsoft sql server\mssql$microsoftsmlbiz\binn\sqlagent.exe" -i microsoftsmlbiz State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #21 Service Name: ssoftservice Display Name: Cryptainer service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: ssoftsrv.exe State: Running Process ID: 408 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #22 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{2d61d5ec-8396-4cc5-8d62-71759ffc218c} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 23 Service Name: UxTuneUp Display Name: TuneUp Designerweiterung Start Mode: Auto Start Name: LocalSystem Description: Ermöglicht die Verwendung von Designs ohne Microsoft Visual Style ... Service Type: Share Process Path: c:\windows\system32\svchost.exe -k netsvcs State: Running Process ID: 1032 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr ---> End Service Listing <--- There are 104 Win32 services on this machine. 23 were unrecognized. Script Execution Time: 1,828125 seconds. Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jdhgqwps ******************* Script file located at: \??\C:\WINDOWS\ulquomdu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. LG ulp |
|
|
||
mein Antispywareprogramm XoftSpySE findet in vier Dateien
"Command Service". Ich kann den "Schädling" problemlos entfernen, er ist aber nach Neustart wieder da.
Zusätzlich bekomme ich von Google ab- und an dieMeldung, dass ständig Daten von meinem PC gesand werden. Wenn ich nicht eine Buchstabenkombination eingeben wolle, werde die Verbindung getrennt und ich solle mein System in der Zwischenzeit mit einem Antivirenprogramm überprüfen.
Was kann ich damachen?
Danke
LG ulp