TR/Dldr.Swizzor.Gen

#91 neues HighJackthis-log, nachdem ich ein paar Sachen rausgeworfen habe, das combofix-log kommt bald. Es ist eben übrigens noch ein TR/Crypt.XPACK.Gen. gefunden, glaube aber der ist mit rausgeflogen. Naja bitte schaut noch einmal drauf.

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 21:12:29, on 26.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programme\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Downloads\hj.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Programme\Slim Multimedia Keyboard\MagicKey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152574439609
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Programme\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Zitat

"Flo" - 07-01-26 21:13:22 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-12-26 to 2007-01-26 ))))))))))))))))))))))))))))))))))


2007-01-26 20:08 <DIR> d-------- C:\WINDOWS\pss
2007-01-26 14:50 <DIR> d-------- C:\Programme\VideoLAN
2007-01-15 14:32 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-01-15 14:31 <DIR> d-------- C:\Programme\FreeHost Launcher
2007-01-06 00:49 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-28 15:29 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-12-28 15:29 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-12-28 12:01 118,784 --a------ C:\WINDOWS\system\msstdfmt.dll
2006-12-27 19:46 <DIR> d-------- C:\Programme\AmoK DVD Shrinker


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-26 21:16 -------- d-------- C:\Programme\mozilla firefox
2007-01-26 20:49 -------- d-------- C:\DOKUME~1\Flo\Anwendungsdaten\tooladminmix
2007-01-26 17:26 -------- d-------- C:\Programme\hlsw
2007-01-26 14:13 -------- d-------- C:\Programme\mozilla thunderbird
2007-01-26 10:12 -------- d-------- C:\Programme\sunbelt software
2007-01-25 20:34 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-24 21:27 -------- d-------- C:\Programme\dvd shrink de
2007-01-21 15:05 -------- d--h----- C:\Programme\installshield installation information
2007-01-17 20:14 -------- d-------- C:\Programme\audiojack 2
2007-01-14 22:17 4096 --a------ C:\DOKUME~1\Flo\Anwendungsdaten\dvd.bmk
2007-01-12 15:02 -------- d-------- C:\DOKUME~1\Flo\Anwendungsdaten\teamspeak2
2007-01-04 14:31 -------- d-------- C:\DOKUME~1\Flo\Anwendungsdaten\adobe
2006-12-18 14:56 -------- d-------- C:\Programme\luxor 2
2006-12-15 17:48 -------- d-------- C:\Programme\finepixviewer
2006-12-09 17:39 -------- d-------- C:\Programme\icqlite
2006-12-09 17:37 -------- d-------- C:\DOKUME~1\Flo\Anwendungsdaten\icqlite
2006-12-04 21:41 -------- d-------- C:\Programme\trillian
2006-12-02 18:40 2516 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2006-12-01 19:14 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-06 20:11 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Programme\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"DMXLauncher"="C:\\Programme\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"nwiz"="nwiz.exe /install"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Exif Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Flo^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
"path"="C:\\Dokumente und Einstellungen\\Flo\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSHAVE"
"hkey"="HKLM"
"command"="C:\\Programme\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunserver"
"hkey"="HKLM"
"command"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070126-193415-676
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20070126-193415-353
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
backup-20070126-193415-181
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070126-193414-599
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070126-193414-784
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
backup-20070126-193414-692
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
backup-20070126-193414-609
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programme\McAfee\SpamKiller\MSKDetct.exe /uninstall
backup-20070126-193414-389
O4 - HKLM\..\Run: [LOADDALEWINDOWFREE] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Love Inside Load Dale\LOCKS ATOM.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A798C92E93437EA2.job
C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job

Completion time: 07-01-26 21:17:45

#92 Gimli2

ich kann die Folder vom Swizzor nicht korrekt zuordnen, deshalb;

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#93 Hallöchen.

Ich habe genau das gleiche Problem mit dem TR/Dldr.Swizzor.Gen

mein antivir bringt mir immer ne fehlermeldung wenn ich z.B. C: öffnen will.

Habe durch die vorherigen post auch mal die programme downgeloadet und durchlaufen lassen. Hier mal die inhalte:

vom Combofix:
"Admin" - 27.01.2007 12:56:46 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Dokumente und Einstellungen\sven\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


2007-01-26 12:23 <DIR> d-------- C:\Programme\NoAdware5.0
2007-01-25 19:48 <DIR> d-------- C:\Programme\DIFX
2007-01-25 19:47 61,440 --a------ C:\WINDOWS\system32\ftchipid.dll
2007-01-25 19:47 61,067 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-01-25 19:47 47,249 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-01-25 19:47 33,360 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-01-25 19:47 106,496 --a------ C:\WINDOWS\system32\ftbusui.dll
2007-01-25 19:47 102,400 --a------ C:\WINDOWS\system32\FTLang.dll
2007-01-25 19:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-25 19:47 <DIR> d-------- C:\Programme\OpenECU
2007-01-23 13:03 <DIR> d-------- C:\Programme\YourWare Solutions
2007-01-12 10:12 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-01-12 10:11 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2007-01-09 20:03 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2007-01-08 10:28 <DIR> d-------- C:\DOKUME~1\sven\Anwendungsdaten\CyberLink
2007-01-08 10:28 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\CyberLink
2007-01-08 10:21 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-01-08 10:21 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-01-08 10:21 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-01-08 10:21 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-01-08 10:21 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2007-01-08 10:21 <DIR> d-------- C:\WINDOWS\InCD
2007-01-08 10:19 40,960 --a------ C:\Programme\Uninstall_CDS.exe
2007-01-08 10:19 <DIR> d-------- C:\Programme\CyberLink DVD Solution
2007-01-08 10:19 <DIR> d-------- C:\Programme\CyberLink
2006-12-29 17:52 <DIR> d-------- C:\DOKUME~1\Admin\Anwendungsdaten\Sun
2006-12-29 17:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2006-12-29 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-12-29 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-12-29 17:16 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-12-29 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-12-29 17:16 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-29 17:16 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-12-29 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-12-29 17:16 <DIR> d-------- C:\Programme\Ahead
2006-12-29 15:21 <DIR> d-------- C:\Programme\Magic Morph
2006-12-28 18:27 <DIR> d-------- C:\spoolerlogs


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-26 15:21 -------- d-------- C:\Programme\orgamax
2007-01-26 12:57 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-24 14:42 -------- d-------- C:\Programme\mozilla firefox
2007-01-12 10:11 -------- d-------- C:\Programme\Gemeinsame Dateien\adobe
2007-01-12 10:08 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\adobe
2007-01-10 12:53 -------- d-------- C:\Programme\rechnungs-manager 1.4.1
2007-01-08 10:20 -------- d--h----- C:\Programme\installshield installation information
2007-01-02 18:01 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\nurb spam wave
2006-12-29 17:16 -------- d-------- C:\Programme\Gemeinsame Dateien\ahead
2006-12-19 10:00 -------- d-------- C:\Programme\nurb spam wave
2006-12-19 10:00 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\startdebugdrive
2006-12-16 03:01 -------- d-------- C:\Programme\msxml 4.0
2006-12-16 03:01 -------- d-------- C:\Programme\messenger
2006-12-15 13:25 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\ahead
2006-12-15 12:27 -------- d-------- C:\Programme\nero
2006-12-15 10:25 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\corel
2006-12-15 09:48 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-15 09:48 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-12-14 09:26 -------- d-------- C:\Programme\lavasoft
2006-12-14 09:26 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\lavasoft
2006-12-13 16:24 -------- d-------- C:\Programme\movie maker
2006-12-13 16:23 -------- d-------- C:\Programme\windows nt
2006-12-13 10:26 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\microsoft web folders
2006-12-13 10:25 -------- d-------- C:\Programme\microsoft frontpage
2006-12-12 10:42 1538 --a------ C:\WINDOWS\d2kinst.bat
2006-12-11 12:22 -------- d-------- C:\Programme\Gemeinsame Dateien\installshield
2006-12-11 12:22 -------- d-------- C:\Programme\Gemeinsame Dateien\corel
2006-12-11 12:22 -------- d-------- C:\Programme\corel
2006-12-08 14:33 -------- d-------- C:\Programme\adressbuch
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 15:16 -------- d-------- C:\Programme\toshiba
2006-11-30 18:23 -------- d-------- C:\Programme\filezilla
2006-11-30 14:46 -------- d---s---- C:\DOKUME~1\Admin\Anwendungsdaten\microsoft
2006-11-29 16:33 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\opera
2006-11-29 16:12 -------- d-------- C:\Programme\Gemeinsame Dateien\adobe systems shared
2006-11-29 15:35 -------- d-------- C:\DOKUME~1\Admin\Anwendungsdaten\macromedia
2006-11-29 15:34 -------- d-------- C:\Programme\macromedia
2006-11-29 15:34 -------- d-------- C:\Programme\Gemeinsame Dateien\macromedia
2006-11-27 18:25 -------- d-------- C:\Programme\download plugin
2006-11-21 09:42 1557 --a------ C:\DOKUME~1\Admin\Anwendungsdaten\adobedlm.log
2006-11-21 09:42 0 --a------ C:\DOKUME~1\Admin\Anwendungsdaten\dm.ini
2006-11-19 16:38 74752 --a------ C:\WINDOWS\st6unst.exe
2006-11-19 16:38 253952 --------- C:\WINDOWS\setup1.exe
2006-11-18 16:39 0 -rahs---- C:\MSDOS.SYS
2006-11-18 16:39 0 -rahs---- C:\IO.SYS
2006-11-18 16:39 0 --a------ C:\CONFIG.SYS
2006-11-18 16:39 0 --a------ C:\AUTOEXEC.BAT
2006-11-18 16:24 62 --ahs---- C:\DOKUME~1\Admin\Anwendungsdaten\desktop.ini
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"VoipDiscount"="\"C:\\Programme\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe\" -nosplash -minimized"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"stopacid"="C:\\DOKUME~1\\Admin\\ANWEND~1\\NURBSP~1\\Logo okay.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"JMB36X Configure"="C:\\WINDOWS\\System32\\JMRaidTool.exe boot"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"CorelDRAW Graphics Suite 11b"="C:\\Programme\\Corel\\Corel Graphics 12\\Languages\\DE\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=013107 serial=DR12WRX-0504544-CSZ lang=DE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"poke film bolt 2"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\pollcashpokefilm\\ProxyObj.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\playantihidebin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PART MORE"
"hkey"="HKLM"
"command"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\wipeboneplayanti\\PART MORE.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smax4"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stopacid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logo okay"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\Admin\\ANWEND~1\\NURBSP~1\\Logo okay.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"emptins"="{588599f4-de26-4c28-ba14-f4eb17e33481}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Fileserver#H]
Shell\AutoRun\command X:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B127DEE794D4575B.job

Completion time: 07-01-27 12:57:43
_____________________________________________________________________

und hier vom HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 13:07:54, on 27.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\EVC\WinOLS\ols.exe
C:\Programme\EVC\WinOLS\ols.exe
C:\Programme\orgaMAX\orgaMAX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\sven\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34CD51D9-97A6-97D8-1EAC-E7265E270C24} - C:\DOKUME~1\Admin\ANWEND~1\STARTD~1\mapi copy.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=013107 serial=DR12WRX-0504544-CSZ lang=DE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [poke film bolt 2] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pollcashpokefilm\ProxyObj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipDiscount] "C:\Programme\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [stopacid] C:\DOKUME~1\Admin\ANWEND~1\NURBSP~1\Logo okay.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe



wär echt gut wenn mir bei der beseitigung gemand helfen könnte. habe zwar schon die such funktion benutzt, aber komme da nicht so zurecht.

LG
Cupra

#94 jo selbes problem

erstma hijacklog

Logfile of HijackThis v1.99.1
Scan saved at 15:16:49, on 27.01.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Dokumente und Einstellungen\Elfe\Desktop\Kampf\HJT1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zyxel.com/product/registration.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programme\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programme\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [part pure] C:\DOKUME~1\Elfe\ANWEND~1\CHINST~1\Readme does.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6B15035-80EF-420C-9C12-6EE95B8BF8E2}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



und den combofix log


ComboFix 07-01-25 - Running from: "C:\Dokumente und Einstellungen\Elfe\Desktop\Kampf"

[color=red] ERROR !!! /wow section not completed[/color]

((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


2007-01-27 14:48 <DIR> d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\Lavasoft
2007-01-27 14:47 <DIR> d-------- C:\Programme\Lavasoft
2007-01-24 19:44 <DIR> d-------- C:\Programme\Right JPG Converter
2007-01-23 20:43 <DIR> d-------- C:\Programme\OpenSource Flash Video Splitter
2007-01-23 20:43 <DIR> d-------- C:\Programme\FLVPlayer
2007-01-22 21:03 <DIR> d-------- C:\Programme\a-squared HiJackFree
2007-01-22 21:03 <DIR> d-------- C:\Programme\a-squared Free
2007-01-22 21:03 <DIR> d-------- C:\Programme\a-squared Anti-Malware
2007-01-22 21:02 <DIR> d-------- C:\Programme\a-squared Anti-Dialer
2007-01-22 20:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-22 20:46 <DIR> d-------- C:\Programme\Grisoft
2007-01-17 16:42 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\WildTangent
2007-01-17 16:41 <DIR> d-------- C:\Programme\WildGames
2007-01-17 16:34 <DIR> d-------- C:\WINDOWS\wt
2007-01-17 16:34 <DIR> d-------- C:\Programme\WildTangent
2007-01-13 18:31 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-01-13 18:31 28,672 --a------ C:\WINDOWS\system32\CMCT3DE.DLL
2007-01-13 18:31 21 --a------ C:\WINDOWS\system32\cmdwin.dll
2007-01-13 18:31 158,208 --a------ C:\WINDOWS\system32\MSCMCDE.DLL
2007-01-13 18:30 33,792 --a------ C:\WINDOWS\system32\CMDLGDE.DLL
2007-01-13 18:30 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-01-13 18:30 16,896 --a------ C:\WINDOWS\system32\WINSKDE.DLL
2007-01-13 18:30 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL
2007-01-13 18:30 112,640 --a------ C:\WINDOWS\system32\CMCTLDE.DLL
2007-01-13 18:30 <DIR> d-------- C:\Programme\Screeny
2007-01-13 15:04 <DIR> d-------- C:\Programme\Infogrames
2007-01-11 12:53 <DIR> d-------- C:\Programme\Microsoft Games
2007-01-10 20:44 <DIR> d-------- C:\Programme\mg11
2007-01-10 20:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\mapserv
2007-01-10 20:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GIS
2007-01-08 15:15 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-08 15:10 <DIR> d-------- C:\Programme\Wanadoo Edition
2007-01-08 14:03 <DIR> d-------- C:\Programme\Ubisoft
2007-01-08 14:01 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-06 16:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Spybot - Search & Destroy
2007-01-05 16:50 <DIR> d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\MAGIX
2007-01-05 16:41 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-01-05 16:39 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-01-05 16:38 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-01-05 16:38 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-01-05 16:38 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2007-01-05 16:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\MAGIX
2007-01-05 16:25 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-01-05 16:25 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-01-05 16:25 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-01-05 16:25 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-01-05 16:25 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-01-05 16:25 53,248 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-01-05 16:25 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-01-05 16:25 466,944 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-01-05 16:25 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-01-05 16:25 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-01-05 16:25 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-01-05 16:25 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-01-05 16:25 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-01-05 16:25 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-01-05 16:25 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-01-05 16:25 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-01-05 16:25 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-01-05 16:25 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-01-05 16:25 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-01-05 16:25 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-01-05 16:25 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-01-05 16:25 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-01-05 16:25 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-01-05 16:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared
2007-01-05 16:12 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2007-01-05 16:12 <DIR> d-------- C:\MAGIX
2007-01-05 15:42 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-01-04 19:31 <DIR> d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\Hemera
2007-01-04 19:31 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Hemera


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-27 14:46 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\azureus
2007-01-27 14:24 -------- d-------- C:\Programme\mozilla firefox
2007-01-27 12:10 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\teamspeak2
2007-01-26 19:54 -------- d-------- C:\Programme\emule
2007-01-26 12:25 -------- d-------- C:\Programme\azureus
2007-01-25 19:42 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\chin stupid
2007-01-25 19:40 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-17 13:23 -------- d--h----- C:\Programme\installshield installation information
2007-01-16 23:27 -------- d-------- C:\Programme\playboy - the mansion
2007-01-01 18:20 -------- d-------- C:\Programme\winamp
2006-12-25 15:12 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2006-12-22 11:52 -------- d-------- C:\Programme\teamspeak2_rc2
2006-12-19 15:36 -------- d-------- C:\Programme\java
2006-12-18 13:47 -------- d-------- C:\Programme\msn messenger
2006-12-18 13:47 -------- d-------- C:\Programme\messenger plus! live
2006-12-17 22:06 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-17 22:06 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-12-04 16:00 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-04 15:59 -------- d-------- C:\Programme\crs-megadev
2006-12-04 15:29 -------- d-------- C:\Programme\the creative assembly
2006-12-03 16:17 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\alien skin
2006-12-03 15:44 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\ulead systems
2006-12-03 15:39 -------- d-------- C:\Programme\hemera
2006-12-03 15:37 -------- d-------- C:\Programme\animation factory
2006-12-03 15:36 -------- d-------- C:\Programme\ulead systems
2006-12-03 15:33 -------- d-------- C:\Programme\Gemeinsame Dateien\ulead systems
2006-12-03 15:25 -------- d-------- C:\Programme\Gemeinsame Dateien\installshield
2006-12-03 15:18 -------- d-------- C:\Programme\smart projects
2006-11-30 14:24 85 --a------ C:\DOKUME~1\Elfe\Anwendungsdaten\avsdvdplayer.m3u
2006-11-29 13:34 -------- d-------- C:\Programme\spyware doctor
2006-11-28 23:02 -------- d-------- C:\Programme\chin stupid
2006-11-28 23:01 -------- d-------- C:\Programme\download plugin
2006-11-28 22:11 -------- d-------- C:\Programme\Gemeinsame Dateien\symantec shared
2006-11-27 22:59 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\pc tools
2006-11-27 17:40 -------- d-------- C:\DOKUME~1\Elfe\Anwendungsdaten\divx
2006-11-27 13:26 -------- d-------- C:\Programme\divx
2006-11-09 22:01 81920 -r------- C:\WINDOWS\bwunin-6.1.4.68-8876480l.exe
2006-11-04 18:01 24064 --a------ C:\WINDOWS\autoload.exe
2006-11-04 17:55 0 -rahs---- C:\MSDOS.SYS
2006-11-04 17:55 0 -rahs---- C:\IO.SYS
2006-11-04 17:55 0 --a------ C:\CONFIG.SYS
2006-11-04 17:55 0 --a------ C:\AUTOEXEC.BAT
2006-11-04 17:43 62 --ahs---- C:\DOKUME~1\Elfe\Anwendungsdaten\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"part pure"="C:\\DOKUME~1\\Elfe\\ANWEND~1\\CHINST~1\\Readme does.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"XpDis0Conf"="C:\\PROGRA~1\\Belkin\\BELKIN~1\\Tool\\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"UnlockerAssistant"="\"C:\\Programme\\Unlocker\\UnlockerAssistant.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"a-squared Anti-Dialer"="\"C:\\Programme\\a-squared Anti-Dialer\\a2adguard.exe\""
"a-squared"="\"C:\\Programme\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot"
"part pure"="C:\\DOKUME~1\\Elfe\\ANWEND~1\\CHINST~1\\Readme does.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"Lexmark X1100 Series"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"WT GameChannel"="C:\\Programme\\WildTangent\\Apps\\GameChannel.exe"
"VirtualCloneDrive"="\"C:\\Programme\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"Ulead Memory Card Detector"="C:\\Programme\\Ulead Systems\\Ulead Photo Explorer 8.0\\Monitor.exe"
"TrayServer"="C:\\MAGIX\\Video_deluxe_2007_PLUS\\TrayServer.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"one ooze acid bore"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\64 kind one ooze\\remote proc.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://goileschnegge.repage.de/

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A305CDD491B27E8C.job

Completion time: 07-01-27 14:59:37
C:\ComboFix2.txt ... 07-01-27 14:49

#95 Gimli2

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
C:\WINDOWS\tasks\B127DEE794D4575B.job
C:\Downloads\hj.exe

Folders to delete:
C:\Programme\NetPumper
C:\Programme\ToolAdminMix
C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\ToolAdminMix
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Love Inside Load Dale

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
scanne mit dr.web
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit

#96 n4p0l3on

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|one ooze acid bore
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|wcmdmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|WT GameChannel

Files to delete:
C:\WINDOWS\tasks\A305CDD491B27E8C.job

Folders to delete:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\64 kind one ooze
C:\Dokumente und Einstellungen\Elfe\Anwendungsdaten\chin stupid
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent
C:\Programme\WildGames
C:\WINDOWS\wt
C:\Programme\WildTangent
C:\Programme\chin stupid
C:\Programme\download plugin

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

öffne das HijackThis -- Button "scan" -- vor diesen Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKCU\..\Run: [part pure] C:\DOKUME~1\Elfe\ANWEND~1\CHINST~1\Readme does.exe

»»
scanne mit counterpy und lasse mit remove alles loeschen, was angezeigt wird
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#97 hab auch den Swizzor Trojaner

Logfile of HijackThis v1.99.1
Scan saved at 13:45:50, on 28.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Aleks\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fritz.box/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programme\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [film peak] C:\DOKUME~1\Aleks\ANWEND~1\SPAMBI~1\Dart Dumb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

#98 CaZanova

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#99 "Aleks" - 07-01-28 14:18:38 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Dokumente und Einstellungen\Aleks\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))


2007-01-27 14:20 <DIR> d-------- C:\DOKUME~1\ADMINI~1\Anwendungsdaten\Lavasoft
2007-01-27 14:04 60,416 --a------ C:\WINDOWS\system32\drivers\smildljy.sys
2007-01-27 14:04 231 --a------ C:\avexport.bat
2007-01-27 14:04 126,976 --a------ C:\zip.exe
2007-01-27 14:04 1,080 --a------ C:\gxlvfulk.bat
2007-01-27 00:37 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\Lavasoft
2007-01-27 00:20 <DIR> d-------- C:\Programme\Lavasoft
2007-01-27 00:20 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Spybot - Search & Destroy
2007-01-26 21:23 <DIR> d-------- C:\ca_aphrodite_green
2007-01-23 22:45 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-01-23 22:43 <DIR> d-------- C:\Programme\OO Software
2007-01-23 17:28 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\BearShare
2007-01-21 17:11 <DIR> d-------- C:\Programme\Spam Bib Wave
2007-01-21 17:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Baitfordoesabout
2007-01-21 17:10 <DIR> d-------- C:\Programme\Messenger Plus! Live
2007-01-21 17:10 <DIR> d-------- C:\Programme\Adverts
2007-01-21 16:45 <DIR> d-------- C:\Programme\Sunbelt Software
2007-01-21 16:38 <DIR> d-------- C:\avenger
2007-01-21 12:48 <DIR> d-------- C:\DOKUME~1\ADMINI~1\Anwendungsdaten\PC Tools
2007-01-21 12:05 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten
2007-01-21 12:05 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen�
2007-01-21 12:05 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen
2007-01-21 12:05 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung
2007-01-21 12:05 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen
2007-01-21 12:05 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung
2007-01-21 12:05 <DIR> d-------- C:\DOKUME~1\ADMINI~1\Favoriten
2007-01-21 03:12 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\TEMP
2007-01-21 03:11 <DIR> d-------- C:\Programme\Spyware Doctor
2007-01-21 03:11 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\PC Tools
2007-01-18 10:23 <DIR> d--hs---- C:\DOKUME~1\Aleks\Phone Browser
2007-01-18 10:21 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\Nokia Multimedia Player
2007-01-18 10:11 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Nokia
2007-01-18 09:47 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\Nokia
2007-01-18 09:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2007-01-18 09:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2007-01-18 09:45 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-01-18 09:45 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-01-18 09:45 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-01-18 09:45 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-01-18 09:45 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-01-18 09:45 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-01-18 09:45 <DIR> d-------- C:\Programme\PC Connectivity Solution
2007-01-18 09:42 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-18 09:41 <DIR> dr------- C:\DOKUME~1\LOCALS~1\Eigene Dateien
2007-01-18 09:40 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-01-18 09:40 <DIR> d-------- C:\Programme\Nokia
2007-01-18 09:40 <DIR> d-------- C:\Programme\DIFX
2007-01-18 09:40 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\PC Suite
2007-01-18 09:40 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\PC Suite
2007-01-18 09:39 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Downloaded Installations
2007-01-16 13:31 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\Google
2007-01-16 13:30 <DIR> d-------- C:\Programme\Google
2007-01-12 22:47 707,344 --a------ C:\WINDOWS\system32\oodag.exe
2007-01-12 22:39 121,616 --a------ C:\WINDOWS\system32\oodbs.exe
2007-01-12 22:30 17,168 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-01-12 22:30 11,536 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-01-12 22:29 18,192 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-01-12 18:52 16,656 --a------ C:\WINDOWS\system32\ootmapi.dll
2007-01-12 18:49 38,160 --a------ C:\WINDOWS\system32\drivers\oobctm.sys
2007-01-08 14:32 <DIR> d-------- C:\WINDOWS\nview
2007-01-08 14:29 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-01-08 14:29 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-01-08 14:29 7,311,360 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-01-08 14:29 573,440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-01-08 14:29 5,402,624 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-01-08 14:29 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-01-08 14:29 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-01-08 14:29 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-01-08 14:29 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-01-08 14:29 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-01-08 14:29 35,840 --a------ C:\WINDOWS\system32\nvcod.dll
2007-01-08 14:29 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-01-08 14:29 335,872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-01-08 14:29 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-01-08 14:29 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-01-08 14:29 323,584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-01-08 14:29 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-01-08 14:29 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-01-08 14:29 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-01-08 14:29 319,488 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-01-08 14:29 319,488 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-01-08 14:29 315,392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-01-08 14:29 315,392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-01-08 14:29 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-01-08 14:29 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-01-08 14:29 303,104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-01-08 14:29 303,104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-01-08 14:29 299,008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-01-08 14:29 299,008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-01-08 14:29 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-01-08 14:29 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-01-08 14:29 294,912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-01-08 14:29 286,720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-01-08 14:29 286,720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-01-08 14:29 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-01-08 14:29 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-01-08 14:29 278,528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-01-08 14:29 278,528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-01-08 14:29 274,432 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-01-08 14:29 274,432 --a------ C:\WINDOWS\system32\nvrses.dll
2007-01-08 14:29 274,432 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-01-08 14:29 270,336 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-01-08 14:29 266,240 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-01-08 14:29 266,240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-01-08 14:29 266,240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-01-08 14:29 262,144 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-01-08 14:29 262,144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-01-08 14:29 258,048 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-01-08 14:29 253,952 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-01-08 14:29 253,952 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-01-08 14:29 249,856 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-01-08 14:29 249,856 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-01-08 14:29 249,856 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-01-08 14:29 249,856 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-01-08 14:29 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-01-08 14:29 245,760 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-01-08 14:29 245,760 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-01-08 14:29 241,664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-01-08 14:29 241,664 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-01-08 14:29 241,664 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-01-08 14:29 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-01-08 14:29 217,088 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-01-08 14:29 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-01-08 14:29 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-01-08 14:29 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-01-08 14:29 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-01-08 14:29 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-01-08 14:29 131,139 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-01-08 14:29 118,784 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-01-08 14:29 110,592 --a------ C:\WINDOWS\system32\nvapi.dll
2007-01-08 14:29 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-01-08 14:29 1,519,616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-01-08 14:29 1,466,368 --a------ C:\WINDOWS\system32\nview.dll
2007-01-08 14:29 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-01-08 14:29 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-01-08 14:17 <DIR> d-------- C:\NVIDIA
2007-01-08 14:12 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-01-07 16:02 <DIR> d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\funkitron
2007-01-04 23:43 <DIR> d-------- C:\Programme\GameFlier
2007-01-02 16:50 <DIR> d-------- C:\Programme\FileUploader
2007-01-02 00:22 <DIR> d-------- C:\Programme\Ubisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-28 14:18 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\utorrent
2007-01-28 13:45 -------- d-------- C:\Programme\mozilla firefox
2007-01-28 12:37 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\spam bib wave
2007-01-27 14:42 -------- d-------- C:\Programme\flashget
2007-01-26 14:33 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-25 21:07 -------- d--h----- C:\Programme\installshield installation information
2007-01-22 22:15 -------- d-------- C:\Programme\winamp
2007-01-21 17:10 -------- d-------- C:\Programme\msn messenger
2007-01-21 17:09 -------- d-------- C:\Programme\daemon tools
2007-01-18 13:01 -------- d-------- C:\Programme\tuneup utilities 2007
2007-01-18 10:21 108225 --a------ C:\DOKUME~1\Aleks\Anwendungsdaten\nmm-metadata.db
2007-01-17 22:59 -------- d---s---- C:\DOKUME~1\Aleks\Anwendungsdaten\microsoft
2006-12-26 17:52 -------- d-------- C:\Programme\Gemeinsame Dateien\stardock
2006-12-26 17:51 -------- d-------- C:\Programme\stardock
2006-12-23 14:19 -------- d-------- C:\Programme\steam
2006-12-20 21:15 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\adobe
2006-12-20 13:19 -------- d-------- C:\Programme\anno 1701
2006-12-20 13:18 -------- d-------- C:\Programme\radical games
2006-12-18 19:48 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\ahead
2006-12-18 19:08 -------- d-------- C:\Programme\ivt corporation
2006-12-18 14:54 -------- d-------- C:\Programme\driver-soft
2006-12-17 20:42 -------- d-------- C:\Programme\limewire
2006-12-17 20:40 -------- d-------- C:\Programme\bearshare applications
2006-12-16 13:20 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\tuneup software
2006-12-16 13:19 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2006-12-13 15:05 -------- d-------- C:\Programme\winroll
2006-12-11 14:55 -------- d-------- C:\Programme\infogrames
2006-12-11 13:42 -------- d-------- C:\Programme\Gemeinsame Dateien\installshield
2006-12-11 13:34 -------- d-------- C:\Programme\avmwlanstick
2006-12-11 13:33 -------- d-------- C:\Programme\avm_update
2006-12-10 21:56 -------- d-------- C:\Programme\sudeki
2006-12-09 15:32 -------- d-------- C:\Programme\thq
2006-12-07 19:50 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\ulead systems
2006-12-07 18:05 -------- d-------- C:\Programme\ulead systems
2006-12-07 17:58 -------- d-------- C:\Programme\alienguise
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 17:30 -------- d-------- C:\Programme\combined community codec pack
2006-12-02 14:10 -------- d-------- C:\DOKUME~1\Aleks\Anwendungsdaten\sudeki
2006-12-01 19:51 -------- d-------- C:\Programme\nexon
2006-12-01 14:01 -------- d-------- C:\Programme\utorrent
2006-11-30 14:29 -------- dr-h----- C:\DOKUME~1\Aleks\Anwendungsdaten\crystalspace
2006-11-30 14:12 -------- d-------- C:\Programme\wicked studios
2006-11-23 16:45 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-11-19 10:33 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-11-17 13:12 0 -rahs---- C:\MSDOS.SYS
2006-11-17 13:12 0 -rahs---- C:\IO.SYS
2006-11-17 13:12 0 --a------ C:\CONFIG.SYS
2006-11-17 13:12 0 --a------ C:\AUTOEXEC.BAT
2006-11-17 13:00 62 --ahs---- C:\DOKUME~1\Aleks\Anwendungsdaten\desktop.ini
2006-11-08 06:14 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"film peak"="C:\\DOKUME~1\\Aleks\\ANWEND~1\\SPAMBI~1\\Dart Dumb.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"AVMWlanClient"="C:\\Programme\\avmwlanstick\\wlangui.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"WinRoll"="C:\\Programme\\WinRoll\\winroll.exe"
"film peak"="C:\\DOKUME~1\\Aleks\\ANWEND~1\\SPAMBI~1\\Dart Dumb.exe"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Aleks^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
"path"="C:\\Dokumente und Einstellungen\\Aleks\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Ulead Kalendar Checker 4.0 SE.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Ulead Kalendar Checker 4.0 SE.lnk"
"backup"="C:\\WINDOWS\\pss\\Ulead Kalendar Checker 4.0 SE.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ULEADS~1\\ULEADP~1.0SE\\CalCheck.exe "
"item"="Ulead Kalendar Checker 4.0 SE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="htpatch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\htpatch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Steam\\Steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{430d38c1-7aea-11db-8d16-00040ec8cf39}]
Shell\AutoRun\command K:\pushinst.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aae5c02-7637-11db-8d0d-000b6a1e21c7}]
Shell\AutoRun\command K:\pushinst.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e8638d-99c8-11db-8d31-00040ec8c015}]
Shell\AutoRun\command I:\pushinst.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\A926DA46919D50DE.job

Completion time: 07-01-28 14:20:30
C:\ComboFix2.txt ... 07-01-21 16:19

#100 CaZanova

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\tasks\A926DA46919D50DE.job

Folders to delete:
C:\Dokumente und Einstellungen\Aleks\Anwendungsdaten\spam bib wave
C:\Dokumente und Einstellungen\Aleks\Anwendungsdaten\BearShare
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Baitfordoesabout
C:\Programme\bearshare applications
C:\Programme\Spam Bib Wave
C:\Programme\Messenger Plus! Live
C:\Programme\Adverts

öffne das HijackThis -- Button "scan" -- vor diesen Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKCU\..\Run: [film peak] C:\DOKUME~1\Aleks\ANWEND~1\SPAMBI~1\Dart Dumb.exe

__________
MfG Sabina

rund um die PC-Sicherheit

#101 Cupra

««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen

Zitat

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"stopacid"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"poke film bolt 2"=-

-----

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{588599f4-de26-4c28-ba14-f4eb17e33481}
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{01b55afa-f451-474b-9e91-c35b24d02641}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|emptins
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|poke film bolt 2

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\playantihidebin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stopacid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34CD51D9-97A6-97D8-1EAC-E7265E270C24}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34CD51D9-97A6-97D8-1EAC-E7265E270C24}

Files to delete:
C:\WINDOWS\tasks\B127DEE794D4575B.job

Folders to delete:
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\nurb spam wave
C:\Programme\nurb spam wave
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\startdebugdrive
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pollcashpokefilm
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wipeboneplayanti

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

»»
scanne mit counterspy
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#102 Hallo, nachdem mein Rechner auf den TR/Dldr.Swizzor.Gen gestoßen ist, habe ich dieses Forum gefunden, auch ich brauche Hilfe. Der Rechner ist seit kurzem extrem langsam, außerdem schaltet er sich bei einigen Anwendungen einfach aus oder geht in den Ruhezustand über. Ist das typisch oder liegt hier vielleicht noch ein anderes Problem vor?
Hier erstmal das logfile, und schon mal einen herzlichen Dank.

Logfile of HijackThis v1.99.1
Scan saved at 16:19:18, on 28.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbsecsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\FLIR Systems\ThermaCAM QuickView 2\T3Mon.exe
C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Neuer Ordner\HijackThis.exe
C:\Programme\Neuer Ordner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PestPatrolRegistration] C:\Programme\PestPatrol\Register.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C-\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Pop Settings Stupid Meet] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stopspampopsettings\date 01.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [01 sixth] C:\DOKUME~1\JENNER~1\ANWEND~1\EXTRAC~1\Mediaslowinternet.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: FLIR Camera Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk134YYDE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://schokobiboo.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138609647437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLIR Camera Monitor (CameraMonitor) - FLIR Systems - C:\Programme\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: OKI OPHC DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHCLDCS.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#103 stiew

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#104 hallo Sabina,
die Langsamkeit des Rechners kostet ganz schön Nerven, hier nun das combofix-logfile:

"jenner und partner" - 07-01-28 20:27:22 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Dokumente und Einstellungen\jenner und partner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))


2007-01-28 17:03 <DIR> d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\owns soft fork
2007-01-28 17:02 <DIR> d-------- C:\Programme\Extra Cake
2007-01-28 16:16 <DIR> d-------- C:\Programme\Neuer Ordner
2007-01-28 14:11 14,464,888 --a------ C:\antivir_workstation_win7u_de_h.exe
2007-01-20 21:58 <DIR> d-------- C:\UNDEFINED
2007-01-17 16:40 <DIR> d-------- C:\DOKUME~1\Barbara\Anwendungsdaten\ThermaCAM Connect 3
2007-01-16 09:14 <DIR> d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\AquaSoft
2007-01-16 09:11 <DIR> d-------- C:\Programme\AquaSoft
2007-01-16 09:10 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-01-14 13:55 <DIR> d-------- C:\DOKUME~1\Bianca\Anwendungsdaten\ThermaCAM Connect 3
2007-01-14 12:02 <DIR> d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\ThermaCAM Connect 3
2007-01-14 10:14 30,921 --a------ C:\WINDOWS\system32\drivers\SQCaptur.sys
2007-01-14 10:14 25,449 --a------ C:\WINDOWS\system32\drivers\SQCamD.sys
2007-01-13 20:42 <DIR> d-------- C:\My Downloads
2007-01-13 20:42 <DIR> d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\BearShare
2007-01-13 14:06 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-13 14:06 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-13 14:06 <DIR> d-------- C:\Programme\Picasa2
2007-01-12 19:21 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\LOVEFIVE2PLAY
2007-01-10 23:27 <DIR> d-------- C:\DOKUME~1\JENNER~1\OkiData
2007-01-08 19:05 <DIR> d-------- C:\Programme\MP3 Player Utilities 3.57
2006-12-30 21:53 <DIR> d-------- C:\Programme\PartyGaming
2006-12-30 19:12 9,728 --a------ C:\WINDOWS\system32\BrSerIf.dll
2006-12-30 19:12 9,728 --a------ C:\WINDOWS\system32\brcoinst.dll
2006-12-30 19:12 81,920 --a------ C:\WINDOWS\system32\BrmfcWia.dll
2006-12-30 19:12 60,416 --a------ C:\WINDOWS\system32\drivers\BrSerWdm.sys
2006-12-30 19:12 5,120 --a------ C:\WINDOWS\system32\BrScnRsm.dll
2006-12-30 19:12 41,472 --a------ C:\WINDOWS\system32\BrmfUSB.dll
2006-12-30 19:12 32,256 --a------ C:\WINDOWS\system32\BrmfRsmg.exe
2006-12-30 19:12 3,968 --a------ C:\WINDOWS\system32\drivers\BrFiltUp.sys
2006-12-30 19:12 29,696 --a------ C:\WINDOWS\system32\BrmfLpt.dll
2006-12-30 19:12 2,944 --a------ C:\WINDOWS\system32\drivers\BrFilt.sys
2006-12-30 19:12 19,456 --a------ C:\WINDOWS\system32\BrBidiIf.dll
2006-12-30 19:12 15,360 --a------ C:\WINDOWS\system32\BrmfBidi.dll
2006-12-30 19:12 12,800 --a------ C:\WINDOWS\system32\BrEvIF.dll
2006-12-30 19:12 12,160 --a------ C:\WINDOWS\system32\drivers\BrFiltLo.sys
2006-12-30 19:12 11,008 --a------ C:\WINDOWS\system32\drivers\BrUsbMdm.sys
2006-12-30 19:12 10,752 --a------ C:\WINDOWS\system32\RSMGRSTR.dll
2006-12-30 19:12 10,368 --a------ C:\WINDOWS\system32\drivers\BrUsbScn.sys
2006-12-30 12:14 <DIR> d-------- C:\Programme\BearShare Applications
2006-12-30 12:14 <DIR> d-------- C:\DOKUME~1\Bianca\Anwendungsdaten\BearShare


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-28 20:23 -------- d-------- C:\Programme\mozilla firefox
2007-01-28 17:11 -------- d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\extra cake
2007-01-28 15:58 -------- d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\openoffice.org2
2007-01-28 15:19 -------- d-------- C:\Programme\pestpatrol
2007-01-28 14:23 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-28 11:14 -------- d-------- C:\Programme\adverts
2007-01-19 23:54 -------- d--h----- C:\Programme\installshield installation information
2007-01-14 12:02 -------- d-------- C:\Programme\flir systems
2007-01-13 14:06 -------- d-------- C:\Programme\google
2007-01-12 23:01 -------- d---s---- C:\DOKUME~1\JENNER~1\Anwendungsdaten\microsoft
2007-01-08 20:28 -------- d-------- C:\Programme\messenger plus! live
2006-12-27 23:07 -------- d-------- C:\Programme\netlcr
2006-12-22 15:57 -------- d-------- C:\Programme\mp3 player utilities v1.22
2006-12-21 01:32 -------- d-------- C:\Programme\sequoiaview
2006-12-19 20:51 -------- d-------- C:\Programme\shareaza
2006-12-19 20:13 -------- d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\shareaza
2006-12-18 20:44 -------- d-------- C:\Programme\msn messenger
2006-12-18 15:00 -------- d-------- C:\Programme\dw2005
2006-12-18 13:31 -------- d-------- C:\Programme\energieberater5 dena
2006-12-17 17:48 -------- d-------- C:\Programme\Gemeinsame Dateien\flir systems
2006-12-10 20:14 -------- d-------- C:\DOKUME~1\JENNER~1\Anwendungsdaten\scansoft
2006-12-10 20:03 -------- d-------- C:\Programme\Gemeinsame Dateien\scansoft shared
2006-12-10 19:59 -------- d-------- C:\Programme\scansoft
2006-12-10 00:53 -------- d-------- C:\Programme\microsoft works
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 20:39 -------- d-------- C:\Programme\pc vga camera
2006-12-05 20:39 -------- d-------- C:\Programme\Gemeinsame Dateien\pccamera
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe"
"01 sixth"="C:\\DOKUME~1\\JENNER~1\\ANWEND~1\\EXTRAC~1\\Mediaslowinternet.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AntivirusRegistration"="C:\\Programme\\CA\\Etrust Antivirus\\Register.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"PestPatrolRegistration"="C:\\Programme\\PestPatrol\\Register.exe"
"PestPatrol Control Center"="C-\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"InstantOn"="\"C:\\Programme\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Corel Reminder"=""
"AttuneClientEngine"="C:\\PROGRA~1\\Aveo\\Attune\\bin\\attune_ce.exe"
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
"Picasa Media Detector"="C:\\Programme\\Picasa2\\PicasaMediaDetector.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Pop Settings Stupid Meet"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Stopspampopsettings\\rdrbeep.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5919cabc-b00a-11da-bb0a-0040d08a4bf1}]
Shell\AutoRun\command setupSNK.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\8C47C785939073D9.job
C:\WINDOWS\tasks\AE7302C691E0813A.job

Completion time: 07-01-28 20:50:42

#105 stiew

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit