Home » Viren, Trojaner & Malware Forum » Command Service und Google-Meldung » Themenansicht

Command Service und Google-Meldung
#0
18.10.2006, 23:09
ulp
Member

Beiträge: 36
#1 Hallo,

mein Antispywareprogramm XoftSpySE findet in vier Dateien
"Command Service". Ich kann den "Schädling" problemlos entfernen, er ist aber nach Neustart wieder da.

Zusätzlich bekomme ich von Google ab- und an dieMeldung, dass ständig Daten von meinem PC gesand werden. Wenn ich nicht eine Buchstabenkombination eingeben wolle, werde die Verbindung getrennt und ich solle mein System in der Zwischenzeit mit einem Antivirenprogramm überprüfen.

Was kann ich damachen?

Danke

LG ulp
Seitenanfang Seitenende
19.10.2006, 00:31
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 arbeite das ab und poste alle logs
http://board.protecus.de/t23188.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 08:14
ulp
Member

Themenstarter

Beiträge: 36
#3 XsoftSpySE fand
Command Servicein system\currentcontrolset\services\mchinjdrv\enim\0
Command Servicein system\currentcontrolset\services\mchinjdrv\enim\count
Command Servicein system\currentcontrolset\services\mchinjdrv\enim\nextinstance
Command Servicein system\currentcontrolset\services\mchinjdrv\enim\deleteflag


Logfile of HijackThis v1.99.1
Scan saved at 07:37:37, on 19.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\PROGRA~1\GEMEIN~1\Lexware\INTERN~1\LxTrans.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programme\Rainlendar\Rainlendar.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\Programme\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
c:\windows\system32\cidaemon.exe
C:\Dokumente und Einstellungen\UlP\Desktop\Tools\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ulpcom
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {834AC5A7-9D01-4BDE-A3F8-1A26D0211AC5} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - C:\Programme\WinSweep\SurfBar.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [KASP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TransferManager] C:\PROGRA~1\GEMEIN~1\Lexware\INTERN~1\LxTrans.exe /Embedding
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OdTray.exe] "C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [zinit32] C:\WINDOWS\ZInit32.exe
O4 - HKLM\..\Run: [ascsched] C:\WINDOWS\ascsched.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Ad-Watch System Protector] C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Startup: Rainlendar.lnk = C:\Programme\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kanzlei-Start.lnk = C:\AGENDA\KANZLEI-START\Kanzlei32.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {F907EDEF-4326-4148-922A-5BA5E28B8A92} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {F907EDEF-4326-4148-922A-5BA5E28B8A92} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136918032237
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bw+0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {F88CE082-599B-4749-BAF8-AC988B7F8B47} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Programme\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe


ulp - 06-10-19 7:32:23,76 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\ulp\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))


2006-10-06 22:42 333,824 --a------ C:\WINDOWS\ascsched.exe
2006-10-06 22:42 319,488 --a------ C:\WINDOWS\NTlog.dll
2006-10-06 22:42 3,982,848 --a------ C:\WINDOWS\ZINIT32.exe
2006-10-06 22:42 25,600 --a------ C:\WINDOWS\borlndmm.dll
2006-10-06 22:42 2,465,792 --a------ C:\WINDOWS\Aguninst.exe
2006-10-04 14:31 90,112 --a------ C:\WINDOWS\system32\CActiveList.Dll
2006-10-04 14:31 77,824 --a------ C:\WINDOWS\system32\SecurityBrowser.exe
2006-10-04 14:31 5,632 --a------ C:\WINDOWS\system32\bindll.dll
2006-10-04 14:31 102,400 --a------ C:\WINDOWS\system32\CFile.Dll
2006-10-04 08:50 917,504 --a------ C:\WINDOWS\system32\WinSweep.dll
2006-09-30 09:08 94,208 --a------ C:\WINDOWS\system32\evntwin.exe
2006-09-30 09:08 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2006-09-30 09:08 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2006-09-30 09:08 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2006-09-30 09:08 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2006-09-30 09:08 32,768 --a------ C:\WINDOWS\system32\snmp.exe
2006-09-30 09:08 26,112 --a------ C:\WINDOWS\system32\evntcmd.exe
2006-09-30 09:08 23,040 --a------ C:\WINDOWS\system32\lpdsvc.dll
2006-09-30 09:08 19,968 --a------ C:\WINDOWS\system32\lprmon.dll
2006-09-30 09:08 108,032 --a------ C:\WINDOWS\system32\evntagnt.dll
2006-09-29 22:28 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2006-09-29 22:28 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-09-29 22:27 69,504 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2006-09-29 22:27 53,632 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2006-09-29 22:27 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-09-29 22:27 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2006-09-29 22:27 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2006-09-29 22:25 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2006-09-24 21:06 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-09-24 21:06 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-09-20 14:14 153,600 --a------ C:\WINDOWS\REGEDIT.COM
2006-09-20 14:14 153,600 --a------ C:\WINDOWS\R.COM
2006-09-20 14:14 140,800 --a------ C:\WINDOWS\system32\T.COM
2006-09-20 06:06 60,416 --a------ C:\WINDOWS\system32\drivers\hsccwwhw.sys
2006-09-20 06:06 1,080 --a------ C:\fayrbtho.bat
2006-09-19 12:11 60,416 --a------ C:\WINDOWS\system32\drivers\sqlxgnmj.sys
2006-09-19 12:11 126,976 --a------ C:\zip.exe
2006-09-19 12:10 437 --a------ C:\avexport.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-19 07:28 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-19 07:15 -------- d-------- C:\Programme\CleanUp!
2006-10-19 07:05 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-10-18 17:46 -------- d-------- C:\Programme\StarMoney 5.0
2006-10-16 13:05 -------- d-------- C:\Programme\Microsoft ActiveSync
2006-10-16 08:20 5050748 --a------ C:\WINDOWS\system32\msmaindb.dll
2006-10-16 08:20 119 --ah----- C:\WINDOWS\system32\SWCTL.DLL
2006-10-16 08:19 -------- d-------- C:\Programme\Kisi
2006-10-15 19:41 -------- d-------- C:\Programme\XoftSpySE
2006-10-15 16:29 -------- d-------- C:\Programme\Gemeinsame Dateien\BDElster
2006-10-14 19:03 -------- d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2006-10-09 10:42 -------- d-------- C:\Programme\East-Tec Eraser 2006
2006-10-06 22:30 -------- d-------- C:\Programme\WebEx
2006-10-05 09:23 -------- d-------- C:\Programme\WinSweep
2006-10-04 16:22 -------- d-------- C:\Programme\AtomicClockPro
2006-10-04 12:34 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-04 12:33 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-04 07:21 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\EAST Technologies
2006-10-04 06:40 -------- d-------- C:\Programme\abylonsoft
2006-10-03 18:55 -------- d-------- C:\Programme\Spyware Doctor
2006-09-29 22:43 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-29 22:43 -------- d-------- C:\Programme\MUSICMATCH
2006-09-29 22:36 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\Logitech
2006-09-29 22:28 -------- d-------- C:\Programme\Logitech
2006-09-29 22:27 -------- d-------- C:\Programme\Gemeinsame Dateien\Logitech
2006-09-29 22:27 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-29 18:16 -------- d-------- C:\Programme\Cryptainer LE
2006-09-28 06:31 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-09-25 09:46 -------- d-------- C:\Programme\svnet
2006-09-24 21:06 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\PC Tools
2006-09-22 21:40 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-09-22 21:40 -------- d-------- C:\Programme\Gemeinsame Dateien\Lexware
2006-09-22 21:39 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\InstallShield
2006-09-21 16:40 -------- d-------- C:\Programme\RegCure
2006-09-21 16:40 -------- d-------- C:\Programme\Programmverknpfungen
2006-09-21 09:52 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\Registry Booster
2006-09-21 08:36 -------- d-------- C:\Programme\FaJo
2006-09-20 10:58 -------- d-------- C:\Programme\Rainlendar
2006-09-20 09:30 -------- d-------- C:\Programme\MozBackup
2006-09-19 21:43 -------- d-------- C:\Programme\PaperOffice Professional
2006-09-19 21:14 -------- d-------- C:\Programme\CCleaner
2006-09-19 19:50 -------- d-------- C:\Programme\RegCleaner
2006-09-19 10:09 -------- d-------- C:\Programme\WinRAR
2006-09-19 09:58 -------- d-------- C:\Programme\Internet Explorer
2006-09-19 09:56 -------- d-------- C:\Programme\Gemeinsame Dateien\Funk Software
2006-09-19 09:56 -------- d-------- C:\Programme\Gemeinsame Dateien\AccSys
2006-09-17 14:49 -------- d-------- C:\Programme\Alwil Software
2006-09-16 20:26 -------- d-------- C:\Programme\klickTel
2006-09-16 20:26 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\InstallShield Installation Information
2006-09-16 20:04 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\ScanSoft
2006-09-16 20:02 -------- d-------- C:\Programme\Yahoo!
2006-09-15 08:36 1179136 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2006-09-15 08:22 388000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2006-09-15 08:22 32288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2006-09-15 08:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Acronis
2006-09-13 13:58 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-09-13 13:42 1736 --a------ C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\AdobeDLM.log
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-12 17:49 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-09-08 23:48 99776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2006-09-08 23:48 -------- d-------- C:\Programme\Acronis
2006-09-08 08:04 -------- d-------- C:\Programme\Biet-O-Matic
2006-09-05 15:57 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-08-28 21:57 -------- d-------- C:\Programme\QuickTime
2006-08-28 21:55 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-08-28 21:55 -------- d-------- C:\Dokumente und Einstellungen\ulp\Anwendungsdaten\Real
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 08:59 -------- d-------- C:\Programme\s25atonce
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-08 18:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-05 08:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Ad-Watch System Protector"="C:\\Programme\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe"
"TuneUp MemOptimizer"="\"C:\\Programme\\TuneUp Utilities 2006\\MemOptimizer.exe\" autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"SetDefPrt"="C:\\Programme\\Brother\\Brmfl05a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Programme\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Security Suite\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"OESpamTest"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\KASPER~3\\OESpamTest.ExE"
"KASP"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Security Suite\\Kaspersky Anti-Spam Personal\\OESpamTest.exe\""
"Alcmtr"="ALCMTR.EXE"
"vspdfprsrv.exe"="C:\\Programme\\Visagesoft\\eXPert PDF\\vspdfprsrv.exe --background"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TransferManager"="C:\\PROGRA~1\\GEMEIN~1\\Lexware\\INTERN~1\\LxTrans.exe /Embedding"
"AlcWzrd"="ALCWZRD.EXE"
"SoundMan"="SOUNDMAN.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"OdTray.exe"="\"C:\\Programme\\Fujitsu Siemens Computers\\Odyssey Client for Fujitsu Siemens Computers\\OdTray.exe\""
"zinit32"="C:\\WINDOWS\\ZInit32.exe"
"ascsched"="C:\\WINDOWS\\ascsched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=dword:00000000
"NoDispCPL"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoControlPanel"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoRun"=dword:00000000
"NoFind"=dword:00000000
"NoMultiIE"=dword:00000000
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000
"NoDrives"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"WINSWEEP Popupblocker"="C:\\Programme\\WinSweep\\WSPopup.Exe"
"WINSWEEP"="C:\\Programme\\WinSweep\\WINSWEEP.Exe /AUTO"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SMSERIAL"="sm56hlpr.exe"
"Alcmtr"="ALCMTR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OdTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Fujitsu Siemens Computers\\Odyssey Client for Fujitsu Siemens Computers\\OdTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient\event

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpy.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 06-10-19 7:34:28.78
C:\ComboFix.txt ... 06-10-19 07:34
C:\ComboFix2.txt ... 06-09-19 22:50

Datentr„ger in Laufwerk C: ist 435979
Volumeseriennummer: B8B6-AEC5

Verzeichnis von C:\WINDOWS\system32

19.10.2006 07:24 1.158 wpa.dbl
19.10.2006 07:21 1.304.049 ikhcore.log
16.10.2006 13:25 317.152 FNTCACHE.DAT
16.10.2006 08:20 5.050.748 msmaindb.dll
16.10.2006 08:20 119 SWCTL.DLL
14.10.2006 18:18 981 mapisvc.inf
04.10.2006 22:03 9.639.336 MRT.exe
30.09.2006 09:08 402.760 perfh009.dat
30.09.2006 09:08 419.222 perfh007.dat
30.09.2006 09:08 62.366 perfc009.dat
30.09.2006 09:08 970.320 PerfStringBackup.INI
30.09.2006 09:08 76.210 perfc007.dat
19.09.2006 09:41 0 asfiles.txt
19.09.2006 09:38 2.550 Uninstall.ico
19.09.2006 09:38 1.406 Help.ico
19.09.2006 09:38 30.590 pavas.ico
17.09.2006 14:49 3.002 CONFIG.NT
15.09.2006 08:37 1.024 AutoPartNt.let
15.09.2006 08:36 1.179.136 AutoPartNt.exe
13.09.2006 07:02 1.084.416 msxml3.dll
12.09.2006 17:51 1.245.184 msxml4.dll
12.09.2006 17:49 82.432 msxml4r.dll
05.09.2006 15:57 24.072 uxtuneup.dll
04.09.2006 08:13 1.497.088 shdocvw.dll
25.08.2006 17:46 617.472 comctl32.dll
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
16.08.2006 13:58 100.352 6to4svc.dll
08.08.2006 18:53 635.520 aswBoot.exe
05.08.2006 08:18 90.112 AVASTSS.scr
02.08.2006 12:39 73.728 asuninst.exe

Datentr„ger in Laufwerk C: ist 435979
Volumeseriennummer: B8B6-AEC5

Verzeichnis von C:\DOKUME~1\ulp~1\LOKALE~1\Temp

19.10.2006 07:56 632 ~WRS0000.tmp
19.10.2006 07:56 512 ~DFD73A.tmp
19.10.2006 07:56 512 ~DFBB1C.tmp
19.10.2006 07:24 262.144 ima6.tmp
19.10.2006 07:24 262.144 ima5.tmp
19.10.2006 07:23 0 BCG4.tmp
19.10.2006 07:23 16.384 Perflib_Perfdata_610.dat
29.09.2006 22:28 24.613 IadHide5.dll
8 Datei(en) 566.941 Bytes
0 Verzeichnis(se), 42.010.521.600 Bytes frei

Datentr„ger in Laufwerk C: ist 435979
Volumeseriennummer: B8B6-AEC5

Verzeichnis von C:\WINDOWS

19.10.2006 07:23 6.104 ModemLog_Bluetooth DUN Modem.txt
19.10.2006 07:23 6.098 ModemLog_Bluetooth Fax Modem.txt
19.10.2006 07:23 259 wiadebug.log
19.10.2006 07:23 0 0.log
19.10.2006 07:23 4.126 ModemLog_Motorola SM56 Data Fax Modem.txt
19.10.2006 07:22 1.513.499 WindowsUpdate.log
19.10.2006 07:22 50 wiaservc.log
19.10.2006 07:22 215 Aroey95.ini
19.10.2006 07:22 31 LxTrans.INI
19.10.2006 07:21 2.048 bootstat.dat
19.10.2006 07:19 32.574 SchedLgU.Txt
16.10.2006 14:29 26 Lic.xxx
16.10.2006 13:10 812 win.ini
16.10.2006 13:06 400 ODBC.INI
15.10.2006 16:29 436 tm.ini
14.10.2006 19:05 35 tdf.dii
09.10.2006 15:58 72 EurekaLog.ini
08.10.2006 16:51 73.728 ALCFDRTM.VER
06.10.2006 22:50 4.885 Aguninst.inf
05.10.2006 18:40 116 NeroDigital.ini
04.10.2006 06:46 79 SAWReg.ini
29.09.2006 22:28 118.784 bwUnin-7.2.0.137-8876480SL.exe
29.09.2006 17:21 734 Brpfx04a.ini
29.09.2006 17:19 2.591 A-T-PDF.ini
25.09.2006 18:17 10.327 mozver.dat
25.09.2006 09:46 4.359 ODBCINST.INI
21.09.2006 07:55 227 system.ini
16.09.2006 19:52 175 ktel.ini
09.09.2006 14:57 243 dateiliste.lis
09.09.2006 14:57 1.146 lernkartei.ini
28.08.2006 13:13 54.156 QTFont.qfn
23.07.2006 20:19 2.510 Microsoft.MIF

Datentr„ger in Laufwerk C: ist 435979
Volumeseriennummer: B8B6-AEC5

Verzeichnis von C:\WINDOWS\Temp

19.10.2006 07:22 16.384 Perflib_Perfdata_830.dat
19.10.2006 07:22 16.384 Perflib_Perfdata_58c.dat
2 Datei(en) 32.768 Bytes
0 Verzeichnis(se), 42.010.230.784 Bytes frei

Datentr„ger in Laufwerk C: ist 435979
Volumeseriennummer: B8B6-AEC5

Verzeichnis von C:\WINDOWS\Downloaded Program Files

24.08.2006 08:28 141.424 asinst.dll
22.08.2006 09:06 537 asinst.inf
11.07.2006 09:41 345.656 ewidoOnlineScan.dll
01.06.2006 02:57 1.331 oscan8.inf
01.06.2006 02:54 471.040 oscan8.ocx
31.05.2006 04:15 10 oscan81.ocx_x
26.04.2006 08:31 880.640 asquared.ocx
24.10.2005 04:16 65 desktop.ini
30.06.2005 13:38 218.816 ExentCtl.ocx
26.05.2005 05:19 293 muweb.inf
09.03.2005 15:44 7.276 scanoptions.tsi
09.03.2005 15:34 7.225 lang.ini
02.03.2005 13:43 126 live.ini
01.03.2005 14:08 53.248 ipsupd.dll
01.03.2005 14:08 118.784 bdupd.dll
07.12.2004 16:07 32 bdcore.dll
07.12.2004 16:07 32 libfn.dll
06.08.2004 15:42 64 uhr.bat
16.10.2003 14:55 299.008 isusweb.dll
25.07.2002 18:13 24.576 dwusplay.dll
25.07.2002 18:13 196.608 dwusplay.exe
21 Datei(en) 2.766.791 Bytes
0 Verzeichnis(se), 42.010.333.184 Bytes frei

Datentr„ger in Laufwerk C: ist 435979
Volumeseriennummer: B8B6-AEC5

Verzeichnis von C:\

19.10.2006 07:59 0 sys.txt
19.10.2006 07:58 1.265 down.txt
19.10.2006 07:58 344 tmp.txt
19.10.2006 07:57 7.281 system.txt
19.10.2006 07:57 637 systemtemp.txt
19.10.2006 07:53 112.914 system32.txt
19.10.2006 07:34 17.156 ComboFix.txt
19.10.2006 07:21 1.073.139.712 hiberfil.sys
19.10.2006 07:21 1.610.612.736 pagefile.sys
16.10.2006 14:30 3 AVPCallback.log
09.10.2006 00:15 0 23990098.$$$
08.10.2006 22:17 2.207 smitfiles.txt
06.10.2006 23:54 202 TO_InstallLog.txt
21.09.2006 07:55 191 boot.ini
20.09.2006 06:07 1.794 avenger.txt
20.09.2006 06:06 1.080 fayrbtho.bat
19.09.2006 22:50 15.299 ComboFix2.txt
19.09.2006 12:11 126.976 zip.exe
19.09.2006 12:10 437 avexport.bat
18.09.2006 21:54 312.925 filelist.txt
28.08.2006 22:42 1.384 scripts-.log
23.07.2006 20:32 52.736 0TMCDemo.001
23.07.2006 20:32 268 ROYALT~1.000
23.07.2006 20:32 40.448 00RDSTMC.002
15.07.2006 22:09 10.667 mxfilerelatedcache.mxc2
Seitenanfang Seitenende
19.10.2006, 12:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchinjdrv
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 12:44
ulp
Member

Themenstarter

Beiträge: 36
#5 Hallo,

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sbuckomk

*******************

Script file located at: \??\C:\WINDOWS\system32\tpiqerbk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchinjdrv deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Aber XsoftSpySE findet immer noch 4x command service

LG ulp
Seitenanfang Seitenende
19.10.2006, 13:15
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinkopieren)

mchinjdrv

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 13:46
ulp
Member

Themenstarter

Beiträge: 36
#7 Hallo,

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 19.10.2006 13:41:42 for strings:
; 'mchinjdrv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
"0"="Root\\LEGACY_MCHINJDRV\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]
"0"="Root\\LEGACY_MCHINJDRV\\0000"

; End Of The Log...

LG ulp
Seitenanfang Seitenende
19.10.2006, 13:55
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 ««
Start > Ausfuehren --> reinschreiben --> cmd.exe
und ok. kopiere rein und poste alles, was im Texteditor erscheint

dir /s /a "c:\mchInjDrv*.*" > c:\find.txt & start notepad c:\find.txt

----------------------------------------

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren

----------------------------------------
««
Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 14:31
ulp
Member

Themenstarter

Beiträge: 36
#9 Hallo,

Start > Ausfuehren --> reinschreiben --> cmd.exe
und ok. kopiere rein und poste alles, was im Texteditor erscheint
dir /s /a "c:\mchInjDrv*.*" > c:\find.txt & start notepad c:\find.txt

dann kommt:
Datei nicht gefunden

LG ulp
Seitenanfang Seitenende
19.10.2006, 15:29
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 dann gibt es die datei nicht mehr, nur noch den dienst...arbeite alles weitere ab
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 15:47
ulp
Member

Themenstarter

Beiträge: 36
#11 Hallo,

bei "doppelklick auf die datei ServiceFilter.vbs"
kommt die Meldung:
"Der Zugriff auf Windows Script Host wurde für diesen PC deaktiviert. Wenden Sie sich an den Admin."
Wie aktiviert man das?

LG ulp
Seitenanfang Seitenende
19.10.2006, 16:17
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ganz unten auf der seite:
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 17:06
ulp
Member

Themenstarter

Beiträge: 36
#13 Hallo,

Service-Filter:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 2
Okt 19, 2006 16:53:17


---> Begin Service Listing <---

Unknown Service # 1
Service Name: AccWLSvc
Display Name: AccSys WiFi Server
Start Mode: Auto
Start Name: LocalSystem
Description: Dient der Konfiguration von ...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\accsys\accwlsvc.exe
State: Running
Process ID: 1760
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #2
Service Name: AcrSch2Svc
Display Name: Acronis Scheduler2 Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\acronis\schedule2\schedul2.exe"
State: Running
Process ID: 1780
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #3
Service Name: aswUpdSv
Display Name: avast! iAVS4 Control Service
Start Mode: Disabled
Start Name: LocalSystem
Description: Bietet das automatische Update für avast! ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\aswupdsv.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #4
Service Name: avast! Antivirus
Display Name: avast! Antivirus
Start Mode: Disabled
Start Name: LocalSystem
Description: Verwaltet und implementiert avast! Antivirus Dienste für diesen Computer. Dies beinhaltet den ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\ashserv.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 5
Service Name: avast! Mail Scanner
Display Name: avast! Mail Scanner
Start Mode: Disabled
Start Name: LocalSystem
Description: Implementiert Mailüberprüfung durch avast! ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\ashmaisv.exe" /service
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 6
Service Name: avast! Web Scanner
Display Name: avast! Web Scanner
Start Mode: Disabled
Start Name: LocalSystem
Description: Implementiert Internetüberprüfung (HTTP) durch avast! ...
Service Type: Own Process
Path: "c:\programme\alwil software\avast4\ashwebsv.exe" /service
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 7
Service Name: BlueSoleil Hid Service
Display Name: BlueSoleil Hid Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\ivt corporation\bluesoleil\btntservice.exe
State: Running
Process ID: 1828
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 8
Service Name: Brother XP spl Service
Display Name: BrSplService
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\brsvc01a.exe
State: Running
Process ID: 1508
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 9
Service Name: IDriverT
Display Name: InstallDriver Table Manager
Start Mode: Manual
Start Name: LocalSystem
Description: Provides support for the Running Object Table for InstallShield ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 10
Service Name: InterBaseGuardian
Display Name: InterBaseGuardian
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\progra~1\borland\interb~1\bin\ibguard.exe -s
State: Running
Process ID: 1880
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 11
Service Name: InterBaseServer
Display Name: InterBaseServer
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\progra~1\borland\interb~1\bin\ibserver.exe -s -g
State: Running
Process ID: 1680
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 12
Service Name: kavsvc
Display Name: kavsvc
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\kavsvc.exe"
State: Running
Process ID: 1908
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 13
Service Name: LPDSVC
Display Name: TCP/IP-Druckserver
Start Mode: Manual
Start Name: LocalSystem
Description: Bietet einen TCP/IP-basierten Druckdienst, der das 'Line Printer'-Protokoll ...
Service Type: Share Process
Path: c:\windows\system32\tcpsvcs.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #14
Service Name: MDM
Display Name: Machine Debug Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe"
State: Running
Process ID: 1924
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 15
Service Name: MSSQL$MICROSOFTSMLBIZ
Display Name: MSSQL$MICROSOFTSMLBIZ
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\microsoft sql server\mssql$microsoftsmlbiz\binn\sqlservr.exe" -smicrosoftsmlbiz
State: Running
Process ID: 2008
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 16
Service Name: MSSQLServerADHelper
Display Name: MSSQLServerADHelper
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\microsoft sql server\80\tools\binn\sqladhlp.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 17
Service Name: odClientService
Display Name: Odyssey Client for Fujitsu Siemens Computers
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\fujitsu siemens computers\odyssey client for fujitsu siemens computers\odclientservice.exe"
State: Running
Process ID: 1220
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #18
Service Name: ose
Display Name: Office Source Engine
Start Mode: Manual
Start Name: LocalSystem
Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist für den ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 19
Service Name: SDhelper
Display Name: PC Tools Spyware Doctor
Start Mode: Auto
Start Name: LocalSystem
Description: Provides spyware and malware protection for the system. If this service is disabled spyware ...
Service Type: Own Process
Path: c:\programme\spyware doctor\sdhelp.exe
State: Running
Process ID: 212
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 20
Service Name: SQLAgent$MICROSOFTSMLBIZ
Display Name: SQLAgent$MICROSOFTSMLBIZ
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\microsoft sql server\mssql$microsoftsmlbiz\binn\sqlagent.exe" -i microsoftsmlbiz
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #21
Service Name: ssoftservice
Display Name: Cryptainer service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: ssoftsrv.exe
State: Running
Process ID: 408
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #22
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{2d61d5ec-8396-4cc5-8d62-71759ffc218c}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 23
Service Name: UxTuneUp
Display Name: TuneUp Designerweiterung
Start Mode: Auto
Start Name: LocalSystem
Description: Ermöglicht die Verwendung von Designs ohne Microsoft Visual Style ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k netsvcs
State: Running
Process ID: 1032
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

---> End Service Listing <---

There are 104 Win32 services on this machine.
23 were unrecognized.

Script Execution Time: 1,828125 seconds.


Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jdhgqwps

*******************

Script file located at: \??\C:\WINDOWS\ulquomdu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

LG ulp
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1