virusburster - pmsngr.exe, etc.

#0
02.11.2006, 22:50
...neu hier

Beiträge: 2
#1 hallo.. hab mir irgendwie auch den virusburster eingefangen (vermute das sonst auch noch was anderes drauf sein könnte). nun läuft mein spybot heiss. gelöscht habe ich in dem ordner wo der drin war alles bis auf das was nicht ging.. glaube ihr kennt euch da ja schon aus.

wäre echt dankbar wenn mir jemand helfen könnte. wollte eigentlich einfach mittels dem powerquest drive image ein cleanes image draufschmeissen, aber das funktioniert irgendwie auch nicht mehr wie früher.

habe mal die liste abgearbeitet.. hier die logs..

Logfile of HijackThis v1.99.1
Scan saved at 22:07:21, on 02.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programme\Wistron\AVManager\AVManager.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\VideoKeyCodec\pmmon.exe
C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Programme\Anti-Trojan-55\ATWatch.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Logitech\SetPoint\kem.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Adobe\Acrobat 5.0\Distillr\Acrodist.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\xxx\LOKALE~1\Temp\Rar$EX00.354\HijackThis.exe
C:\Programme\VideoKeyCodec\pmsngr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programme\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Programme\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VirusBursters] C:\Programme\VirusBursters\virusbursters.exe /h
O4 - HKCU\..\Run: [iMesh] C:\PROGRA~1\imesh\iMesh5\iMesh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Seuttsrvu - ATI Technologies Inc. - C:\WINDOWS\system32\drivers\ati1pdxx.sys




xxx - 06-11-02 22:31:33.07 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Programme\Gemeinsame Dateien\System\MAPI\1031"

((((((((((((((((((((((((((((((( Files Created from 2006-10-02 to 2006-11-02 ))))))))))))))))))))))))))))))))))


2006-10-30 22:51 106,496 --a------ C:\WINDOWS\system32\rrtcany.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-02 22:30 -------- d-------- C:\Programme\Spamihilator
2006-11-02 22:30 -------- d-------- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Skype
2006-11-02 22:28 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-02 22:24 -------- d-------- C:\Programme\Anti-Trojan-55
2006-11-02 22:19 -------- d-------- C:\Programme\CleanUp!
2006-10-30 22:52 -------- d-------- C:\Programme\VideoKeyCodec
2006-09-29 18:48 -------- d-------- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Samsung
2006-09-29 18:47 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-29 18:46 -------- d-------- C:\Programme\Samsung
2006-09-19 21:18 -------- d-------- C:\Programme\LimeWire
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:57 21216 --a------ C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"iMesh"="C:\\PROGRA~1\\imesh\\iMesh5\\iMesh.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Programme\\ltmoh\\Ltmoh.exe"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe"
"HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe"
"CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe"
"LMgrOSD"="C:\\Program Files\\Launch Manager\\OSD.exe"
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"AVManager"="\"C:\\Programme\\Wistron\\AVManager\\AVManager.exe\""
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PRONoMgr.exe"="C:\\Programme\\Intel\\PROSetWireless\\NCS\\PROSet\\PRONoMgr.exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Anti-Trojan-Watch"="C:\\Programme\\Anti-Trojan-55\\ATWatch.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"MSNSysRestore"="C:\\WINDOWS\\system32\\pc32.exe bg"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"iTunesHelper"="C:\\Programme\\iTunes\\iTunesHelper.exe"
"McAfeeUpdaterUI"="\"C:\\Programme\\Network Associates\\Common Framework\\UpdaterUI.exe\""
"ShStatEXE"="\"C:\\Programme\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"VirusBursters"="C:\\Programme\\VirusBursters\\virusbursters.exe /h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,fe,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\VideoKeyCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\VideoKeyCodec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-02 22:32:24.98
C:\ComboFix.txt ... 06-11-02 22:32




Datentr„ger in Laufwerk C: ist Fat_Boy
Volumeseriennummer: 88C8-3F6F

Verzeichnis von C:\WINDOWS\system32

01.11.2006 21:50 2'206 wpa.dbl
31.10.2006 00:12 5'260 PQ_DEBUG.TXT
30.10.2006 23:01 311'938 perfh009.dat
30.10.2006 23:01 48'558 perfc007.dat
30.10.2006 23:01 40'326 perfc009.dat
30.10.2006 23:01 317'162 perfh007.dat
30.10.2006 23:01 723'744 PerfStringBackup.INI
30.10.2006 22:51 106'496 rrtcany.dll
04.10.2006 21:03 9'639'336 MRT.exe
13.09.2006 06:02 1'084'416 msxml3.dll
04.09.2006 07:12 1'494'016 shdocvw.dll
25.08.2006 16:46 617'472 comctl32.dll
23.08.2006 22:29 118'152 FNTCACHE.DAT
21.08.2006 13:26 16'896 fltlib.dll
21.08.2006 10:14 23'040 fltmc.exe
16.08.2006 12:58 100'352 6to4svc.dll
28.07.2006 12:28 3'075'072 mshtml.dll
27.07.2006 14:25 679'424 inetcomm.dll
25.07.2006 21:33 615'936 urlmon.dll
21.07.2006 09:29 72'704 hlink.dll
14.07.2006 16:38 332'288 netapi32.dll
14.07.2006 16:25 546'304 hhctrl.ocx
13.07.2006 14:34 8'494'592 shell32.dll
05.07.2006 11:55 1'057'792 kernel32.dll



Datentr„ger in Laufwerk C: ist Fat_Boy
Volumeseriennummer: 88C8-3F6F

Verzeichnis von C:\DOKUME~1\xxx\LOKALE~1\Temp

02.11.2006 22:24 16'384 ~DFD3A9.tmp
1 Datei(en) 16'384 Bytes
0 Verzeichnis(se), 11'602'636'800 Bytes frei




Datentr„ger in Laufwerk C: ist Fat_Boy
Volumeseriennummer: 88C8-3F6F

Verzeichnis von C:\WINDOWS

02.11.2006 22:24 2'071'106 WindowsUpdate.log
02.11.2006 22:24 159 wiadebug.log
02.11.2006 22:24 50 wiaservc.log
02.11.2006 22:24 0 0.log
02.11.2006 22:24 2'048 bootstat.dat
02.11.2006 22:23 32'536 SchedLgU.Txt
02.11.2006 21:46 367'481 setupapi.log
31.10.2006 00:04 1'285 setupact.log
29.10.2006 20:13 44'504 wmsetup.log
27.10.2006 16:59 116 NeroDigital.ini
27.10.2006 16:43 54'156 QTFont.qfn
24.10.2006 15:57 1'409 QTFont.for
14.10.2006 21:01 86'092 comsetup.log
14.10.2006 21:01 279'344 iis6.log
14.10.2006 21:01 52'198 ntdtcsetup.log
14.10.2006 21:01 118'482 tsoc.log
14.10.2006 21:01 1'393 imsins.log
14.10.2006 21:01 14'364 ocmsn.log
14.10.2006 21:01 13'062 tabletoc.log
14.10.2006 21:01 19'515 KB924191.log
14.10.2006 21:01 45'486 netfxocm.log
14.10.2006 21:01 17'850 MedCtrOC.log
14.10.2006 21:01 122'472 ocgen.log
14.10.2006 21:01 12'726 msgsocm.log
14.10.2006 21:01 259'671 FaxSetup.log
14.10.2006 21:01 78'694 msmqinst.log
14.10.2006 21:01 17'266 updspapi.log
14.10.2006 21:01 1'393 imsins.BAK
14.10.2006 21:01 19'328 KB922819.log
14.10.2006 21:01 18'495 KB923414.log
14.10.2006 21:01 18'491 KB924496.log
14.10.2006 21:01 15'992 KB923191.log
27.09.2006 21:00 12'598 KB925486.log
23.09.2006 21:00 28'938 WgaNotify.log
13.09.2006 16:16 13'158 KB920685.log
13.09.2006 16:16 14'822 KB920872.log
13.09.2006 16:16 13'324 KB919007.log
13.09.2006 16:15 8'634 KB922582.log
12.08.2006 01:03 21'094 KB920214.log
12.08.2006 01:03 20'475 KB922616.log
12.08.2006 01:03 20'283 KB921398.log
12.08.2006 01:03 27'372 KB918899.log
12.08.2006 01:02 15'767 KB920670.log
12.08.2006 01:02 12'999 KB917422.log
12.08.2006 01:02 16'542 KB920683.log
10.08.2006 16:21 12'519 KB921883.log
16.07.2006 21:01 13'734 KB917159.log
16.07.2006 21:01 14'233 KB914388.log
16.07.2006 21:01 12'370 KB916595.log



Datentr„ger in Laufwerk C: ist Fat_Boy
Volumeseriennummer: 88C8-3F6F

Verzeichnis von C:\WINDOWS\Temp



Datentr„ger in Laufwerk C: ist Fat_Boy
Volumeseriennummer: 88C8-3F6F

Verzeichnis von C:\WINDOWS\Downloaded Program Files

08.08.2006 11:45 576 kavwebscan.inf



Datentr„ger in Laufwerk C: ist Fat_Boy
Volumeseriennummer: 88C8-3F6F

Verzeichnis von C:\

02.11.2006 22:38 0 sys.txt
02.11.2006 22:38 493 down.txt
02.11.2006 22:38 111 tmp.txt
02.11.2006 22:37 8'720 system.txt
02.11.2006 22:36 284 systemtemp.txt
02.11.2006 22:36 103'180 system32.txt
02.11.2006 22:32 7'524 ComboFix.txt
02.11.2006 22:23 535'875'584 hiberfil.sys
02.11.2006 22:23 805'306'368 pagefile.sys
Seitenanfang Seitenende
03.11.2006, 02:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{27321538-5739-4aa1-b84c-7d18e4383f1f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|ferrateen

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoKeyCodec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoKeyCodec

Files to delete:
C:\WINDOWS\system32\rrtcany.dll

Folders to delete:
C:\Programme\VideoKeyCodec
««
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
mit smitfraudfix http://virus-protect.org/artikel/tools/smitfrautfix.html scannen (Option 1 und 2) - lasse auch die Registry mitreinigen
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2006, 12:51
...neu hier

Themenstarter

Beiträge: 2
#3 super.. vielen dank! jetzt ist endlich wieder ruhe eingekehrt auf meinem laptop. herrlich.

ich poste hier noch die ergebnisse der logfiles. vielleicht gibt es ja doch noch was zu tun.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qvtbqrfk

*******************

Script file located at: \??\C:\Documents and Settings\ibylttrx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\rrtcany.dll deleted successfully.
Folder C:\Programme\VideoKeyCodec deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{27321538-5739-4aa1-b84c-7d18e4383f1f} deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|ferrateen
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|ferrateen failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoKeyCodec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoKeyCodec failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoKeyCodec deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



SmitFraudFix v2.119

Scan done at 12:37:39.25, 04.11.2006
Run from C:\Dokumente und Einstellungen\xxx\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\xxx


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\xxx\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





SmitFraudFix v2.119

Scan done at 12:42:19.99, 04.11.2006
Run from C:\Dokumente und Einstellungen\xxx\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





Logfile of HijackThis v1.99.1
Scan saved at 12:47:36, on 04.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programme\Wistron\AVManager\AVManager.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Programme\Anti-Trojan-55\ATWatch.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Logitech\SetPoint\kem.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOKUME~1\xxx\LOKALE~1\Temp\Rar$EX05.694\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Programme\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Programme\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\system32\pc32.exe bg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [qsabidgm] C:\qfacjrqx.bat
O4 - HKCU\..\Run: [iMesh] C:\PROGRA~1\imesh\iMesh5\iMesh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Seuttsrvu - ATI Technologies Inc. - C:\WINDOWS\system32\drivers\ati1pdxx.sys
Seitenanfang Seitenende
04.11.2006, 15:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 alles in ordnung ;)

kannst du noch ueber Ausfuehren - msconfig aus dem Autostart nehmen.(ist vom avenger)
O4 - HKLM\..\Run: [qsabidgm] C:\qfacjrqx.bat
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: