Dialer, Trojaner und sonstiges unnötiges Zeugs |
||
---|---|---|
#0
| ||
08.11.2006, 01:42
Member
Beiträge: 11 |
||
|
||
08.11.2006, 14:23
Ehrenmitglied
Beiträge: 29434 |
#2
««
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html «« poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 16:35
Member
Themenstarter Beiträge: 11 |
#3
Zitat Sabina posteteDone «« Zitat Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS\system32 08.11.2006 16:00 8.860 Fxxplfnt.tmp 08.11.2006 10:15 1.688 TRJ_NTAUTO.TMP 07.11.2006 23:54 0 tmp.txt 07.11.2006 23:54 864 tmp.reg 07.11.2006 23:19 1.152 windrv.sys 07.11.2006 10:18 60.436 vcvvccht.dll 06.11.2006 19:42 251.488 trjscan.trb 06.11.2006 17:25 59.392 streamhlp.dll 06.11.2006 09:15 399.298 perfh009.dat 06.11.2006 09:15 61.808 perfc009.dat 06.11.2006 09:15 468.340 PerfStringBackup.INI 06.11.2006 09:07 2.206 wpa.dbl 01.11.2006 20:10 15.872 winrkq32.VIR 31.10.2006 10:46 3.036 jupdate-1.4.2_03-b02.log 23.10.2006 00:28 832.064 rmvtrjan.trb 23.10.2006 00:25 1.622.592 rmt.trb 12.10.2006 14:05 265.416 FNTCACHE.DAT 11.10.2006 14:21 3.090 jupdate-1.4.2_06-b03.log 09.10.2006 15:25 3.360 esnecil.ind 04.10.2006 20:16 3.360 esnecil.nlp 02.10.2006 21:13 15.360 BASSMOD.dll 29.09.2006 10:13 2.430 $winnt$.inf 24.09.2006 02:42 65.536 QuickTimeVR.qtx 24.09.2006 02:42 49.152 QuickTime.qts 07.09.2006 12:54 57.384 avsda.dll 29.08.2006 15:01 561.152 ACDSee.scr 29.07.2006 18:32 48.936 sirenacm.dll 28.07.2006 03:28 3.054.080 mshtml.dll 25.07.2006 21:33 613.888 urlmon.dll 21.07.2006 09:24 72.704 hlink.dll 14.07.2006 16:31 332.288 netapi32.dll 14.07.2006 16:25 546.304 hhctrl.ocx 14.07.2006 13:51 108.144 GEARAspi.dll 13.07.2006 14:33 8.453.632 shell32.dll 06.07.2006 17:21 6.757.792 MRT.exe 05.07.2006 11:55 984.064 kernel32.dll 26.06.2006 18:37 148.480 dnsapi.dll 26.06.2006 18:37 8.192 rasadhlp.dll 23.06.2006 12:02 658.944 wininet.dll 23.06.2006 12:02 1.494.016 shdocvw.dll 23.06.2006 12:02 448.512 mshtmled.dll 23.06.2006 12:02 146.432 msrating.dll 23.06.2006 12:02 474.112 shlwapi.dll 23.06.2006 12:02 39.424 pngfilt.dll 23.06.2006 12:02 532.480 mstime.dll 23.06.2006 12:02 96.256 inseng.dll 23.06.2006 12:02 16.384 jsproxy.dll 23.06.2006 12:02 205.312 dxtrans.dll 23.06.2006 12:02 357.888 dxtmsft.dll 23.06.2006 12:02 251.392 iepeers.dll 23.06.2006 12:02 55.808 extmgr.dll 23.06.2006 12:02 1.054.208 danim.dll 23.06.2006 12:02 1.022.976 browseui.dll 23.06.2006 12:02 151.040 cdfview.dll 23.06.2006 09:34 24.576 xpsp3res.dll Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\DOCUME~1\washiema\LOCALS~1\Temp 08.11.2006 16:28 289 datFind.zip 04.10.2006 09:23 668 datFind.bat 2 File(s) 957 bytes 0 Dir(s) 19.219.013.632 bytes free Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS 08.11.2006 16:19 159 wiadebug.log 08.11.2006 16:19 50 wiaservc.log 08.11.2006 16:18 0 0.log 08.11.2006 16:18 2.048 bootstat.dat 08.11.2006 16:17 467 SMSCFG.ini 08.11.2006 15:42 13.748 ModemLog_GlobeTrotter 3G+ Modem Interface.txt 08.11.2006 10:15 2.866.701 setupapi.log 08.11.2006 02:28 25.874 SchedLgU.Txt 08.11.2006 02:28 2.054.160 WindowsUpdate.log 08.11.2006 00:30 1.409 QTFont.for 08.11.2006 00:30 54.156 QTFont.qfn 07.11.2006 23:51 2.212 setupact.log 07.11.2006 23:49 460.636 ntbtlog.txt 07.11.2006 21:40 1.059 win.ini 07.11.2006 21:40 260 system.ini 07.11.2006 21:06 224.907 SetupWLD.log 07.11.2006 20:58 4.950 chipset.log 07.11.2006 01:32 10 popcinfo.dat 02.11.2006 21:19 50.880 wmsetup.log 02.11.2006 14:50 2.877 KB893803v2Uninst.log 02.11.2006 14:50 160.082 comsetup.log 02.11.2006 14:50 520.872 iis6.log 02.11.2006 14:50 95.359 ntdtcsetup.log 02.11.2006 14:50 23.022 tabletoc.log 02.11.2006 14:50 1.374 imsins.log 02.11.2006 14:50 214.757 tsoc.log 02.11.2006 14:50 24.825 ocmsn.log 02.11.2006 14:49 78.600 netfxocm.log 02.11.2006 14:49 218.852 ocgen.log 02.11.2006 14:49 31.237 MedCtrOC.log 02.11.2006 14:49 22.501 msgsocm.log 02.11.2006 14:49 444.368 FaxSetup.log 02.11.2006 14:49 142.752 msmqinst.log 02.11.2006 14:45 0 VPC32.INI 18.10.2006 09:47 3.936 KB924191.log 18.10.2006 09:47 3.849 KB922819.log 18.10.2006 09:47 3.765 KB923414.log 18.10.2006 09:47 3.684 KB920214.log 18.10.2006 09:47 3.602 KB920685.log 18.10.2006 09:47 3.522 KB924496.log 18.10.2006 09:47 3.824 KB920872.log 18.10.2006 09:47 3.351 KB919007.log 18.10.2006 09:46 3.352 KB923191.log 18.10.2006 09:46 3.656 KB925486.log 18.10.2006 09:28 1.760.623 setupapi.log.0.old 13.10.2006 19:23 4.777 LVEventLog.log 12.10.2006 12:25 1.588 DirectX.log 11.10.2006 15:50 894 idmviewer.log 10.10.2006 17:49 334 GEARInstall.log 09.10.2006 17:56 1.448 COM+.log 04.10.2006 20:16 205 my.ini 04.10.2006 20:12 64 Crypkey.ini 04.10.2006 16:55 72 init.ini 04.10.2006 08:27 904 EventSystem.log 03.10.2006 11:06 4.348 DPINST.LOG 02.10.2006 23:21 459 wmsetup10.log 02.10.2006 18:32 3.469 mozver.dat 02.10.2006 16:27 0 nsreg.dat 02.10.2006 16:14 2.038 OEWABLog.txt 02.10.2006 15:19 2.191 vminst.log 02.10.2006 15:19 520 ODBC.INI 02.10.2006 15:19 4.512 ODBCINST.INI 02.10.2006 15:17 218 ORAODBC.INI 02.10.2006 10:41 2.736 spupdsvc.log 29.09.2006 11:11 1.374 imsins.BAK 29.09.2006 11:11 16.812 KB917734.log 29.09.2006 11:09 15.688 KB921883.log 29.09.2006 11:09 24.759 updspapi.log 29.09.2006 11:09 14.856 KB922616.log 29.09.2006 11:08 14.954 KB911280.log 29.09.2006 11:06 15.180 KB917159.log 29.09.2006 11:05 15.237 KB921398.log 29.09.2006 11:05 17.932 KB918899.log 29.09.2006 11:04 10.688 KB920670.log 29.09.2006 11:04 10.885 KB918439.log 29.09.2006 11:02 10.680 KB914388.log 29.09.2006 11:02 9.368 KB917344.log 29.09.2006 11:02 9.511 KB917953.log 29.09.2006 11:02 9.327 KB917422.log 29.09.2006 11:01 8.819 KB916595.log 29.09.2006 11:01 10.053 KB913580.log 29.09.2006 11:01 8.683 KB920683.log 29.09.2006 11:01 8.307 KB914389.log 29.09.2006 10:13 18.922 setuplog.txt 29.09.2006 10:13 509 setuperr.log 29.09.2006 09:35 7.890 sessmgr.setup.log 29.09.2006 09:35 2.165 DtcInstall.log 29.09.2006 09:35 6.840 regopt.log 27.04.2006 12:26 8.293 KB908521.log 27.04.2006 12:22 7.165 KB904942.log 27.04.2006 12:20 63 vbaddin.ini 27.04.2006 12:19 60.926 KB911565.log 26.04.2006 15:53 316.640 WMSysPr9.prx 26.04.2006 14:34 55.703 ofcscan.ini 26.04.2006 14:21 24.801 KB911927.log 26.04.2006 14:21 24.313 KB901017.log 26.04.2006 14:20 24.752 KB896424.log 26.04.2006 14:20 23.912 KB911562.log 26.04.2006 14:20 31.972 KB900485.log 26.04.2006 14:19 18.582 KB910437.log 26.04.2006 14:19 45.479 KB911564.log 26.04.2006 14:19 26.806 KB912812.log 26.04.2006 14:18 23.601 KB902400.log 26.04.2006 14:17 14.512 KB899589.log 26.04.2006 14:17 14.832 KB905414.log 26.04.2006 14:17 14.950 KB900725.log 26.04.2006 14:17 12.970 KB912919.log 26.04.2006 14:16 12.170 KB904706.log 26.04.2006 14:16 12.734 KB908531.log 26.04.2006 14:16 12.210 KB905749.log 26.04.2006 14:16 11.584 KB911567.log 26.04.2006 14:15 11.157 KB908519.log 26.04.2006 14:15 7.945 KB913446.log 26.04.2006 14:03 2.918 cfgall.ini 25.08.2005 09:00 522 TMFilter.log 24.08.2005 17:14 18.253 KB899587.log 24.08.2005 17:14 17.746 KB899591.log Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS\TEMP Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS\Downloaded Program Files 24.06.2005 13:27 65 desktop.ini 20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd 2 File(s) 1.227 bytes 0 Dir(s) 19.219.001.344 bytes free Zitat ««washiema - 06-11-08 16:16:30,80 Service Pack 2 ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox" ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\components C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b} C:\Program Files\Common Files\{301FC7AB-031E-3079-0526-05050426002b} ((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 )))))))))))))))))))))))))))))))))) 2006-11-08 01:32 0 --a------ C:\backup.reg 2006-11-08 01:30 249 --a------ C:\avexport.bat 2006-11-08 01:30 126,976 --a------ C:\zip.exe 2006-11-07 23:40 864 --a------ C:\WINDOWS\system32\tmp.reg 2006-11-07 23:19 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2006-11-07 21:05 466,944 --a------ C:\WINDOWS\system32\w29NCPA.dll 2006-11-07 21:05 3,281,408 --a------ C:\WINDOWS\system32\drivers\w29n51.sys 2006-11-07 20:16 44,035 --a------ C:\WINDOWS\system32\drivers\btwhid.sys 2006-11-07 20:16 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys 2006-11-07 10:18 60,436 --a------ C:\WINDOWS\system32\vcvvccht.dll 2006-11-06 19:41 3,440 --a------ C:\WINDOWS\undo.reg 2006-11-06 19:41 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2006-11-02 21:19 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2006-11-02 15:04 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-11-02 15:04 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2006-11-02 15:04 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2006-11-01 20:10 15,872 --a------ C:\WINDOWS\system32\winrkq32.VIR 2006-10-29 21:00 61,440 --a------ C:\WINDOWS\system32\W32N50.dll 2006-10-29 21:00 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS 2006-10-29 19:25 607,232 --a------ C:\WINDOWS\system32\drivers\MA111nd5.sys 2006-10-23 17:22 69,632 --a------ C:\WINDOWS\aaRemove.exe 2006-10-21 12:51 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2006-10-21 12:51 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2006-10-21 12:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2006-10-12 12:27 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2006-10-12 12:27 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys 2006-10-12 12:26 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2006-10-12 12:26 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2006-10-12 12:26 51,072 -ra------ C:\WINDOWS\system32\drivers\M9207_543.sys 2006-10-12 12:26 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll 2006-10-12 12:26 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2006-10-12 12:26 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2006-10-12 12:26 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2006-10-12 12:26 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys 2006-10-12 12:26 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2006-10-12 12:26 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2006-10-11 15:50 328,704 --a------ C:\WINDOWS\IsUn0407.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-08 16:17 -------- d-------- C:\Program Files\Symantec AntiVirus 2006-11-08 16:17 -------- d-------- C:\Program Files\Common Files 2006-11-08 16:15 -------- d-------- C:\Program Files\Mozilla Firefox 2006-11-08 15:45 -------- d-------- C:\Program Files\CleanUp! 2006-11-08 01:09 0 --a------ C:\AUTOEXEC.BAT 2006-11-08 00:18 -------- d-------- C:\Program Files\Trisnap Technologies 2006-11-07 21:05 -------- d-------- C:\Program Files\Intel 2006-11-07 20:55 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-07 20:55 -------- d-------- C:\Program Files\Broadcom 2006-11-07 20:11 -------- d-------- C:\Program Files\Hewlett-Packard 2006-11-07 15:12 -------- d-------- C:\Program Files\Trojan Remover 2006-11-06 21:09 -------- d-------- C:\Program Files\Trillian 2006-11-06 19:42 -------- d-------- C:\Documents and Settings\washiema\Application Data\Simply Super Software 2006-11-06 19:17 -------- d-------- C:\Documents and Settings\washiema\Application Data\TrojanHunter 2006-11-06 17:29 -------- d-------- C:\Program Files\TrojanHunter 4.6 2006-11-04 18:02 -------- d-------- C:\Program Files\Apple Software Update 2006-11-03 17:14 -------- d-------- C:\Program Files\NetSpeedMonitor 2006-11-02 21:27 -------- d-------- C:\Documents and Settings\washiema\Application Data\ACD Systems 2006-11-02 21:20 -------- d-------- C:\Program Files\Common Files\ACD Systems 2006-11-02 17:45 -------- d-------- C:\Program Files\Windows Media Player 2006-11-02 15:04 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic 2006-11-02 14:47 -------- d-------- C:\Program Files\Movie Maker 2006-11-01 20:52 -------- d-------- C:\Program Files\VSAdd-in 2006-11-01 20:28 -------- d-------- C:\Program Files\Windows NT 2006-11-01 20:28 -------- d-------- C:\Program Files\NetMeeting 2006-11-01 20:23 -------- d-------- C:\Program Files\Lavasoft 2006-11-01 20:23 -------- d-------- C:\Documents and Settings\washiema\Application Data\Lavasoft 2006-11-01 19:49 -------- d-------- C:\Program Files\PopCap Games 2006-11-01 18:27 -------- d-a------ C:\Documents and Settings\washiema\Application Data\Identities 2006-11-01 18:27 -------- d-------- C:\Documents and Settings\washiema\Application Data\Zylom 2006-11-01 11:03 -------- d-------- C:\Program Files\POP Peeper 2006-10-31 18:59 -------- d-------- C:\Documents and Settings\washiema\Application Data\POP Peeper 2006-10-31 10:46 -------- d-------- C:\Program Files\Java 2006-10-31 10:43 -------- d-------- C:\Program Files\Nokia 2006-10-30 13:31 -------- d-------- C:\Program Files\PLSQL Developer 2006-10-30 13:20 -------- d-------- C:\Documents and Settings\washiema\Application Data\Apple Computer 2006-10-29 21:00 -------- d-------- C:\Program Files\NETGEAR 2006-10-25 18:11 -------- d-------- C:\Program Files\WinSCP3 2006-10-25 08:48 -------- d-------- C:\Program Files\sipgate X-Lite 2006-10-24 19:03 -------- d-------- C:\Program Files\MSN Messenger 2006-10-23 17:42 -------- d-------- C:\Documents and Settings\washiema\Application Data\PLSQL Developer 2006-10-21 14:09 -------- d-------- C:\Program Files\WinZip 2006-10-21 13:23 -------- d-------- C:\Program Files\ACD Systems 2006-10-18 13:50 -------- d-------- C:\Documents and Settings\washiema\Application Data\Ethereal 2006-10-18 13:45 -------- d-------- C:\Program Files\Ethereal 2006-10-18 13:43 -------- d-------- C:\Program Files\WinPcap 2006-10-17 20:05 -------- d-------- C:\Program Files\Common Files\Autodata Limited Shared 2006-10-13 19:23 -------- d-------- C:\Program Files\DTV 2006-10-13 15:20 -------- d-------- C:\Documents and Settings\washiema\Application Data\Macromedia 2006-10-11 15:02 -------- d-------- C:\Documents and Settings\washiema\Application Data\ICAClient 2006-10-11 14:21 -------- d-------- C:\Program Files\Citrix 2006-10-10 19:27 -------- d-a------ C:\Documents and Settings\washiema\Application Data\Microsoft 2006-10-10 17:49 -------- d-------- C:\Program Files\iTunes 2006-10-10 17:49 -------- d-------- C:\Program Files\iPod 2006-10-10 17:48 -------- d-------- C:\Program Files\QuickTime 2006-10-09 15:43 -------- d-------- C:\Documents and Settings\washiema\Application Data\Astellia 2006-10-04 20:15 -------- d-------- C:\Program Files\Astellia 2006-10-04 16:54 -------- d-------- C:\Program Files\Option 2006-10-04 16:54 -------- d-------- C:\Program Files\Common Files\Funk Software 2006-10-03 16:43 -------- d-a------ C:\Documents and Settings\washiema\Application Data\AdobeUM 2006-10-03 11:08 -------- d-------- C:\Documents and Settings\washiema\Application Data\Nokia 2006-10-03 11:06 -------- d-------- C:\Program Files\Common Files\PCSuite 2006-10-03 11:06 -------- d-------- C:\Program Files\Common Files\Nokia 2006-10-03 11:06 -------- d-------- C:\Documents and Settings\washiema\Application Data\PC Suite 2006-10-03 09:38 -------- d-------- C:\Documents and Settings\washiema\Application Data\Hummingbird 2006-10-03 09:37 -------- d-------- C:\Program Files\Hummingbird 2006-10-03 09:37 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-10-02 21:37 -------- d-------- C:\Documents and Settings\washiema\Application Data\IDMComp 2006-10-02 21:32 -------- d-------- C:\Program Files\SecureCRT 2006-10-02 21:32 -------- d-------- C:\Program Files\IDM Computer Solutions 2006-10-02 21:31 -------- d-------- C:\Documents and Settings\washiema\Application Data\VanDyke 2006-10-02 21:13 15360 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-10-02 20:29 -------- d-------- C:\Program Files\FileZilla 2006-10-02 19:38 -------- d-------- C:\Documents and Settings\washiema\Application Data\Sun 2006-10-02 17:40 -------- d-------- C:\Program Files\Agent 2006-10-02 16:28 -------- d-------- C:\Program Files\DU Meter 2006-10-02 16:27 -------- d-------- C:\Documents and Settings\washiema\Application Data\Talkback 2006-10-02 16:26 -------- d-------- C:\Documents and Settings\washiema\Application Data\Mozilla 2006-10-02 15:20 -------- d-------- C:\Program Files\Starbase 2006-10-02 15:19 -------- d-------- C:\Program Files\Common Files\Crystal Decisions 2006-10-02 15:19 -------- d-------- C:\Program Files\AR System 2006-10-02 15:17 -------- d-------- C:\Program Files\Oracle 2006-09-29 11:17 -------- d-------- C:\Program Files\xerox 2006-09-29 11:17 -------- d-------- C:\Program Files\WinRAR 2006-09-29 11:17 -------- d-------- C:\Program Files\WIDCOMM 2006-09-29 11:17 -------- d-------- C:\Program Files\Symantec 2006-09-29 11:17 -------- d-------- C:\Program Files\RSA Security 2006-09-29 11:17 -------- d-------- C:\Program Files\Outlook Express 2006-09-29 11:17 -------- d-------- C:\Program Files\OfficeUpdate11 2006-09-29 11:17 -------- d-------- C:\Program Files\OfficeScan NT 2006-09-29 11:16 -------- d-------- C:\Program Files\MSN Gaming Zone 2006-09-29 11:16 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-29 11:16 -------- d-------- C:\Program Files\Microsoft Works 2006-09-29 11:16 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-29 11:15 -------- d-------- C:\Program Files\Microsoft Office 2006-09-29 11:13 -------- d-------- C:\Program Files\microsoft frontpage 2006-09-29 11:13 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-29 11:13 -------- d-------- C:\Program Files\Messenger 2006-09-29 11:12 -------- d-------- C:\Program Files\HPQ 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\System 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\SpeechEngines 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\Services 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\MSSoap 2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-29 11:11 -------- d-------- C:\Program Files\Common Files\Java 2006-09-29 11:10 -------- d-------- C:\Program Files\Common Files\Deterministic Networks 2006-09-29 11:10 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-29 11:10 -------- d-------- C:\Program Files\Common Files\Adobe 2006-09-29 11:10 -------- d-------- C:\Program Files\Cisco Systems 2006-09-29 11:10 -------- d-------- C:\Program Files\ATI Technologies 2006-09-29 11:10 -------- d-------- C:\Program Files\Analog Devices 2006-09-29 11:10 -------- d-------- C:\Program Files\Adobe 2006-09-29 11:08 -------- d-a------ C:\Documents and Settings\washiema\Application Data\Adobe 2006-09-29 11:05 -------- d-------- C:\Program Files\Internet Explorer 2006-08-29 15:01 561152 --a------ C:\WINDOWS\system32\ACDSee.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "POP Peeper"="\"C:\\Program Files\\POP Peeper\\POPPeeper.exe\" -min" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "DU Meter"="C:\\Program Files\\DU Meter\\DUMeter.exe" "THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\"" "TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe" "SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoWindowsUpdate"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DU Meter (2).lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DU Meter (2).lnk" "backup"="C:\\WINDOWS\\pss\\DU Meter (2).lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\DUMETE~1\\DUMeter.exe " "item"="DU Meter (2)" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PcSync2" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ServiceLayer"=dword:00000003 "SavRoam"=dword:00000002 "Crypkey License"=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-11-08 16:17:39.61 C:\ComboFix.txt ... 06-11-08 16:17 scheint was gefunden zu haben. Meine Antivirussw hat soeben wieder gemeckert... C:\windows\system32\vcvvccht.dll Ist Das Trojanische Pferd TR/BHO.G3 grrrrrrr, das gibts ja ned :-( |
|
|
||
08.11.2006, 16:57
Ehrenmitglied
Beiträge: 29434 |
#4
gdfde
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log, was nach dem neustart vom avenger erscheint + poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.11.2006 um 17:01 Uhr von Sabina editiert.
|
|
|
||
08.11.2006, 18:11
Member
Themenstarter Beiträge: 11 |
#5
here you go, sabina.
die adware.adjum.100 meldung kommt jetzt immer noch grrrrrr ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Error: could not open export batch. Registry operations will not be backed up! Error code: 0 Error: could not open export batch. Registry operations will not be backed up! Error code: 0 Error: could not open export batch. Registry operations will not be backed up! Error code: 0 Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ybwcalnj ******************* Script file located at: \??\C:\WINDOWS\cafjmvdb.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\Fxxplfnt.tmp deleted successfully. File C:\WINDOWS\system32\vcvvccht.dll deleted successfully. File C:\WINDOWS\system32\winrkq32.VIR deleted successfully. File C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll not found! Deletion of file C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll failed! Could not process line: C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll Status: 0xc0000034 File C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll not found! Deletion of file C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll failed! Could not process line: C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll Status: 0xc0000034 Folder C:\Program Files\VSAdd-in deleted successfully. Folder C:\Program Files\SpyNoMore not found! Deletion of folder C:\Program Files\SpyNoMore failed! Could not process line: C:\Program Files\SpyNoMore Status: 0xc0000034 Folder C:\WINDOWS\system32\components not found! Deletion of folder C:\WINDOWS\system32\components failed! Could not process line: C:\WINDOWS\system32\components Status: 0xc0000034 Folder C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b} not found! Deletion of folder C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b} failed! Could not process line: C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b} Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SNM deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D2401F5-0254-4793-B2E0-6185EC9C4790} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F18F04B0-9CF1-4b93-B004-77A288BEE28B} deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D2401F5-0254-4793-B2E0-6185EC9C4790} deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F18F04B0-9CF1-4b93-B004-77A288BEE28B} deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of HijackThis v1.99.1 Scan saved at 18:13:12, on 08.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Astellia\mysql\bin\mysqld-nt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\TrojanHunter 4.6\THGuard.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\washiema\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy33:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.23.4.*;172.23.5.*;172.23.48.*;172.23.49.*;172.23.52.*;172.23.53.*;172.23.56.*; 172.23.57.*;172.23.60.*;172.23.61.*;172.23.60.152;172.23.97.162;172.23.34.111; 172.23.111.*;172.23.2.21;aupdapp*;172.23.34.107;* staging.*;peoplesoft.*;activation.*,172.23.200.130;;;;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O14 - IERESET.INF: START_PAGE_URL=http://intranet.h3g.at O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = at-work.local O17 - HKLM\Software\..\Telephony: DomainName = at-work.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = at-work.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = at-work.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySql - Unknown owner - C:/Program Files/Astellia/mysql/bin/mysqld-nt.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Program Files\OfficeScan NT\ntrtscan.exe (file missing) O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing) Dieser Beitrag wurde am 08.11.2006 um 18:29 Uhr von Sabina editiert.
|
|
|
||
08.11.2006, 18:30
Ehrenmitglied
Beiträge: 29434 |
#6
gdfde
scanne und poste den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 00:00
Member
Themenstarter Beiträge: 11 |
#7
here u go
Application Version : 3.3.1020 Core Rules Database Version : 3123 Trace Rules Database Version: 1143 Scan type : Complete Scan Total Scan Time : 00:35:26 Memory items scanned : 527 Memory Thread detected : 0 Registry items scanned : 6165 Registry Thread detected : 9 File items scanned : 27950 File Thread detected : 2 Trojan.cmdService HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc Trojan.Downloader-PATDUM C:\VUNDOFIX BACKUPS\JKKJG.DLL.BAD Malware.SpywareHeal C:\ZIPS\SPYHEAL_SETUP.EXE |
|
|
||
09.11.2006, 00:01
Ehrenmitglied
Beiträge: 29434 |
#8
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 00:23
Member
Themenstarter Beiträge: 11 |
#9
bitte schön
The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 Nov 9, 2006 00:24:17 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AntiVirScheduler Display Name: AntiVir PersonalEdition Classic Planer Start Mode: Auto Start Name: LocalSystem Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ... Service Type: Own Process Path: c:\program files\antivir personaledition classic\sched.exe State: Running Process ID: 808 Started: True Exit Code: 0 Accept Pause: True Accept Stop: True Unknown Service # 2 Service Name: AntiVirService Display Name: AntiVir PersonalEdition Classic Guard Start Mode: Auto Start Name: LocalSystem Description: Bietet permanenten Schutz vor Viren und Malware mit der AntiVir ... Service Type: Own Process Path: c:\program files\antivir personaledition classic\avguard.exe State: Running Process ID: 908 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service #3 Service Name: aspnet_state Display Name: ASP.NET State Service Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 4 Service Name: btwdins Display Name: Bluetooth Service Start Mode: Auto Start Name: LocalSystem Description: Dient zum Installieren und Entfernen von ... Service Type: Own Process Path: c:\program files\widcomm\bluetooth software\bin\btwdins.exe State: Running Process ID: 1088 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 5 Service Name: C-DillaSrv Display Name: C-DillaSrv Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\drivers\cdantsrv.exe State: Running Process ID: 1348 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 6 Service Name: CcmExec Display Name: SMS Agent Host Start Mode: Auto Start Name: LocalSystem Description: Provides change and configuration services for computer management ... Service Type: Own Process Path: c:\windows\system32\ccm\ccmexec.exe State: Running Process ID: 796 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 7 Service Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Start Mode: Manual Start Name: LocalSystem Description: Microsoft .NET Framework ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 8 Service Name: Crypkey License Display Name: Crypkey License Start Mode: Disabled Start Name: LocalSystem Description: ... Service Type: Own Process Path: crypserv.exe State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #9 Service Name: CVPND Display Name: Cisco Systems, Inc. VPN Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\program files\cisco systems\vpn client\cvpnd.exe" State: Running Process ID: 1400 Started: True Exit Code: 0 Accept Pause: True Accept Stop: True Unknown Service #10 Service Name: DefWatch Display Name: Symantec AntiVirus Definition Watcher Start Mode: Auto Start Name: LocalSystem Description: Monitors and maintains virus ... Service Type: Own Process Path: "c:\program files\symantec antivirus\defwatch.exe" State: Running Process ID: 1676 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 11 Service Name: iPod Service Display Name: iPod Service Start Mode: Manual Start Name: LocalSystem Description: iPod hardware management ... Service Type: Own Process Path: "c:\program files\ipod\bin\ipodservice.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #12 Service Name: MySql Display Name: MySql Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:/program files/astellia/mysql/bin/mysqld-nt.exe State: Running Process ID: 1796 Started: True Exit Code: 0 Accept Pause: True Accept Stop: True Unknown Service # 13 Service Name: ntrtscan Display Name: OfficeScanNT RealTime Scan Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\program files\officescan nt\ntrtscan.exe State: Stopped Process ID: 0 Started: False Exit Code: 0 Accept Pause: False Accept Stop: False Unknown Service # 14 Service Name: OracleOraHome92ClientCache Display Name: OracleOraHome92ClientCache Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\oracle\ora92\bin\onrsd.exe State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 15 Service Name: SavRoam Display Name: SAVRoam Start Mode: Disabled Start Name: LocalSystem Description: Symantec AntiVirus Roaming ... Service Type: Own Process Path: "c:\program files\symantec antivirus\savroam.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 16 Service Name: ServiceLayer Display Name: ServiceLayer Start Mode: Disabled Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\program files\common files\pcsuite\services\servicelayer.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 17 Service Name: SPBBCSvc Display Name: Symantec SPBBCSvc Start Mode: Manual Start Name: LocalSystem Description: Symantec ... Service Type: Own Process Path: "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe" State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #18 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{9ce0b860-3762-411a-9dea-c6ca1873cfeb} State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service # 19 Service Name: Symantec AntiVirus Display Name: Symantec AntiVirus Start Mode: Auto Start Name: LocalSystem Description: Provides real-time virus scanning, reporting, and management functionality for Symantec ... Service Type: Own Process Path: "c:\program files\symantec antivirus\rtvscan.exe" State: Running Process ID: 156 Started: True Exit Code: 0 Accept Pause: False Accept Stop: True Unknown Service # 20 Service Name: SysEnforce Display Name: SysEnforce Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\progra~1\trisna~1\ssi\sysenf~1.exe State: Stopped Process ID: 0 Started: False Exit Code: 0 Accept Pause: False Accept Stop: False Unknown Service # 21 Service Name: usnsvc Display Name: Messenger Sharing USN Journal Reader-Service Start Mode: Manual Start Name: LocalSystem Description: Ein von Messenger installierter Service, der Freigabeszenarien ... Service Type: Own Process Path: c:\windows\system32\svchost.exe -k usnsvc State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False Unknown Service #22 Service Name: winvnc Display Name: VNC Server Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\windows\pointdev\vnc\winvnc.exe" -service State: Stopped Process ID: 0 Started: False Exit Code: 1077 Accept Pause: False Accept Stop: False ---> End Service Listing <--- There are 112 Win32 services on this machine. 22 were unrecognized. Script Execution Time: 2,171997 seconds. |
|
|
||
09.11.2006, 10:10
Ehrenmitglied
Beiträge: 29434 |
#10
ueberpruefe, ob noch etwas von SPYHEAL auf dem Rechner zu finden ist.
Ansonsten muesste wieder alles mehr oder weniger o.k. sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 16:27
Member
Themenstarter Beiträge: 11 |
#11
spyheal hab ich nicht merh gefunden, aber dieses bloody adware.adjump.100 trojanerzeugs ist wieder gekommen grrrrr
|
|
|
||
09.11.2006, 16:29
Ehrenmitglied
Beiträge: 29434 |
#12
poste noch mal die 6 logs von datfindbat, es scheint noch nicht alles sauber zu sein
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 16:41
Member
Themenstarter Beiträge: 11 |
#13
Volume in drive C has no label.
Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS\system32 09.11.2006 10:58 8.860 Fxxplfnt.tmp 09.11.2006 10:48 1.688 TRJ_NTAUTO.TMP 08.11.2006 19:01 0 CMMGR32.EXE 07.11.2006 23:54 0 tmp.txt 07.11.2006 23:54 864 tmp.reg 07.11.2006 23:19 1.152 windrv.sys 06.11.2006 19:42 251.488 trjscan.trb 06.11.2006 17:25 59.392 streamhlp.dll 06.11.2006 09:15 399.298 perfh009.dat 06.11.2006 09:15 61.808 perfc009.dat 06.11.2006 09:15 468.340 PerfStringBackup.INI 06.11.2006 09:07 2.206 wpa.dbl 31.10.2006 10:46 3.036 jupdate-1.4.2_03-b02.log 23.10.2006 00:28 832.064 rmvtrjan.trb 23.10.2006 00:25 1.622.592 rmt.trb 12.10.2006 14:05 265.416 FNTCACHE.DAT 11.10.2006 14:21 3.090 jupdate-1.4.2_06-b03.log 09.10.2006 15:25 3.360 esnecil.ind 04.10.2006 20:16 3.360 esnecil.nlp 02.10.2006 21:13 15.360 BASSMOD.dll 29.09.2006 10:13 2.430 $winnt$.inf 24.09.2006 02:42 65.536 QuickTimeVR.qtx 24.09.2006 02:42 49.152 QuickTime.qts 07.09.2006 12:54 57.384 avsda.dll 29.08.2006 15:01 561.152 ACDSee.scr 29.07.2006 18:32 48.936 sirenacm.dll 28.07.2006 03:28 3.054.080 mshtml.dll 25.07.2006 21:33 613.888 urlmon.dll 21.07.2006 09:24 72.704 hlink.dll 14.07.2006 16:31 332.288 netapi32.dll 14.07.2006 16:25 546.304 hhctrl.ocx 14.07.2006 13:51 108.144 GEARAspi.dll 13.07.2006 14:33 8.453.632 shell32.dll 06.07.2006 17:21 6.757.792 MRT.exe 05.07.2006 11:55 984.064 kernel32.dll 26.06.2006 18:37 148.480 dnsapi.dll 26.06.2006 18:37 8.192 rasadhlp.dll 23.06.2006 12:02 658.944 wininet.dll 23.06.2006 12:02 39.424 pngfilt.dll 23.06.2006 12:02 474.112 shlwapi.dll 23.06.2006 12:02 448.512 mshtmled.dll 23.06.2006 12:02 146.432 msrating.dll 23.06.2006 12:02 532.480 mstime.dll 23.06.2006 12:02 1.494.016 shdocvw.dll 23.06.2006 12:02 96.256 inseng.dll 23.06.2006 12:02 205.312 dxtrans.dll 23.06.2006 12:02 357.888 dxtmsft.dll 23.06.2006 12:02 251.392 iepeers.dll 23.06.2006 12:02 1.054.208 danim.dll 23.06.2006 12:02 16.384 jsproxy.dll 23.06.2006 12:02 55.808 extmgr.dll 23.06.2006 12:02 1.022.976 browseui.dll 23.06.2006 12:02 151.040 cdfview.dll 23.06.2006 09:34 24.576 xpsp3res.dll 22.06.2006 11:47 181.248 rasmans.dll 17.06.2006 01:46 345.088 trupd.trb 01.06.2006 19:47 27.648 jgpl400.dll 01.06.2006 19:47 163.840 jgdw400.dll 19.05.2006 13:59 111.616 dhcpcsvc.dll 19.05.2006 13:59 94.720 iphlpapi.dll 18.05.2006 06:24 450.560 jscript.dll 09.05.2006 09:50 198.616 iuengine.dll 09.05.2006 09:50 124.376 wuauclt.exe 09.05.2006 09:50 465.368 wuapi.dll 09.05.2006 09:50 174.040 wuweb.dll 09.05.2006 09:50 75.736 cdm.dll 09.05.2006 09:50 18.392 wups2.dll 09.05.2006 09:50 41.432 wups.dll 09.05.2006 09:50 172.504 wuauclt1.exe 09.05.2006 09:50 174.552 wuaucpl.cpl 09.05.2006 09:50 1.347.544 wuaueng.dll 09.05.2006 09:50 194.520 wuaueng1.dll 09.05.2006 09:50 127.448 wucltui.dll 29.04.2006 05:07 5.533.696 wmp.dll 27.04.2006 12:39 3.008 jupdate-1.4.2_02-b03.log 27.04.2006 09:33 207.872 DAAPI.dll 27.04.2006 09:03 243.712 ConnAPI.dll 27.04.2006 09:02 60.416 NclTools.dll 26.04.2006 15:54 16.832 amcompat.tlb 26.04.2006 15:54 23.392 nscompat.tlb 26.04.2006 14:36 22 tmsock.tmp.tag 27.03.2006 13:13 122.880 NclAPI.dll 24.03.2006 05:37 49.152 wdigest.dll 17.03.2006 10:07 679.424 inetcomm.dll 17.03.2006 01:38 28.672 verclsid.exe 01.03.2006 20:42 11.776 xolehlp.dll 01.03.2006 20:42 426.496 msdtcprx.dll 01.03.2006 20:42 91.136 mtxoci.dll 01.03.2006 20:42 66.560 mtxclu.dll 01.03.2006 20:42 956.416 msdtctm.dll 01.03.2006 20:42 161.280 msdtcuiu.dll 04.01.2006 04:35 68.096 webclnt.dll 29.12.2005 03:54 280.064 gdi32.dll 07.12.2005 11:31 202.752 CddbCdda.dll 11.11.2005 04:22 581.632 rpcrt4.dll 20.10.2005 23:20 1.082.368 esent.dll 17.10.2005 22:14 118.272 t2embed.dll 17.10.2005 22:14 80.896 fontsub.dll 06.10.2005 01:05 1.839.488 win32k.sys 23.09.2005 06:28 32.768 netfxperf.dll 23.09.2005 06:28 270.848 mscoree.dll 23.09.2005 06:28 74.240 mscories.dll 23.09.2005 06:28 150.016 mscorier.dll 23.09.2005 06:28 83.456 dfshim.dll 10.09.2005 02:53 2.067.968 cdosys.dll 01.09.2005 02:41 291.840 winsrv.dll 01.09.2005 02:41 19.968 linkinfo.dll 30.08.2005 04:54 1.287.168 quartz.dll 23.08.2005 04:35 123.392 umpnpmgr.dll 22.08.2005 19:29 197.632 netman.dll 11.08.2005 16:09 65.024 nwwks.dll 02.08.2005 22:24 53.299 pthreadVC.dll 02.08.2005 22:18 233.472 wpcap.dll 02.08.2005 22:08 81.920 Packet.dll 02.08.2005 22:08 61.440 WanPacket.dll 26.07.2005 05:39 397.824 rpcss.dll 26.07.2005 05:39 37.888 olecnv32.dll 26.07.2005 05:39 101.376 txflog.dll 26.07.2005 05:39 1.285.120 ole32.dll 26.07.2005 05:39 74.752 olecli32.dll 26.07.2005 05:39 243.200 es.dll 26.07.2005 05:39 540.160 comuid.dll 26.07.2005 05:39 97.792 comrepl.dll 26.07.2005 05:39 1.267.200 comsvcs.dll 26.07.2005 05:39 110.080 clbcatex.dll 26.07.2005 05:39 498.688 clbcatq.dll 26.07.2005 05:39 60.416 colbact.dll 26.07.2005 05:39 625.152 catsrvut.dll 26.07.2005 05:39 225.792 catsrv.dll 08.07.2005 17:27 76.800 remotesp.tsp 08.07.2005 17:27 249.344 tapisrv.dll 29.06.2005 02:46 254.976 icm32.dll 29.06.2005 02:46 74.240 mscms.dll 28.06.2005 09:21 22.752 spupdsvc.exe 28.06.2005 09:20 13.536 spmsg.dll 24.06.2005 15:23 0 h323log.txt 24.06.2005 13:28 2.577 CONFIG.NT 24.06.2005 13:27 488 logonui.exe.manifest 24.06.2005 13:27 488 WindowsLogon.manifest 24.06.2005 13:27 749 sapi.cpl.manifest 24.06.2005 13:27 749 wuaucpl.cpl.manifest 24.06.2005 13:27 749 ncpa.cpl.manifest 24.06.2005 13:27 749 nwc.cpl.manifest 24.06.2005 13:27 749 cdplayer.exe.manifest 24.06.2005 13:25 21.640 emptyregdb.dat 23.06.2005 18:29 71.416 pds.dll 23.06.2005 18:29 83.704 nts.dll 23.06.2005 18:29 46.848 msgsys.dll 23.06.2005 18:29 83.648 loc32vc0.dll 23.06.2005 18:28 34.552 cba.dll 23.06.2005 18:27 43.712 NavLogon.dll 20.06.2005 13:56 462.848 ACDV.dll 20.06.2005 13:42 466.944 w29NCPA.dll 20.06.2005 13:42 1.671.168 W29MLRES.DLL 15.06.2005 18:49 295.936 kerberos.dll 11.06.2005 00:53 57.856 spoolsv.exe 07.06.2005 23:47 299.008 atiiiexx.dll 07.06.2005 23:19 229.376 ATIDEMGR.dll 07.06.2005 22:38 6.680.576 atioglx1.dll 07.06.2005 22:01 5.140.480 Atioglgl.dll 07.06.2005 21:35 4.820.992 atioglxx.dll 07.06.2005 21:20 228.864 ati2dvag.dll 07.06.2005 21:15 25.088 Ati2mdxx.exe 07.06.2005 21:15 39.936 ati2edxx.dll 07.06.2005 21:15 46.080 ati2evxx.dll 07.06.2005 21:14 368.640 ati2evxx.exe 07.06.2005 21:13 53.248 ATIDDC.DLL 07.06.2005 21:07 2.347.520 ati3duag.dll 07.06.2005 21:01 614.912 ativvaxx.dll 07.06.2005 20:51 139.264 atikvmag.dll 07.06.2005 20:50 17.408 atitvo32.dll 07.06.2005 20:45 208.896 ati2cqag.dll 27.05.2005 03:04 155.136 itircl.dll 27.05.2005 03:04 137.216 itss.dll 27.05.2005 03:04 41.472 hhsetup.dll 26.05.2005 03:19 178.408 muweb.dll 13.05.2005 18:50 91.856 S32EVNT1.DLL 11.05.2005 00:45 75.776 telnet.exe 04.05.2005 13:45 884.736 msimsg.dll 04.05.2005 13:45 15.360 msisip.dll 04.05.2005 13:45 78.848 msiexec.exe 04.05.2005 13:45 271.360 msihnd.dll 04.05.2005 13:45 2.890.240 msi.dll 03.05.2005 15:18 93.878 atiicdxx.dat 22.04.2005 11:03 517.848 SymNeti.dll 22.04.2005 11:03 132.824 SymRedir.dll 31.03.2005 16:32 466.944 capicom.dll 22.03.2005 06:23 5.195 atifglpf.xml 17.03.2005 13:39 1.146.320 FM20.DLL 14.03.2005 13:22 81.920 PhilipsDVB_TXT.ax 11.03.2005 07:15 49.152 WSTDEC.dll 02.03.2005 19:09 577.024 user32.dll 02.03.2005 19:09 56.832 authz.dll 02.03.2005 01:59 2.179.328 ntoskrnl.exe 02.03.2005 01:34 2.056.832 ntkrnlpa.exe 22.02.2005 09:00 77.824 PhilipsAnalog_TXT.ax 07.02.2005 16:08 176.128 bcmwlu00.EXE 07.02.2005 16:08 69.632 bcmwlD2K.EXE 28.01.2005 14:23 228.352 wmerror.dll 28.01.2005 14:23 9.216 asferror.dll 28.01.2005 14:23 86.016 wmpshell.dll 28.01.2005 14:23 3.407.872 wmploc.dll 28.01.2005 14:23 316.416 MSWMDM.dll 28.01.2005 14:23 486.400 Audiodev.dll 28.01.2005 12:32 2.370.296 wmvcore.dll 28.01.2005 12:32 895.736 wmvdmod.dll 28.01.2005 12:32 774.904 wmsdmod.dll 28.01.2005 12:32 1.218.808 wmvadvd.dll 28.01.2005 12:32 413.944 wmspdmod.dll 28.01.2005 12:32 364.784 MSSCP.dll 28.01.2005 12:32 396.528 wmadmod.dll 28.01.2005 12:32 258.296 drmclien.dll 28.01.2005 07:53 290.816 WMDRMNet.dll 28.01.2005 07:53 335.872 WMDRMdev.dll 28.01.2005 07:53 502.272 drmv2clt.dll 28.01.2005 07:53 294.912 blackbox.dll 28.01.2005 07:53 142.336 msnetobj.dll 28.01.2005 07:53 96.768 drmstor.dll 28.01.2005 07:53 221.184 qasf.dll 28.01.2005 07:53 173.568 MsPMSP.dll 28.01.2005 07:53 25.088 MsPMSNSv.dll 28.01.2005 07:53 164.864 cewmdm.dll 28.01.2005 07:53 28.160 WMDMLOG.dll 28.01.2005 07:53 33.792 WMDMPS.dll 28.01.2005 07:53 1.512.448 WMVADVE.DLL 28.01.2005 07:53 135.168 wmpasf.dll 28.01.2005 07:53 282.624 wmpdxm.dll 28.01.2005 07:53 940.544 wmspdmoe.dll 28.01.2005 07:53 1.003.008 wmvdmoe2.dll 28.01.2005 07:53 175.104 wmpsrcwp.dll 28.01.2005 07:53 1.119.744 wmsdmoe2.dll 28.01.2005 07:53 716.288 wmadmoe.dll 28.01.2005 07:53 1.594.880 wmpencen.dll 28.01.2005 07:53 1.027.072 wmnetmgr.dll 28.01.2005 07:53 150.016 wmidx.dll 28.01.2005 07:53 224.768 wmasf.dll 28.01.2005 07:53 6.656 laprxy.dll 28.01.2005 07:52 20.480 wmp.ocx 28.01.2005 07:52 20.480 wmpcd.dll 28.01.2005 07:52 20.480 wmpcore.dll 28.01.2005 07:52 20.480 wmpui.dll 28.01.2005 00:36 331.264 wpdsp.dll 28.01.2005 00:36 38.912 wpd_ci.dll 28.01.2005 00:36 331.776 wpdmtpdr.dll 28.01.2005 00:36 114.176 wpdmtp.dll 28.01.2005 00:36 66.560 wpdmtpus.dll 28.01.2005 00:36 61.952 wpdconns.dll 28.01.2005 00:36 10.752 wpdtrace.dll 28.01.2005 00:36 47.104 uwdf.exe 28.01.2005 00:36 38.912 wdfmgr.exe 28.01.2005 00:35 15.872 wdfapi.dll 28.01.2005 00:26 360.448 l3codecp.acm 28.01.2005 00:21 96.768 logagent.exe 07.12.2004 20:32 96.768 srvsvc.dll 17.11.2004 18:41 347.136 hypertrm.dll 28.10.2004 02:21 721.920 lsasrv.dll 26.10.2004 12:25 90.112 BtWiaExt.dll 26.10.2004 12:21 155.648 btbip.dll 26.10.2004 12:21 266.299 btcpl.cpl 26.10.2004 12:17 221.184 btwhidcs.dll 26.10.2004 12:16 819.200 BtWizard.dll 26.10.2004 12:15 1.015.885 BTNeighborhood.dll 26.10.2004 12:12 200.704 btsec.dll 26.10.2004 12:11 385.083 btcss.dll 26.10.2004 12:10 73.728 btsendto_ie.dll 26.10.2004 12:10 65.536 btsendto_wab.dll 26.10.2004 12:09 167.936 btsendto_office.dll 26.10.2004 12:08 49.152 btsendto_notes.dll 26.10.2004 12:07 131.072 btsendto.dll 26.10.2004 12:06 139.264 btosif_olx.dll 26.10.2004 12:06 86.016 btprn2k.dll 26.10.2004 12:05 114.688 bthcrpui.dll 26.10.2004 12:04 102.400 bthcrp.dll 26.10.2004 12:04 45.056 btwpimif.dll 26.10.2004 12:04 200.704 btosif_ol.dll 26.10.2004 12:03 159.744 btosif_notes.dll 26.10.2004 12:03 118.784 btosif.dll 26.10.2004 12:01 552.960 WidcommSdk.dll 26.10.2004 12:00 565.309 wbtapi.dll 26.10.2004 11:58 61.440 BtAudioHelper.dll 26.10.2004 11:58 24.576 BtXpShell.dll 26.10.2004 11:58 110.592 BTXPPanel.dll 26.10.2004 11:58 135.168 btbigbmp.dll 26.10.2004 11:53 3.129.344 btrez.dll 26.10.2004 11:52 32.768 btdev.dll 26.10.2004 11:51 131.137 bt2k_ins.dll 26.10.2004 11:51 421.888 btins.dll 26.10.2004 11:48 65.536 BTNCopy.dll 26.10.2004 11:48 90.112 btrezxp.dll 26.10.2004 11:24 77.824 btw_ci.dll 28.09.2004 19:26 61.555 jpicpl32.cpl 28.09.2004 18:29 45.163 javaw.exe 28.09.2004 18:29 45.161 java.exe 17.09.2004 13:55 50.176 CSH.DLL 27.08.2004 09:34 143.384 CSGina.dll 27.08.2004 09:25 135.168 vpnapi.dll 04.08.2004 13:00 66.082 c_1253.nls 04.08.2004 13:00 66.082 c_1254.nls 04.08.2004 13:00 66.082 c_1255.nls 04.08.2004 13:00 66.082 c_1256.nls 04.08.2004 13:00 66.082 c_1257.nls 04.08.2004 13:00 66.082 c_1258.nls 04.08.2004 13:00 66.082 c_20127.nls 04.08.2004 13:00 139.810 c_20261.nls 04.08.2004 13:00 66.082 c_20866.nls 04.08.2004 13:00 66.082 c_20905.nls 04.08.2004 13:00 66.082 c_21866.nls 04.08.2004 13:00 66.082 c_28591.nls 04.08.2004 13:00 66.082 c_28592.nls 04.08.2004 13:00 66.082 c_28593.nls 04.08.2004 13:00 66.082 C_28594.NLS 04.08.2004 13:00 66.082 C_28595.NLS 04.08.2004 13:00 66.082 C_28597.NLS 04.08.2004 13:00 66.082 c_28598.nls 04.08.2004 13:00 66.082 c_28599.nls 04.08.2004 13:00 66.082 c_28603.nls 04.08.2004 13:00 66.082 c_28605.nls 04.08.2004 13:00 66.594 c_437.nls 04.08.2004 13:00 66.082 c_500.nls 04.08.2004 13:00 66.594 c_737.nls 04.08.2004 13:00 66.594 c_775.nls 04.08.2004 13:00 66.594 c_850.nls 04.08.2004 13:00 66.594 c_852.nls 04.08.2004 13:00 66.594 c_855.nls 04.08.2004 13:00 66.594 c_857.nls 04.08.2004 13:00 66.594 c_860.nls Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\DOCUME~1\washiema\LOCALS~1\Temp 09.11.2006 16:40 16.384 Perflib_Perfdata_6e8.dat 09.11.2006 16:29 426 Acr8F24.tmp 09.11.2006 16:29 426 Acr8F23.tmp 09.11.2006 16:23 2.048.000 Acr8F22.tmp 09.11.2006 11:05 16.384 ~WRF0001.tmp 09.11.2006 11:05 653 ~WRD0000.doc 09.11.2006 10:58 512 ~DFF1DB.tmp 09.11.2006 09:13 1.024 ~WRS0001.tmp 09.11.2006 09:13 16.384 ~WRF0000.tmp 09.11.2006 09:13 512 ~DFE324.tmp 09.11.2006 09:08 512 ~DF18D5.tmp 09.11.2006 09:08 28 ExchangePerflog_8484fa3188b53b57a41dcd85.dat 08.11.2006 23:59 16.384 ~DF716.tmp 08.11.2006 23:08 16.384 ~DF340F.tmp 08.11.2006 17:52 127.378 avenger.zip 08.11.2006 17:06 3.175 h2r8.tmp 17.02.2006 16:55 143.360 SSUPDATE.EXE 17 File(s) 2.407.926 bytes 0 Dir(s) 19.096.231.936 bytes free Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS 09.11.2006 16:27 892 IE4 Error Log.txt 09.11.2006 10:44 467 SMSCFG.ini 09.11.2006 10:44 2.097.081 WindowsUpdate.log 09.11.2006 10:43 159 wiadebug.log 09.11.2006 10:43 50 wiaservc.log 09.11.2006 10:43 0 0.log 09.11.2006 10:43 2.048 bootstat.dat 09.11.2006 00:46 26.930 SchedLgU.Txt 09.11.2006 00:46 13.282 ModemLog_GlobeTrotter 3G+ Modem Interface.txt 08.11.2006 19:01 0 YOURAPP.EXE 08.11.2006 17:55 2.326 jqgrokff.txt 08.11.2006 10:15 2.866.701 setupapi.log 08.11.2006 00:30 1.409 QTFont.for 08.11.2006 00:30 54.156 QTFont.qfn 07.11.2006 23:51 2.212 setupact.log 07.11.2006 23:49 460.636 ntbtlog.txt 07.11.2006 21:40 1.059 win.ini 07.11.2006 21:40 260 system.ini 07.11.2006 21:06 224.907 SetupWLD.log 07.11.2006 20:58 4.950 chipset.log 07.11.2006 01:32 10 popcinfo.dat 02.11.2006 21:19 50.880 wmsetup.log 02.11.2006 14:50 2.877 KB893803v2Uninst.log 02.11.2006 14:50 520.872 iis6.log 02.11.2006 14:50 160.082 comsetup.log 02.11.2006 14:50 23.022 tabletoc.log 02.11.2006 14:50 95.359 ntdtcsetup.log 02.11.2006 14:50 1.374 imsins.log 02.11.2006 14:50 214.757 tsoc.log 02.11.2006 14:50 24.825 ocmsn.log 02.11.2006 14:49 218.852 ocgen.log 02.11.2006 14:49 31.237 MedCtrOC.log 02.11.2006 14:49 78.600 netfxocm.log 02.11.2006 14:49 22.501 msgsocm.log 02.11.2006 14:49 444.368 FaxSetup.log 02.11.2006 14:49 142.752 msmqinst.log 02.11.2006 14:45 0 VPC32.INI 18.10.2006 09:47 3.936 KB924191.log 18.10.2006 09:47 3.849 KB922819.log 18.10.2006 09:47 3.765 KB923414.log 18.10.2006 09:47 3.684 KB920214.log 18.10.2006 09:47 3.602 KB920685.log 18.10.2006 09:47 3.522 KB924496.log 18.10.2006 09:47 3.824 KB920872.log 18.10.2006 09:47 3.351 KB919007.log 18.10.2006 09:46 3.352 KB923191.log 18.10.2006 09:46 3.656 KB925486.log 18.10.2006 09:28 1.760.623 setupapi.log.0.old 13.10.2006 19:23 4.777 LVEventLog.log 12.10.2006 12:25 1.588 DirectX.log 11.10.2006 15:50 894 idmviewer.log 10.10.2006 17:49 334 GEARInstall.log 09.10.2006 17:56 1.448 COM+.log 04.10.2006 20:16 205 my.ini 04.10.2006 20:12 64 Crypkey.ini 04.10.2006 16:55 72 init.ini 04.10.2006 08:27 904 EventSystem.log 03.10.2006 11:06 4.348 DPINST.LOG 02.10.2006 23:21 459 wmsetup10.log 02.10.2006 18:32 3.469 mozver.dat 02.10.2006 16:27 0 nsreg.dat 02.10.2006 16:14 2.038 OEWABLog.txt 02.10.2006 15:19 2.191 vminst.log 02.10.2006 15:19 520 ODBC.INI 02.10.2006 15:19 4.512 ODBCINST.INI 02.10.2006 15:17 218 ORAODBC.INI 02.10.2006 10:41 2.736 spupdsvc.log 29.09.2006 11:11 1.374 imsins.BAK 29.09.2006 11:11 16.812 KB917734.log 29.09.2006 11:09 15.688 KB921883.log 29.09.2006 11:09 24.759 updspapi.log 29.09.2006 11:09 14.856 KB922616.log 29.09.2006 11:08 14.954 KB911280.log 29.09.2006 11:06 15.180 KB917159.log 29.09.2006 11:05 15.237 KB921398.log 29.09.2006 11:05 17.932 KB918899.log 29.09.2006 11:04 10.688 KB920670.log 29.09.2006 11:04 10.885 KB918439.log 29.09.2006 11:02 10.680 KB914388.log 29.09.2006 11:02 9.368 KB917344.log 29.09.2006 11:02 9.511 KB917953.log 29.09.2006 11:02 9.327 KB917422.log 29.09.2006 11:01 8.819 KB916595.log 29.09.2006 11:01 10.053 KB913580.log 29.09.2006 11:01 8.683 KB920683.log 29.09.2006 11:01 8.307 KB914389.log 29.09.2006 10:13 18.922 setuplog.txt 29.09.2006 10:13 509 setuperr.log 29.09.2006 09:35 7.890 sessmgr.setup.log 29.09.2006 09:35 2.165 DtcInstall.log 29.09.2006 09:35 6.840 regopt.log 27.04.2006 12:26 8.293 KB908521.log 27.04.2006 12:22 7.165 KB904942.log 27.04.2006 12:20 63 vbaddin.ini 27.04.2006 12:19 60.926 KB911565.log 26.04.2006 15:53 316.640 WMSysPr9.prx 26.04.2006 14:34 55.703 ofcscan.ini 26.04.2006 14:21 24.801 KB911927.log 26.04.2006 14:21 24.313 KB901017.log 26.04.2006 14:20 24.752 KB896424.log 26.04.2006 14:20 23.912 KB911562.log 26.04.2006 14:20 31.972 KB900485.log 26.04.2006 14:19 18.582 KB910437.log 26.04.2006 14:19 45.479 KB911564.log 26.04.2006 14:19 26.806 KB912812.log 26.04.2006 14:18 23.601 KB902400.log 26.04.2006 14:17 14.512 KB899589.log 26.04.2006 14:17 14.832 KB905414.log 26.04.2006 14:17 14.950 KB900725.log 26.04.2006 14:17 12.970 KB912919.log 26.04.2006 14:16 12.170 KB904706.log 26.04.2006 14:16 12.734 KB908531.log 26.04.2006 14:16 12.210 KB905749.log 26.04.2006 14:16 11.584 KB911567.log 26.04.2006 14:15 11.157 KB908519.log 26.04.2006 14:15 7.945 KB913446.log 26.04.2006 14:03 2.918 cfgall.ini 25.08.2005 09:00 522 TMFilter.log 24.08.2005 17:14 18.253 KB899587.log 24.08.2005 17:14 17.746 KB899591.log 24.08.2005 17:13 17.986 KB893756.log 24.08.2005 17:13 16.861 KB896423.log 24.08.2005 17:13 18.658 KB896727.log 24.08.2005 17:13 13.147 KB901214.log 24.08.2005 17:12 13.643 KB899588.log 24.08.2005 17:12 13.411 KB894391.log 24.08.2005 10:03 25.833.424 SP29344.exe 01.07.2005 14:34 6.871 KB898461.log 28.06.2005 11:31 25.186 KB896422.log 28.06.2005 11:31 24.295 KB885835.log 28.06.2005 11:31 23.186 KB885836.log 28.06.2005 11:30 23.997 KB885250.log 28.06.2005 11:30 23.123 KB890175.log 28.06.2005 11:30 23.173 KB873339.log 28.06.2005 11:30 23.238 KB888113.log 28.06.2005 11:30 23.786 KB887742.log 28.06.2005 11:30 23.190 KB887472.log 28.06.2005 11:30 17.238 KB893803v2.log 28.06.2005 11:29 27.033 KB883939.log 28.06.2005 11:29 22.330 KB896358.log 28.06.2005 11:29 19.970 KB891781.log 28.06.2005 11:29 20.880 KB890046.log 28.06.2005 11:29 21.044 KB893066.log 28.06.2005 11:29 20.701 KB873333.log 28.06.2005 11:28 18.256 KB888302.log 28.06.2005 11:28 11.250 KB886185.log 28.06.2005 11:28 19.206 KB893086.log 28.06.2005 11:28 20.700 KB890859.log 28.06.2005 11:28 16.456 KB896428.log 24.06.2005 15:07 0 Sti_Trace.log 24.06.2005 13:33 52 oobeact.log 24.06.2005 13:32 8.192 REGLOCS.OLD 24.06.2005 13:28 0 control.ini 24.06.2005 13:27 749 WindowsShell.Manifest 24.06.2005 13:25 36 vb.ini 24.06.2005 13:24 200 cmsetacl.log 20.06.2005 13:42 32.768 iwlandrvxpver.dll 20.06.2005 13:40 32.768 iwlanver.dll 27.05.2005 00:22 10.752 hh.exe 05.05.2005 16:11 3.440 undo.reg 27.04.2005 16:56 2.598 drei_38x38.bmp 27.04.2005 16:55 1.606 drei_22x22.bmp 17.10.2004 20:41 60.416 CDILLA64.EXE 17.10.2004 20:41 7.056 CDILLA16.EXE 17.10.2004 20:41 260.608 CDILLA32.DLL 17.10.2004 20:41 55.376 CDILLA40.DLL 17.10.2004 20:41 44.544 CDILLA13.DLL 17.10.2004 20:41 23.856 CDILLA10.EXE 17.10.2004 20:41 63.344 CDILLA05.DLL 24.08.2004 10:20 88.363 AGRSMMSG.exe 24.08.2004 10:20 64.512 agrsmdel.exe 04.08.2004 13:00 2 desktop.ini 04.08.2004 13:00 283.648 winhlp32.exe 04.08.2004 13:00 48.680 winnt.bmp 04.08.2004 13:00 17.062 Coffee Bean.bmp 04.08.2004 13:00 1.032.192 explorer.exe Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS\TEMP Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\WINDOWS\Downloaded Program Files 24.06.2005 13:27 65 desktop.ini 20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd 2 File(s) 1.227 bytes 0 Dir(s) 19.096.186.880 bytes free Volume in drive C has no label. Volume Serial Number is 001F-C7AB Directory of C:\ 09.11.2006 16:44 0 sys.txt 09.11.2006 16:44 344 down.txt 09.11.2006 16:43 105 tmp.txt 09.11.2006 16:43 10.871 system.txt 09.11.2006 16:43 1.103 systemtemp.txt 09.11.2006 16:42 108.867 system32.txt 09.11.2006 10:42 805.306.368 pagefile.sys 08.11.2006 18:01 121.180 backup.zip 08.11.2006 18:00 1.565 backup.reg 08.11.2006 17:58 6.866 avenger.txt 08.11.2006 17:56 1.601 avexport.bat 08.11.2006 16:17 16.516 ComboFix.txt 08.11.2006 01:09 0 AUTOEXEC.BAT 08.11.2006 00:46 55 AUTOEXEC.SOL 07.11.2006 21:40 211 boot.ini 07.11.2006 20:13 192 BcBtRmv.log 24.06.2005 13:28 0 CONFIG.SYS 24.06.2005 13:28 0 IO.SYS 24.06.2005 13:28 0 MSDOS.SYS 04.08.2004 13:00 250.032 ntldr 04.08.2004 13:00 47.564 NTDETECT.COM 21 File(s) 805.873.440 bytes 0 Dir(s) 19.096.182.784 bytes free |
|
|
||
10.11.2006, 01:14
Ehrenmitglied
Beiträge: 29434 |
#14
Avenger
Zitat Files to delete:scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.11.2006, 14:37
Member
Themenstarter Beiträge: 11 |
#15
Zitat Sabina posteteIncident Status Location Potentially unwanted tool:Application/VSToolbar Not disinfected C:\backup.zip[avenger/vcvvccht.dll] Potentially unwanted tool:Application/VSToolbar Not disinfected C:\backup.zip[avenger/VSAdd-in/VSAdd-in.dll] Dialerialer.IFU Not disinfected C:\backup.zip[avenger/winrkq32.VIR] Spyware:Cookie/Adverserve Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.adverserve.net/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[as1.falkag.de/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.atdmt.com/] Potentially unwanted tool:Application/Processor Not disinfected C:\smitfraud\SmitfraudFix\Process.exe Possible Virus. Not disinfected C:\smitfraud\SmitfraudFix\swsc.exe |
|
|
||
ich hab mir so einiges eingefangen und mit den diversesten removetools nicht wegbekommen.
unter anderem schreit der trojan alerter immer wieder Adware.Adjum.100 found.
der schreibt dann folgendes,wenn ich ihn cleanen will:
"Cleaning module Trshlex.dll in process explorer.exe
Module Trshlex.dll successfully unloaded from process explorer.exe (1184)
Exception: Access violation at address 004B7A19 in module 'THGuard.exe'. Read of address 00000004
Trojan cleaning finished."
in meinem c:\windows\temp verzeichnis sind diese komischen winE7.tmp usw. dateien.
Wenn ich versuche,die zu löschen,dann schliesst sich meistens der explorer automatisch.
Hat jemand bitte einen hilfreichen tipp, bin echt schon verzweifelt :-(
Logfile of HijackThis v1.99.1
Scan saved at 01:37:13, on 08.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Astellia\mysql\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\washiema\LOCALS~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy33:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 172.23.4.*;172.23.5.*;172.23.48.*;172.23.49.*;172.23.52.*;172.23.53.*;172.23.56.*;
172.23.57.*;172.23.60.*;172.23.61.*;172.23.60.152;172.23.97.162;172.23.34.111;172.23.111
.*;172.23.2.21;aupdapp*;172.23.34.107;*
staging.*;peoplesoft.*;activation.*,172.23.200.130;;;;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D2401F5-0254-4793-B2E0-6185EC9C4790} - C:\WINDOWS\system32\jkkjg.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\vcvvccht.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://intranet.h3g.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = at-work.local
O17 - HKLM\Software\..\Telephony: DomainName = at-work.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = at-work.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = at-work.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/Astellia/mysql/bin/mysqld-nt.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Program Files\OfficeScan NT\ntrtscan.exe (file missing)
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)