Spybot meldert sich bei jedem Start |
||
---|---|---|
#0
| ||
13.01.2007, 18:03
Member
Beiträge: 12 |
||
|
||
13.01.2007, 19:27
Ehrenmitglied
Beiträge: 29434 |
#2
Charlie1983
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.01.2007, 20:43
Member
Themenstarter Beiträge: 12 |
#3
So ich hoffe ich hab jetzt alles richtig gemacht:
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D0BE-E0C7 Verzeichnis von C:\WINDOWS\system32 13.01.2007 20:04 1.374 wpa.dbl 03.01.2007 00:19 10.980.776 MRT.exe 28.12.2006 21:23 16.832 amcompat.tlb 28.12.2006 21:23 23.392 nscompat.tlb 19.12.2006 18:44 9.132 jupdate-1.5.0_10-b03.log 20.11.2006 00:58 8.970 jupdate-1.5.0_09-b03.log 17.11.2006 18:54 1.040.384 ieframe.dll.mui 17.11.2006 18:53 12.288 advpack.dll.mui 17.11.2006 12:05 103.984 AOLDial.dll 09.11.2006 15:07 127.078 javaws.exe 09.11.2006 15:07 49.265 jpicpl32.cpl 09.11.2006 13:28 53.346 javaw.exe 09.11.2006 13:28 49.248 java.exe 08.11.2006 06:06 679.424 inetcomm.dll 07.11.2006 21:03 131.584 extmgr.dll 07.11.2006 21:03 231.424 webcheck.dll 07.11.2006 21:03 1.162.240 urlmon.dll 07.11.2006 21:03 818.688 wininet.dll 07.11.2006 21:03 27.136 jsproxy.dll 07.11.2006 21:03 413.696 vbscript.dll 07.11.2006 21:03 156.160 msls31.dll 07.11.2006 21:03 3.577.856 mshtml.dll 07.11.2006 21:03 180.736 ieui.dll 07.11.2006 21:03 475.648 mshtmled.dll 07.11.2006 21:03 6.049.280 ieframe.dll 07.11.2006 21:03 670.720 mstime.dll 07.11.2006 21:03 50.688 msfeedsbs.dll 07.11.2006 21:03 458.752 msfeeds.dll 07.11.2006 21:03 191.488 iepeers.dll 07.11.2006 03:27 382.976 iedkcs32.dll 07.11.2006 03:27 229.376 ieaksie.dll 07.11.2006 03:26 152.064 ieakeng.dll 07.11.2006 03:26 71.680 admparse.dll 07.11.2006 03:26 55.296 iesetup.dll 07.11.2006 03:26 13.312 ieudinit.exe 07.11.2006 03:26 43.008 iernonce.dll 07.11.2006 03:26 54.784 ie4uinit.exe 07.11.2006 03:26 92.672 inseng.dll 07.11.2006 03:26 123.904 advpack.dll 07.11.2006 03:25 161.792 ieakui.dll 07.11.2006 03:24 56.483 ieuinit.inf 04.11.2006 14:14 1.245.696 msxml4.dll 03.11.2006 10:02 8.282.112 wmploc.dll 03.11.2006 09:56 99.840 wmpshell.dll 03.11.2006 09:55 275.968 wmerror.dll 03.11.2006 09:54 8.192 asferror.dll 02.11.2006 11:51 43.008 wpdshextres.dll 01.11.2006 18:07 136.192 pushow83.dll_tobedeleted 01.11.2006 17:02 28 mcheck.mhf 29.10.2006 17:25 401.200 perfh009.dat 29.10.2006 17:25 62.480 perfc009.dat 29.10.2006 17:25 415.800 perfh007.dat 29.10.2006 17:25 75.194 perfc007.dat 29.10.2006 17:25 966.250 PerfStringBackup.INI 25.10.2006 05:17 114.176 FNTCACHE.DAT 24.10.2006 18:22 98.304 CmdLineExt.dll 20.10.2006 02:38 715.776 sxs.dll 18.10.2006 21:58 8.704 uwdf.exe 18.10.2006 21:58 8.704 wdfmgr.exe 18.10.2006 21:47 63.488 wpdmtpus.dll 18.10.2006 21:47 2.603.008 WpdShext.dll 18.10.2006 21:47 603.648 WMSPDMOD.dll 18.10.2006 21:47 35.840 wpdconns.dll 18.10.2006 21:47 629.760 wpd_ci.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D0BE-E0C7 Verzeichnis von C:\DOKUME~1\DarkLord\LOKALE~1\Temp 13.01.2007 20:07 512 ~DFAC9.tmp 13.01.2007 20:07 16.384 ~DFAB7.tmp 13.01.2007 20:07 512 ~DFAA2.tmp 13.01.2007 20:07 16.384 ~DFA90.tmp 13.01.2007 20:07 512 ~DFA53.tmp 13.01.2007 20:07 16.384 ~DFA69.tmp 13.01.2007 20:07 512 ~DFA7B.tmp 13.01.2007 20:07 16.384 ~DFA41.tmp 13.01.2007 20:07 16.384 ~DFAA84.tmp 13.01.2007 20:07 16.384 ~DF9CF8.tmp 13.01.2007 20:07 512 ~DF9D13.tmp 13.01.2007 20:04 136 hpotdd000.log 12 Datei(en) 101.000 Bytes 0 Verzeichnis(se), 5.215.260.672 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D0BE-E0C7 Verzeichnis von C:\WINDOWS 13.01.2007 20:06 733 win.ini 13.01.2007 16:58 379.749 setupapi.log 13.01.2007 16:58 0 0.log 13.01.2007 16:58 1.959.106 WindowsUpdate.log 13.01.2007 16:58 159 wiadebug.log 13.01.2007 16:58 50 wiaservc.log 13.01.2007 16:58 2.048 bootstat.dat 09.01.2007 23:39 117.271 iis6.log 09.01.2007 23:39 254.334 comsetup.log 09.01.2007 23:39 152.711 ntdtcsetup.log 09.01.2007 23:39 285.043 tsoc.log 09.01.2007 23:39 1.355 imsins.log 09.01.2007 23:39 40.684 ocmsn.log 09.01.2007 23:39 3.562 KB929969.log 09.01.2007 23:39 358.034 ocgen.log 09.01.2007 23:39 37.181 msgsocm.log 09.01.2007 23:39 738.710 FaxSetup.log 31.12.2006 14:47 32.628 SchedLgU.Txt 30.12.2006 18:41 395.941 DirectX.log 29.12.2006 20:01 5.663 cdplayer.ini 29.12.2006 19:32 783 videoimp.ini 29.12.2006 19:32 54.156 QTFont.qfn 29.12.2006 00:51 270.835 wmsetup.log 28.12.2006 23:25 48.499 spupdsvc.log 28.12.2006 21:24 2.114 wmsetup10.log 28.12.2006 21:24 1.393 imsins.BAK 28.12.2006 21:24 5.720 KB926239.log 28.12.2006 21:24 91.645 updspapi.log 28.12.2006 21:23 4.073 MSCompPackV1.log 28.12.2006 21:23 18.445 wmp11.log 28.12.2006 21:17 25.227 WMFDist11.log 28.12.2006 21:14 10.691 Wudf01000Inst.log 21.12.2006 22:21 1.409 QTFont.for 14.12.2006 00:04 10.004 KB925398.log 14.12.2006 00:02 11.403 KB923689.log 13.12.2006 23:59 11.484 KB926255.log 13.12.2006 23:58 12.186 KB923694.log 13.12.2006 06:47 14.427 KB885295.log 26.11.2006 20:58 22.444 ie7_main.log 26.11.2006 20:58 65.877 ie7.log 26.11.2006 20:57 16.239 IDNMitigationAPIs.log 26.11.2006 20:56 15.965 NLSDownlevelMapping.log 26.11.2006 20:56 14.252 KB915865.log 26.11.2006 20:55 11.737 KB914440.log 26.11.2006 20:55 31.263 KB920213.log 26.11.2006 20:54 17.797 KB920342.log 18.11.2006 21:13 19.166 KB923980.log 18.11.2006 21:13 19.231 KB924270.log 18.11.2006 21:09 23.114 KB922760.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D0BE-E0C7 Verzeichnis von C:\WINDOWS\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D0BE-E0C7 Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.11.2006 14:36 5.019 swflash.inf 25.06.2006 11:50 1.793 erma.inf 28.09.2004 17:24 65 desktop.ini 20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd 4 Datei(en) 8.039 Bytes 0 Verzeichnis(se), 5.215.297.536 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D0BE-E0C7 Verzeichnis von C:\ 13.01.2007 20:28 0 sys.txt 13.01.2007 20:27 462 down.txt 13.01.2007 20:27 117 tmp.txt 13.01.2007 20:27 12.470 system.txt 13.01.2007 20:24 828 systemtemp.txt 13.01.2007 20:21 102.645 system32.txt 13.01.2007 16:58 1.073.270.784 hiberfil.sys 13.01.2007 16:58 1.609.801.728 pagefile.sys 28.12.2006 23:42 52 28.12.2006234258.txt 10.12.2006 19:53 2.560 crashAddress.txt 08.10.2006 23:15 32.629 hpfr3500.log 07.10.2006 20:05 5 07.10.2006210555.txt |
|
|
||
13.01.2007, 23:50
Ehrenmitglied
Beiträge: 29434 |
#4
Charlie1983
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O11 - Options group: [INTERNATIONAL] International*»» scanne mit Counterspy, stelle nach dem scan alles auf remove und poste hier den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.01.2007, 14:54
Member
Themenstarter Beiträge: 12 |
#5
So hier der scanreport:
Zitat Spyware Scan DetailsVielen dank schonmal für deine Hilfe |
|
|
||
14.01.2007, 16:54
Ehrenmitglied
Beiträge: 29434 |
#6
Charlie1983
1. poste das log http://virus-protect.org/artikel/tools/combofix.html 2. poste das neue Log vom HijaxkThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.01.2007, 17:37
Member
Themenstarter Beiträge: 12 |
#7
"DarkLord" - 07-01-14 17:09:05 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Dokumente und Einstellungen\DarkLord" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\WinNB58.dll C:\Programme\Gemeinsame Dateien\{D0BEE0C7-0A26-1031-1211-030312090031} C:\Programme\Gemeinsame Dateien\{D0BEE0C7-0A27-1031-1211-030312090031} ((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 )))))))))))))))))))))))))))))))))) 2007-01-14 12:06 <DIR> d----c--- C:\Programme\Sunbelt Software 2007-01-14 11:37 <DIR> d----c--- C:\avenger 2007-01-09 23:39 <DIR> d----c--- C:\WINDOWS\ie7updates 2006-12-28 21:14 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-14 15:27 -------- d----c--- C:\Programme\mozilla firefox 2007-01-14 13:53 -------- d----c--- C:\Programme\daemon tools 2007-01-14 11:45 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\skype 2007-01-13 20:17 5776 --a--c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\cleanup!.log 2007-01-13 18:03 -------- d----c--- C:\Programme\msn messenger 2007-01-13 08:58 -------- d----c--- C:\Programme\ashampoo 2007-01-05 17:59 -------- d----c--- C:\Programme\antivir personaledition classic 2007-01-02 21:16 -------- d--h-c--- C:\Programme\installshield installation information 2006-12-28 21:21 -------- d----c--- C:\Programme\windows media connect 2 2006-12-19 18:44 -------- d----c--- C:\Programme\java 2006-12-13 06:47 -------- d----c--- C:\Programme\Gemeinsame Dateien\aol 2006-12-13 06:47 -------- d----c--- C:\Programme\aol 2006-12-13 06:46 -------- d----c--- C:\Programme\Gemeinsame Dateien\aolshare 2006-11-28 16:49 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\temp 2006-11-18 21:13 -------- d----c--- C:\Programme\msxml 4.0 2006-11-17 12:05 103984 --a------ C:\WINDOWS\system32\aoldial.dll 2006-11-16 17:44 33592 --a--c--- C:\WINDOWS\system32\drivers\atwpkt264.sys 2006-11-16 17:44 25136 --a--c--- C:\WINDOWS\system32\drivers\atwpkt2.sys 2006-11-08 06:06 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 -----c--- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 -----c--- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 -----c--- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a--c--- C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a--c--- C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 -----c--- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a--c--- C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a--c--- C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a--c--- C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a--c--- C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a--c--- C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a--c--- C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a--c--- C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a--c--- C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a--c--- C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a--c--- C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a--c--- C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a--c--- C:\WINDOWS\system32\msxml4.dll 2006-11-04 11:57 6451 --a--c--- C:\Programme\pstrip.ini 2006-11-03 22:57 6339 --a--c--- C:\Programme\pstrip.bak 2006-11-03 11:08 6269 --a--c--- C:\Programme\pstrip.bko 2006-11-03 10:02 8282112 --a--c--- C:\WINDOWS\system32\wmploc.dll 2006-11-03 09:56 99840 --a--c--- C:\WINDOWS\system32\wmpshell.dll 2006-11-03 09:55 275968 --a--c--- C:\WINDOWS\system32\wmerror.dll 2006-11-03 09:54 8192 --a--c--- C:\WINDOWS\system32\asferror.dll 2006-11-02 11:51 43008 -----c--- C:\WINDOWS\system32\wpdshextres.dll 2006-10-24 18:22 98304 --a--c--- C:\WINDOWS\system32\cmdlineext.dll 2006-10-20 02:38 715776 --a--c--- C:\WINDOWS\system32\sxs.dll 2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\wdfmgr.exe 2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\uwdf.exe 2006-10-18 21:47 991744 --a--c--- C:\WINDOWS\system32\drmv2clt.dll 2006-10-18 21:47 937984 --a--c--- C:\WINDOWS\system32\wmnetmgr.dll 2006-10-18 21:47 767488 -----c--- C:\WINDOWS\system32\wmvsencd.dll 2006-10-18 21:47 757248 --a--c--- C:\WINDOWS\system32\wmadmod.dll 2006-10-18 21:47 656896 -----c--- C:\WINDOWS\system32\wmvxencd.dll 2006-10-18 21:47 63488 --a--c--- C:\WINDOWS\system32\wpdmtpus.dll 2006-10-18 21:47 629760 --a--c--- C:\WINDOWS\system32\wpd_ci.dll 2006-10-18 21:47 613376 -----c--- C:\WINDOWS\system32\wmpmde.dll 2006-10-18 21:47 603648 --a--c--- C:\WINDOWS\system32\wmspdmod.dll 2006-10-18 21:47 542720 --a--c--- C:\WINDOWS\system32\blackbox.dll 2006-10-18 21:47 535040 -----c--- C:\WINDOWS\system32\wmdrmsdk.dll 2006-10-18 21:47 429056 --a--c--- C:\WINDOWS\system32\wmdrmdev.dll 2006-10-18 21:47 414208 --a--c--- C:\WINDOWS\system32\msscp.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmoe2.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadve.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadvd.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmoe2.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wdfapi.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mpg4dmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp4sdmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp43dmod.dll 2006-10-18 21:47 37376 --a--c--- C:\WINDOWS\system32\wmdmps.dll 2006-10-18 21:47 35840 --a--c--- C:\WINDOWS\system32\wpdconns.dll 2006-10-18 21:47 356352 --a--c--- C:\WINDOWS\system32\wpdsp.dll 2006-10-18 21:47 348672 --a--c--- C:\WINDOWS\system32\wmdrmnet.dll 2006-10-18 21:47 33792 --a--c--- C:\WINDOWS\system32\wmdmlog.dll 2006-10-18 21:47 321536 --a--c--- C:\WINDOWS\system32\mswmdm.dll 2006-10-18 21:47 317440 -----c--- C:\WINDOWS\system32\mp4sdecd.dll 2006-10-18 21:47 314880 --a--c--- C:\WINDOWS\system32\wmpdxm.dll 2006-10-18 21:47 295936 -----c--- C:\WINDOWS\system32\wmpeffects.dll 2006-10-18 21:47 284160 -----c--- C:\WINDOWS\system32\portabledeviceapi.dll 2006-10-18 21:47 276992 --a--c--- C:\WINDOWS\system32\audiodev.dll 2006-10-18 21:47 27136 --a--c--- C:\WINDOWS\system32\mspmsnsv.dll 2006-10-18 21:47 2603008 -----c--- C:\WINDOWS\system32\wpdshext.dll 2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mpg4decd.dll 2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mp43decd.dll 2006-10-18 21:47 2450944 --a--c--- C:\WINDOWS\system32\wmvcore.dll 2006-10-18 21:47 242688 --a--c--- C:\WINDOWS\system32\wmpasf.dll 2006-10-18 21:47 229376 --a--c--- C:\WINDOWS\system32\cewmdm.dll 2006-10-18 21:47 222208 --a--c--- C:\WINDOWS\system32\wmasf.dll 2006-10-18 21:47 212992 -----c--- C:\WINDOWS\system32\mfplat.dll 2006-10-18 21:47 211456 --a--c--- C:\WINDOWS\system32\qasf.dll 2006-10-18 21:47 204288 --a--c--- C:\WINDOWS\system32\wmpsrcwp.dll 2006-10-18 21:47 199168 -----c--- C:\WINDOWS\system32\portabledevicewmdrm.dll 2006-10-18 21:47 179712 --a--c--- C:\WINDOWS\system32\msnetobj.dll 2006-10-18 21:47 175616 --a--c--- C:\WINDOWS\system32\mspmsp.dll 2006-10-18 21:47 166912 -----c--- C:\WINDOWS\system32\portabledevicetypes.dll 2006-10-18 21:47 1661440 --a--c--- C:\WINDOWS\system32\wmpencen.dll 2006-10-18 21:47 1574912 -----c--- C:\WINDOWS\system32\wmvencod.dll 2006-10-18 21:47 157184 --a--c--- C:\WINDOWS\system32\wmidx.dll 2006-10-18 21:47 154624 --a--c--- C:\WINDOWS\system32\wpdmtp.dll 2006-10-18 21:47 1543680 -----c--- C:\WINDOWS\system32\wmvdecod.dll 2006-10-18 21:47 1382912 -----c--- C:\WINDOWS\system32\wmvsdecd.dll 2006-10-18 21:47 133632 -----c--- C:\WINDOWS\system32\wpdshserviceobj.dll 2006-10-18 21:47 1329152 --a--c--- C:\WINDOWS\system32\wmspdmoe.dll 2006-10-18 21:47 132096 -----c--- C:\WINDOWS\system32\portabledevicewiacompat.dll 2006-10-18 21:47 130048 -----c--- C:\WINDOWS\system32\wmpps.dll 2006-10-18 21:47 11264 --a--c--- C:\WINDOWS\system32\laprxy.dll 2006-10-18 21:47 1117696 --a--c--- C:\WINDOWS\system32\wmadmoe.dll 2006-10-18 21:47 101888 -----c--- C:\WINDOWS\system32\portabledeviceclassextension.dll 2006-10-18 20:03 100864 --a--c--- C:\WINDOWS\system32\logagent.exe 2006-10-18 20:00 249856 -----c--- C:\WINDOWS\system32\drmupgds.exe 2006-10-18 20:00 17408 -----c--- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-10-17 12:06 78336 --a--c--- C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a--c--- C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 -----c--- C:\WINDOWS\system32\winfxdocobj.exe 2006-10-17 12:05 105984 --a--c--- C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a--c--- C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a--c--- C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 -----c--- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 -----c--- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a--c--- C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 -----c--- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a--c--- C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a--c--- C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 -----c--- C:\WINDOWS\system32\ieapfltr.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Yahoo! Pager"="C:\\Programme\\Yahoo!\\Messenger\\ypager.exe -quiet" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "Shareaza"="\"C:\\Programme\\Shareaza\\Shareaza.exe\" -tray" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "EA Core"="C:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" "AOL Dialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOlDial.exe" "Ashampoo PopUpBlocker"="C:\\PROGRA~1\\Ashampoo\\ASHAMP~3\\PopUpKiller.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" "CounterSpyCleaner"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunASCleaner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "AdaptecDirectCD"="\"C:\\Programme\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "HP Software Update"="C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "DeviceDiscovery"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe" "Conceptronic Conceptronic 54Mbps Wireless Utility"="C:\\Programme\\Conceptronic\\Conceptronic 54Mbps Wireless Utility\\WLANmon.exe" "ANIWZCS2Service"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" @="" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "Glass2k"="C:\\Programme\\Glass2k\\Glass2k.exe" "LClock"="C:\\Programme\\LClock\\LClock.exe" "BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs" "HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165988786\\ee\\AOLSoftware.exe" "mspwr"="C:\\WINDOWS\\system32\\PuXpMan2.exe" "Maplom"="C:\\Programme\\Maplom\\Maplom.exe /silent" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{076394AD-7FDD-44EF-A075-32C68DBAB99B}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command D:\setupSNK.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\autorun.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2 Completion time: 07-01-14 17:17:44 Logfile of HijackThis v1.99.1 Scan saved at 17:33:06, on 14.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\svchost.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\LClock\LClock.exe C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\AOL 9.0\aoltray.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file) O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Wie sieht es denn so ungefähr jetzt aus auf meinem PC? Weil ich versteh davon atm gar nichts mehr Lg Charlie |
|
|
||
14.01.2007, 18:33
Ehrenmitglied
Beiträge: 29434 |
#8
du hast das avengerscript nicht abgearbeitet
was machen wir hier eigentlich ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.01.2007, 19:25
Member
Themenstarter Beiträge: 12 |
#9
Da muss wohl irgendwas schiefgelaufen sein.
Hab Avenger jetzt nochmal laufen lassen, und hier das neue Log von Combofix und HjT "DarkLord" - 07-01-14 19:08:11 Service Pack 2 ComboFix 07-01-14.2 - Running from: "C:\Dokumente und Einstellungen\DarkLord\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 )))))))))))))))))))))))))))))))))) 2007-01-14 18:59 <DIR> d----c--- C:\avenger 2007-01-14 12:06 <DIR> d----c--- C:\Programme\Sunbelt Software 2007-01-09 23:39 <DIR> d----c--- C:\WINDOWS\ie7updates 2006-12-28 21:14 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-14 19:03 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\skype 2007-01-14 15:27 -------- d----c--- C:\Programme\mozilla firefox 2007-01-14 13:53 -------- d----c--- C:\Programme\daemon tools 2007-01-13 20:17 5776 --a--c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\cleanup!.log 2007-01-13 18:03 -------- d----c--- C:\Programme\msn messenger 2007-01-13 08:58 -------- d----c--- C:\Programme\ashampoo 2007-01-05 17:59 -------- d----c--- C:\Programme\antivir personaledition classic 2007-01-02 21:16 -------- d--h-c--- C:\Programme\installshield installation information 2006-12-28 21:21 -------- d----c--- C:\Programme\windows media connect 2 2006-12-19 18:44 -------- d----c--- C:\Programme\java 2006-12-13 06:47 -------- d----c--- C:\Programme\Gemeinsame Dateien\aol 2006-12-13 06:47 -------- d----c--- C:\Programme\aol 2006-12-13 06:46 -------- d----c--- C:\Programme\Gemeinsame Dateien\aolshare 2006-11-28 16:49 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\temp 2006-11-18 21:13 -------- d----c--- C:\Programme\msxml 4.0 2006-11-17 12:05 103984 --a------ C:\WINDOWS\system32\aoldial.dll 2006-11-16 17:44 33592 --a--c--- C:\WINDOWS\system32\drivers\atwpkt264.sys 2006-11-16 17:44 25136 --a--c--- C:\WINDOWS\system32\drivers\atwpkt2.sys 2006-11-08 06:06 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 -----c--- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 -----c--- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 -----c--- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a--c--- C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a--c--- C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 -----c--- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a--c--- C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a--c--- C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a--c--- C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a--c--- C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a--c--- C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a--c--- C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a--c--- C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a--c--- C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a--c--- C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a--c--- C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a--c--- C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a--c--- C:\WINDOWS\system32\msxml4.dll 2006-11-04 11:57 6451 --a--c--- C:\Programme\pstrip.ini 2006-11-03 22:57 6339 --a--c--- C:\Programme\pstrip.bak 2006-11-03 11:08 6269 --a--c--- C:\Programme\pstrip.bko 2006-11-03 10:02 8282112 --a--c--- C:\WINDOWS\system32\wmploc.dll 2006-11-03 09:56 99840 --a--c--- C:\WINDOWS\system32\wmpshell.dll 2006-11-03 09:55 275968 --a--c--- C:\WINDOWS\system32\wmerror.dll 2006-11-03 09:54 8192 --a--c--- C:\WINDOWS\system32\asferror.dll 2006-11-02 11:51 43008 -----c--- C:\WINDOWS\system32\wpdshextres.dll 2006-10-24 18:22 98304 --a--c--- C:\WINDOWS\system32\cmdlineext.dll 2006-10-20 02:38 715776 --a--c--- C:\WINDOWS\system32\sxs.dll 2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\wdfmgr.exe 2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\uwdf.exe 2006-10-18 21:47 991744 --a--c--- C:\WINDOWS\system32\drmv2clt.dll 2006-10-18 21:47 937984 --a--c--- C:\WINDOWS\system32\wmnetmgr.dll 2006-10-18 21:47 767488 -----c--- C:\WINDOWS\system32\wmvsencd.dll 2006-10-18 21:47 757248 --a--c--- C:\WINDOWS\system32\wmadmod.dll 2006-10-18 21:47 656896 -----c--- C:\WINDOWS\system32\wmvxencd.dll 2006-10-18 21:47 63488 --a--c--- C:\WINDOWS\system32\wpdmtpus.dll 2006-10-18 21:47 629760 --a--c--- C:\WINDOWS\system32\wpd_ci.dll 2006-10-18 21:47 613376 -----c--- C:\WINDOWS\system32\wmpmde.dll 2006-10-18 21:47 603648 --a--c--- C:\WINDOWS\system32\wmspdmod.dll 2006-10-18 21:47 542720 --a--c--- C:\WINDOWS\system32\blackbox.dll 2006-10-18 21:47 535040 -----c--- C:\WINDOWS\system32\wmdrmsdk.dll 2006-10-18 21:47 429056 --a--c--- C:\WINDOWS\system32\wmdrmdev.dll 2006-10-18 21:47 414208 --a--c--- C:\WINDOWS\system32\msscp.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmoe2.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadve.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadvd.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmoe2.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wdfapi.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mpg4dmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp4sdmod.dll 2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp43dmod.dll 2006-10-18 21:47 37376 --a--c--- C:\WINDOWS\system32\wmdmps.dll 2006-10-18 21:47 35840 --a--c--- C:\WINDOWS\system32\wpdconns.dll 2006-10-18 21:47 356352 --a--c--- C:\WINDOWS\system32\wpdsp.dll 2006-10-18 21:47 348672 --a--c--- C:\WINDOWS\system32\wmdrmnet.dll 2006-10-18 21:47 33792 --a--c--- C:\WINDOWS\system32\wmdmlog.dll 2006-10-18 21:47 321536 --a--c--- C:\WINDOWS\system32\mswmdm.dll 2006-10-18 21:47 317440 -----c--- C:\WINDOWS\system32\mp4sdecd.dll 2006-10-18 21:47 314880 --a--c--- C:\WINDOWS\system32\wmpdxm.dll 2006-10-18 21:47 295936 -----c--- C:\WINDOWS\system32\wmpeffects.dll 2006-10-18 21:47 284160 -----c--- C:\WINDOWS\system32\portabledeviceapi.dll 2006-10-18 21:47 276992 --a--c--- C:\WINDOWS\system32\audiodev.dll 2006-10-18 21:47 27136 --a--c--- C:\WINDOWS\system32\mspmsnsv.dll 2006-10-18 21:47 2603008 -----c--- C:\WINDOWS\system32\wpdshext.dll 2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mpg4decd.dll 2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mp43decd.dll 2006-10-18 21:47 2450944 --a--c--- C:\WINDOWS\system32\wmvcore.dll 2006-10-18 21:47 242688 --a--c--- C:\WINDOWS\system32\wmpasf.dll 2006-10-18 21:47 229376 --a--c--- C:\WINDOWS\system32\cewmdm.dll 2006-10-18 21:47 222208 --a--c--- C:\WINDOWS\system32\wmasf.dll 2006-10-18 21:47 212992 -----c--- C:\WINDOWS\system32\mfplat.dll 2006-10-18 21:47 211456 --a--c--- C:\WINDOWS\system32\qasf.dll 2006-10-18 21:47 204288 --a--c--- C:\WINDOWS\system32\wmpsrcwp.dll 2006-10-18 21:47 199168 -----c--- C:\WINDOWS\system32\portabledevicewmdrm.dll 2006-10-18 21:47 179712 --a--c--- C:\WINDOWS\system32\msnetobj.dll 2006-10-18 21:47 175616 --a--c--- C:\WINDOWS\system32\mspmsp.dll 2006-10-18 21:47 166912 -----c--- C:\WINDOWS\system32\portabledevicetypes.dll 2006-10-18 21:47 1661440 --a--c--- C:\WINDOWS\system32\wmpencen.dll 2006-10-18 21:47 1574912 -----c--- C:\WINDOWS\system32\wmvencod.dll 2006-10-18 21:47 157184 --a--c--- C:\WINDOWS\system32\wmidx.dll 2006-10-18 21:47 154624 --a--c--- C:\WINDOWS\system32\wpdmtp.dll 2006-10-18 21:47 1543680 -----c--- C:\WINDOWS\system32\wmvdecod.dll 2006-10-18 21:47 1382912 -----c--- C:\WINDOWS\system32\wmvsdecd.dll 2006-10-18 21:47 133632 -----c--- C:\WINDOWS\system32\wpdshserviceobj.dll 2006-10-18 21:47 1329152 --a--c--- C:\WINDOWS\system32\wmspdmoe.dll 2006-10-18 21:47 132096 -----c--- C:\WINDOWS\system32\portabledevicewiacompat.dll 2006-10-18 21:47 130048 -----c--- C:\WINDOWS\system32\wmpps.dll 2006-10-18 21:47 11264 --a--c--- C:\WINDOWS\system32\laprxy.dll 2006-10-18 21:47 1117696 --a--c--- C:\WINDOWS\system32\wmadmoe.dll 2006-10-18 21:47 101888 -----c--- C:\WINDOWS\system32\portabledeviceclassextension.dll 2006-10-18 20:03 100864 --a--c--- C:\WINDOWS\system32\logagent.exe 2006-10-18 20:00 249856 -----c--- C:\WINDOWS\system32\drmupgds.exe 2006-10-18 20:00 17408 -----c--- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-10-17 12:06 78336 --a--c--- C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a--c--- C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 -----c--- C:\WINDOWS\system32\winfxdocobj.exe 2006-10-17 12:05 105984 --a--c--- C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a--c--- C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a--c--- C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 -----c--- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 -----c--- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a--c--- C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 -----c--- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a--c--- C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a--c--- C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 -----c--- C:\WINDOWS\system32\ieapfltr.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Yahoo! Pager"="C:\\Programme\\Yahoo!\\Messenger\\ypager.exe -quiet" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "Shareaza"="\"C:\\Programme\\Shareaza\\Shareaza.exe\" -tray" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "EA Core"="C:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" "AOL Dialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOlDial.exe" "Ashampoo PopUpBlocker"="C:\\PROGRA~1\\Ashampoo\\ASHAMP~3\\PopUpKiller.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" "CounterSpyCleaner"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunASCleaner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "AdaptecDirectCD"="\"C:\\Programme\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "HP Software Update"="C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "DeviceDiscovery"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe" "Conceptronic Conceptronic 54Mbps Wireless Utility"="C:\\Programme\\Conceptronic\\Conceptronic 54Mbps Wireless Utility\\WLANmon.exe" "ANIWZCS2Service"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" @="" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "Glass2k"="C:\\Programme\\Glass2k\\Glass2k.exe" "LClock"="C:\\Programme\\LClock\\LClock.exe" "BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs" "HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165988786\\ee\\AOLSoftware.exe" "mspwr"="C:\\WINDOWS\\system32\\PuXpMan2.exe" "Maplom"="C:\\Programme\\Maplom\\Maplom.exe /silent" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{076394AD-7FDD-44EF-A075-32C68DBAB99B}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command D:\setupSNK.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b894a4-1177-11d9-9ee1-806d6172696f}] Shell\AutoRun\command D:\setupSNK.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2 Completion time: 07-01-14 19:11:40 C:\ComboFix2.txt ... 07-01-14 17:17 Logfile of HijackThis v1.99.1 Scan saved at 19:32:19, on 14.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\svchost.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\LClock\LClock.exe C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\AOL 9.0\aoltray.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file) O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe HjT Log folgt in 2 Minuten Mfg Charlie Dieser Beitrag wurde am 14.01.2007 um 19:33 Uhr von Charlie1983 editiert.
|
|
|
||
14.01.2007, 21:43
Ehrenmitglied
Beiträge: 29434 |
#10
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: (ohne zitat) Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten nach dem neustart erscheint das log vom Avenger - kopiere es hier __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.01.2007, 22:03
Member
Themenstarter Beiträge: 12 |
#11
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xiaqsawh ******************* Script file located at: \??\C:\WINDOWS\fdnpnbjo.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\pushow83.dll_tobedeleted not found! Deletion of file C:\WINDOWS\system32\pushow83.dll_tobedeleted failed! Could not process line: C:\WINDOWS\system32\pushow83.dll_tobedeleted Status: 0xc0000034 Could not delete registry value HKLM\software\microsoft\windows\currentversion\run|SpybotSD TeaTimer Deletion of registry value HKLM\software\microsoft\windows\currentversion\run|SpybotSD TeaTimer failed! Status: 0xc0000034 Could not delete registry value HKLM\software\microsoft\windows\currentversion\run|Shareaza Deletion of registry value HKLM\software\microsoft\windows\currentversion\run|Shareaza failed! Status: 0xc0000034 Could not delete registry value HKLM\software\microsoft\windows\currentversion\run|EA Core Deletion of registry value HKLM\software\microsoft\windows\currentversion\run|EA Core failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000003} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000003} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847} not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
14.01.2007, 22:18
Ehrenmitglied
Beiträge: 29434 |
||
|
||
14.01.2007, 22:23
Member
Themenstarter Beiträge: 12 |
#13
Logfile of HijackThis v1.99.1
Scan saved at 22:22:35, on 14.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\svchost.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\LClock\LClock.exe C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\AOL 9.0\aoltray.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Danke dir, dass du so geduldig bist :-) |
|
|
||
14.01.2007, 22:26
Ehrenmitglied
Beiträge: 29434 |
#14
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Zitat O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)Pc neustarten »» poste das neue log vom HijacktHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.01.2007, 22:39
Member
Themenstarter Beiträge: 12 |
#15
Logfile of HijackThis v1.99.1
Scan saved at 22:37:15, on 14.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\svchost.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\LClock\LClock.exe C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\AOL 9.0\aoltray.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\AOL 9.0\waol.exe C:\Programme\AOL 9.0\shellmon.exe C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
||
Also seit einiger Zeit meldet sich bei jedem Start Spybot, und will einige Dienste zulassen. Wenn ich dies nicht mache, funktioniert weder der IE oder Firefox.
Vielleicht könnt ihr mir da ja helfen.
Hier mein HjT log
Logfile of HijackThis v1.99.1
Scan saved at 17:00:25, on 13.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\AOL 9.0\waol.exe
C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe