Spybot meldert sich bei jedem Start

#1 Hey ihr,

Also seit einiger Zeit meldet sich bei jedem Start Spybot, und will einige Dienste zulassen. Wenn ich dies nicht mache, funktioniert weder der IE oder Firefox.

Vielleicht könnt ihr mir da ja helfen.
Hier mein HjT log




Logfile of HijackThis v1.99.1
Scan saved at 17:00:25, on 13.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\AOL 9.0\waol.exe
C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: World Class Solitaire by pogo -
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#2 Charlie1983

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 So ich hoffe ich hab jetzt alles richtig gemacht:


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D0BE-E0C7

Verzeichnis von C:\WINDOWS\system32

13.01.2007 20:04 1.374 wpa.dbl
03.01.2007 00:19 10.980.776 MRT.exe
28.12.2006 21:23 16.832 amcompat.tlb
28.12.2006 21:23 23.392 nscompat.tlb
19.12.2006 18:44 9.132 jupdate-1.5.0_10-b03.log
20.11.2006 00:58 8.970 jupdate-1.5.0_09-b03.log
17.11.2006 18:54 1.040.384 ieframe.dll.mui
17.11.2006 18:53 12.288 advpack.dll.mui
17.11.2006 12:05 103.984 AOLDial.dll
09.11.2006 15:07 127.078 javaws.exe
09.11.2006 15:07 49.265 jpicpl32.cpl
09.11.2006 13:28 53.346 javaw.exe
09.11.2006 13:28 49.248 java.exe
08.11.2006 06:06 679.424 inetcomm.dll
07.11.2006 21:03 131.584 extmgr.dll
07.11.2006 21:03 231.424 webcheck.dll
07.11.2006 21:03 1.162.240 urlmon.dll
07.11.2006 21:03 818.688 wininet.dll
07.11.2006 21:03 27.136 jsproxy.dll
07.11.2006 21:03 413.696 vbscript.dll
07.11.2006 21:03 156.160 msls31.dll
07.11.2006 21:03 3.577.856 mshtml.dll
07.11.2006 21:03 180.736 ieui.dll
07.11.2006 21:03 475.648 mshtmled.dll
07.11.2006 21:03 6.049.280 ieframe.dll
07.11.2006 21:03 670.720 mstime.dll
07.11.2006 21:03 50.688 msfeedsbs.dll
07.11.2006 21:03 458.752 msfeeds.dll
07.11.2006 21:03 191.488 iepeers.dll
07.11.2006 03:27 382.976 iedkcs32.dll
07.11.2006 03:27 229.376 ieaksie.dll
07.11.2006 03:26 152.064 ieakeng.dll
07.11.2006 03:26 71.680 admparse.dll
07.11.2006 03:26 55.296 iesetup.dll
07.11.2006 03:26 13.312 ieudinit.exe
07.11.2006 03:26 43.008 iernonce.dll
07.11.2006 03:26 54.784 ie4uinit.exe
07.11.2006 03:26 92.672 inseng.dll
07.11.2006 03:26 123.904 advpack.dll
07.11.2006 03:25 161.792 ieakui.dll
07.11.2006 03:24 56.483 ieuinit.inf
04.11.2006 14:14 1.245.696 msxml4.dll
03.11.2006 10:02 8.282.112 wmploc.dll
03.11.2006 09:56 99.840 wmpshell.dll
03.11.2006 09:55 275.968 wmerror.dll
03.11.2006 09:54 8.192 asferror.dll
02.11.2006 11:51 43.008 wpdshextres.dll
01.11.2006 18:07 136.192 pushow83.dll_tobedeleted
01.11.2006 17:02 28 mcheck.mhf
29.10.2006 17:25 401.200 perfh009.dat
29.10.2006 17:25 62.480 perfc009.dat
29.10.2006 17:25 415.800 perfh007.dat
29.10.2006 17:25 75.194 perfc007.dat
29.10.2006 17:25 966.250 PerfStringBackup.INI
25.10.2006 05:17 114.176 FNTCACHE.DAT
24.10.2006 18:22 98.304 CmdLineExt.dll
20.10.2006 02:38 715.776 sxs.dll
18.10.2006 21:58 8.704 uwdf.exe
18.10.2006 21:58 8.704 wdfmgr.exe
18.10.2006 21:47 63.488 wpdmtpus.dll
18.10.2006 21:47 2.603.008 WpdShext.dll
18.10.2006 21:47 603.648 WMSPDMOD.dll
18.10.2006 21:47 35.840 wpdconns.dll
18.10.2006 21:47 629.760 wpd_ci.dll


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D0BE-E0C7

Verzeichnis von C:\DOKUME~1\DarkLord\LOKALE~1\Temp

13.01.2007 20:07 512 ~DFAC9.tmp
13.01.2007 20:07 16.384 ~DFAB7.tmp
13.01.2007 20:07 512 ~DFAA2.tmp
13.01.2007 20:07 16.384 ~DFA90.tmp
13.01.2007 20:07 512 ~DFA53.tmp
13.01.2007 20:07 16.384 ~DFA69.tmp
13.01.2007 20:07 512 ~DFA7B.tmp
13.01.2007 20:07 16.384 ~DFA41.tmp
13.01.2007 20:07 16.384 ~DFAA84.tmp
13.01.2007 20:07 16.384 ~DF9CF8.tmp
13.01.2007 20:07 512 ~DF9D13.tmp
13.01.2007 20:04 136 hpotdd000.log
12 Datei(en) 101.000 Bytes
0 Verzeichnis(se), 5.215.260.672 Bytes frei





Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D0BE-E0C7

Verzeichnis von C:\WINDOWS

13.01.2007 20:06 733 win.ini
13.01.2007 16:58 379.749 setupapi.log
13.01.2007 16:58 0 0.log
13.01.2007 16:58 1.959.106 WindowsUpdate.log
13.01.2007 16:58 159 wiadebug.log
13.01.2007 16:58 50 wiaservc.log
13.01.2007 16:58 2.048 bootstat.dat
09.01.2007 23:39 117.271 iis6.log
09.01.2007 23:39 254.334 comsetup.log
09.01.2007 23:39 152.711 ntdtcsetup.log
09.01.2007 23:39 285.043 tsoc.log
09.01.2007 23:39 1.355 imsins.log
09.01.2007 23:39 40.684 ocmsn.log
09.01.2007 23:39 3.562 KB929969.log
09.01.2007 23:39 358.034 ocgen.log
09.01.2007 23:39 37.181 msgsocm.log
09.01.2007 23:39 738.710 FaxSetup.log
31.12.2006 14:47 32.628 SchedLgU.Txt
30.12.2006 18:41 395.941 DirectX.log
29.12.2006 20:01 5.663 cdplayer.ini
29.12.2006 19:32 783 videoimp.ini
29.12.2006 19:32 54.156 QTFont.qfn
29.12.2006 00:51 270.835 wmsetup.log
28.12.2006 23:25 48.499 spupdsvc.log
28.12.2006 21:24 2.114 wmsetup10.log
28.12.2006 21:24 1.393 imsins.BAK
28.12.2006 21:24 5.720 KB926239.log
28.12.2006 21:24 91.645 updspapi.log
28.12.2006 21:23 4.073 MSCompPackV1.log
28.12.2006 21:23 18.445 wmp11.log
28.12.2006 21:17 25.227 WMFDist11.log
28.12.2006 21:14 10.691 Wudf01000Inst.log
21.12.2006 22:21 1.409 QTFont.for
14.12.2006 00:04 10.004 KB925398.log
14.12.2006 00:02 11.403 KB923689.log
13.12.2006 23:59 11.484 KB926255.log
13.12.2006 23:58 12.186 KB923694.log
13.12.2006 06:47 14.427 KB885295.log
26.11.2006 20:58 22.444 ie7_main.log
26.11.2006 20:58 65.877 ie7.log
26.11.2006 20:57 16.239 IDNMitigationAPIs.log
26.11.2006 20:56 15.965 NLSDownlevelMapping.log
26.11.2006 20:56 14.252 KB915865.log
26.11.2006 20:55 11.737 KB914440.log
26.11.2006 20:55 31.263 KB920213.log
26.11.2006 20:54 17.797 KB920342.log
18.11.2006 21:13 19.166 KB923980.log
18.11.2006 21:13 19.231 KB924270.log
18.11.2006 21:09 23.114 KB922760.log





Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D0BE-E0C7

Verzeichnis von C:\WINDOWS\Temp






Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D0BE-E0C7

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.11.2006 14:36 5.019 swflash.inf
25.06.2006 11:50 1.793 erma.inf
28.09.2004 17:24 65 desktop.ini
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
4 Datei(en) 8.039 Bytes
0 Verzeichnis(se), 5.215.297.536 Bytes frei






Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D0BE-E0C7

Verzeichnis von C:\

13.01.2007 20:28 0 sys.txt
13.01.2007 20:27 462 down.txt
13.01.2007 20:27 117 tmp.txt
13.01.2007 20:27 12.470 system.txt
13.01.2007 20:24 828 systemtemp.txt
13.01.2007 20:21 102.645 system32.txt
13.01.2007 16:58 1.073.270.784 hiberfil.sys
13.01.2007 16:58 1.609.801.728 pagefile.sys
28.12.2006 23:42 52 28.12.2006234258.txt
10.12.2006 19:53 2.560 crashAddress.txt
08.10.2006 23:15 32.629 hpfr3500.log
07.10.2006 20:05 5 07.10.2006210555.txt

#4 Charlie1983

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\run|SpybotSD TeaTimer
HKLM\software\microsoft\windows\currentversion\run|Shareaza
HKLM\software\microsoft\windows\currentversion\run|EA Core

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000003}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847}

Files to delete:
C:\WINDOWS\system32\pushow83.dll_tobedeleted

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: Texas Hold'em Poker by pogo -
O16 - DPF: World Class Solitaire by pogo -

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

»»
scanne mit Counterspy, stelle nach dem scan alles auf remove und poste hier den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 So hier der scanreport:

Zitat

Spyware Scan Details
Start Date: 14.01.2007 12:22:06
End Date: 14.01.2007 13:48:58
Total Time: 1 hrs 26 mins 52 secs

Detected spyware

WhenU.VVSN Adware Downloader more information...
Details: WhenU.VVSN is an installer application for many WhenU products, including WhenU.Save!, WhenU.Weathercast, WhenUSearch, and WhenU.ClockSync.
Status: Deleted


Ipwins Adware (General) more information...
Status: Deleted

Infected files detected
c:\programme\ipwins\uninst.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IpWins
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IpWins SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IpWins Changed 0


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected files detected
C:\Programme\DAEMON Tools\SetupDTSB.exe


Adware.888bar Adware (General) more information...
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\{D0BEE0C7-0A26-1031-1211-030312090031}\system.dll
C:\Programme\Gemeinsame Dateien\{D0BEE0C7-0A27-1031-1211-030312090031}\system.dll


PartyPoker Potentially Unwanted Program more information...
Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
Status: Deleted

Infected files detected
C:\Programme\PartyGaming.net\PartyPokerNet\images\ppicon.ico
C:\Programme\PartyGaming.net\PartyPokerNet\images\pp_browser.ico


MyNetProtector Rogue Security Program more information...
Status: Deleted

Infected files detected
D:\Programme\CS\Sierra\Counter-Strike\cstrike\sound\weapons\m3-1.wav


Maxifiles Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\IDL
HKEY_CURRENT_USER\Software\IDL b103 yes
HKEY_CURRENT_USER\Software\IDL remove yes


AdPerform Browser Plug-in more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847}


Mirar Toolbar more information...
Details: Mirar is an adware application that installs a browser helper object (BHO) in the form of a toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} Changed 0


Yuupsearch Toolbar Toolbar more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}\InprocServer32 C:\Programme\Ashampoo\olado Toolbar von Ashampoo\olado.dll
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}\ProgID XBTB01535.XBTB01535.1
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}\TypeLib {73C1FDA6-4778-45cc-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837}\VersionIndependentProgID XBTB01535.XBTB01535
HKEY_CLASSES_ROOT\CLSID\{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} olado Toolbar von Ashampoo
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF}\TypeLib {73C1FDA6-4778-45CC-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4d7b-415B-8250-15C3B854E9FF} ISoftomateObj


180solutions.SearchAssistant Adware (General) more information...
Details: 180search Assistant is an adware application that monitors users' search queries and web surfing in order to display targeted advertising.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
HKEY_CLASSES_ROOT\AppID\{D28CD14C-50BE-4CFA-951E-B37F25DA3472} ActiveX
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL AppID {D28CD14C-50BE-4CFA-951E-B37F25DA3472}


Kidda Toolbar Toolbar more information...
Details: Kidda Toolbar is an Internet Explorer Browser Helper Object made with the IE Toolbar package. It modifies the user's homepage settings without notification.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\TypeLib {73C1FDA6-4778-45CC-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF} ISoftomateObj
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\iexplore Type 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\iexplore Count 14280
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\iexplore Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\iexplore Blocked 3
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\TypeLib {73C1FDA6-4778-45CC-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC} IToolHelper


BlueWave Adult Links Toolbar more information...
Details: BlueWave Adult Links is a porn adware toolbar for Internet Explorer.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\TypeLib {73C1FDA6-4778-45CC-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{EABBB49A-4D7B-415B-8250-15C3B854E9FF} ISoftomateObj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\TypeLib {73C1FDA6-4778-45CC-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC} IToolHelper


Toolbar.CommonElements Toolbar more information...
Details: Toolbar.CommonElements is a collection of traces typically found in multiple toolbars and browser plug-ins.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ToolBand.ToolHelper.1
HKEY_CLASSES_ROOT\ToolBand.ToolHelper.1\CLSID {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_CLASSES_ROOT\ToolBand.ToolHelper.1 ToolHelper Class
HKEY_CLASSES_ROOT\ToolBand.ToolHelper
HKEY_CLASSES_ROOT\ToolBand.ToolHelper\CLSID {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_CLASSES_ROOT\ToolBand.ToolHelper\CurVer ToolBand.ToolHelper.1
HKEY_CLASSES_ROOT\ToolBand.ToolHelper ToolHelper Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\TypeLib {73C1FDA6-4778-45CC-9F0D-8A5FFB35E91D}
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{0D5CC8AE-0BB0-49C3-BA33-BA4508EA43CC} IToolHelper


Zango.CommonElements Adware (General) more information...
Details: Zango.CommonElements is a collection of traces that are found in multiple adware programs from 180solutions / Zango.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\saix.installercaller
HKEY_CLASSES_ROOT\saix.installercaller\CurVer SAIX.InstallerCaller.1
HKEY_CLASSES_ROOT\saix.installercaller SAIX
HKEY_CLASSES_ROOT\saix.installercaller.1
HKEY_CLASSES_ROOT\saix.installercaller.1 SAIX


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\darklord\cookies\darklord@doubleclick[1].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\darklord\cookies\darklord@mediaplex[1].txt

Vielen dank schonmal für deine Hilfe

#6 Charlie1983

1.
poste das log
http://virus-protect.org/artikel/tools/combofix.html

2.
poste das neue Log vom HijaxkThis
__________
MfG Sabina

rund um die PC-Sicherheit

#7 "DarkLord" - 07-01-14 17:09:05 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Dokumente und Einstellungen\DarkLord"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\WinNB58.dll
C:\Programme\Gemeinsame Dateien\{D0BEE0C7-0A26-1031-1211-030312090031}
C:\Programme\Gemeinsame Dateien\{D0BEE0C7-0A27-1031-1211-030312090031}


((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 12:06 <DIR> d----c--- C:\Programme\Sunbelt Software
2007-01-14 11:37 <DIR> d----c--- C:\avenger
2007-01-09 23:39 <DIR> d----c--- C:\WINDOWS\ie7updates
2006-12-28 21:14 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 15:27 -------- d----c--- C:\Programme\mozilla firefox
2007-01-14 13:53 -------- d----c--- C:\Programme\daemon tools
2007-01-14 11:45 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\skype
2007-01-13 20:17 5776 --a--c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\cleanup!.log
2007-01-13 18:03 -------- d----c--- C:\Programme\msn messenger
2007-01-13 08:58 -------- d----c--- C:\Programme\ashampoo
2007-01-05 17:59 -------- d----c--- C:\Programme\antivir personaledition classic
2007-01-02 21:16 -------- d--h-c--- C:\Programme\installshield installation information
2006-12-28 21:21 -------- d----c--- C:\Programme\windows media connect 2
2006-12-19 18:44 -------- d----c--- C:\Programme\java
2006-12-13 06:47 -------- d----c--- C:\Programme\Gemeinsame Dateien\aol
2006-12-13 06:47 -------- d----c--- C:\Programme\aol
2006-12-13 06:46 -------- d----c--- C:\Programme\Gemeinsame Dateien\aolshare
2006-11-28 16:49 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\temp
2006-11-18 21:13 -------- d----c--- C:\Programme\msxml 4.0
2006-11-17 12:05 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-16 17:44 33592 --a--c--- C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 17:44 25136 --a--c--- C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-08 06:06 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 -----c--- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 -----c--- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 -----c--- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a--c--- C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a--c--- C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 -----c--- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a--c--- C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a--c--- C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a--c--- C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a--c--- C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a--c--- C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a--c--- C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a--c--- C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a--c--- C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a--c--- C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a--c--- C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a--c--- C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a--c--- C:\WINDOWS\system32\msxml4.dll
2006-11-04 11:57 6451 --a--c--- C:\Programme\pstrip.ini
2006-11-03 22:57 6339 --a--c--- C:\Programme\pstrip.bak
2006-11-03 11:08 6269 --a--c--- C:\Programme\pstrip.bko
2006-11-03 10:02 8282112 --a--c--- C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:56 99840 --a--c--- C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:55 275968 --a--c--- C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:54 8192 --a--c--- C:\WINDOWS\system32\asferror.dll
2006-11-02 11:51 43008 -----c--- C:\WINDOWS\system32\wpdshextres.dll
2006-10-24 18:22 98304 --a--c--- C:\WINDOWS\system32\cmdlineext.dll
2006-10-20 02:38 715776 --a--c--- C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a--c--- C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a--c--- C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 767488 -----c--- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a--c--- C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 -----c--- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a--c--- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a--c--- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 -----c--- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a--c--- C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a--c--- C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 -----c--- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a--c--- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a--c--- C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 37376 --a--c--- C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a--c--- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a--c--- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a--c--- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a--c--- C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a--c--- C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 -----c--- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a--c--- C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 -----c--- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 -----c--- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a--c--- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a--c--- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 -----c--- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a--c--- C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a--c--- C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a--c--- C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a--c--- C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 -----c--- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a--c--- C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a--c--- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 -----c--- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a--c--- C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a--c--- C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 -----c--- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a--c--- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 -----c--- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a--c--- C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a--c--- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 -----c--- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 -----c--- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 -----c--- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a--c--- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 -----c--- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 -----c--- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a--c--- C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a--c--- C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 -----c--- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a--c--- C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 -----c--- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 -----c--- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a--c--- C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a--c--- C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 -----c--- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a--c--- C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a--c--- C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a--c--- C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 -----c--- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 -----c--- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a--c--- C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 -----c--- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a--c--- C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a--c--- C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 -----c--- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="C:\\Programme\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"Shareaza"="\"C:\\Programme\\Shareaza\\Shareaza.exe\" -tray"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"EA Core"="C:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"AOL Dialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOlDial.exe"
"Ashampoo PopUpBlocker"="C:\\PROGRA~1\\Ashampoo\\ASHAMP~3\\PopUpKiller.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
"CounterSpyCleaner"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunASCleaner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AdaptecDirectCD"="\"C:\\Programme\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"HP Software Update"="C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"DeviceDiscovery"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"Conceptronic Conceptronic 54Mbps Wireless Utility"="C:\\Programme\\Conceptronic\\Conceptronic 54Mbps Wireless Utility\\WLANmon.exe"
"ANIWZCS2Service"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
@=""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"Glass2k"="C:\\Programme\\Glass2k\\Glass2k.exe"
"LClock"="C:\\Programme\\LClock\\LClock.exe"
"BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165988786\\ee\\AOLSoftware.exe"
"mspwr"="C:\\WINDOWS\\system32\\PuXpMan2.exe"
"Maplom"="C:\\Programme\\Maplom\\Maplom.exe /silent"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2

Completion time: 07-01-14 17:17:44









Logfile of HijackThis v1.99.1
Scan saved at 17:33:06, on 14.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe







Wie sieht es denn so ungefähr jetzt aus auf meinem PC?
Weil ich versteh davon atm gar nichts mehr

Lg
Charlie

#8 du hast das avengerscript nicht abgearbeitet
was machen wir hier eigentlich ???
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Da muss wohl irgendwas schiefgelaufen sein.
Hab Avenger jetzt nochmal laufen lassen, und hier das neue Log von Combofix und HjT




"DarkLord" - 07-01-14 19:08:11 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Dokumente und Einstellungen\DarkLord\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 18:59 <DIR> d----c--- C:\avenger
2007-01-14 12:06 <DIR> d----c--- C:\Programme\Sunbelt Software
2007-01-09 23:39 <DIR> d----c--- C:\WINDOWS\ie7updates
2006-12-28 21:14 <DIR> d----c--- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 19:03 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\skype
2007-01-14 15:27 -------- d----c--- C:\Programme\mozilla firefox
2007-01-14 13:53 -------- d----c--- C:\Programme\daemon tools
2007-01-13 20:17 5776 --a--c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\cleanup!.log
2007-01-13 18:03 -------- d----c--- C:\Programme\msn messenger
2007-01-13 08:58 -------- d----c--- C:\Programme\ashampoo
2007-01-05 17:59 -------- d----c--- C:\Programme\antivir personaledition classic
2007-01-02 21:16 -------- d--h-c--- C:\Programme\installshield installation information
2006-12-28 21:21 -------- d----c--- C:\Programme\windows media connect 2
2006-12-19 18:44 -------- d----c--- C:\Programme\java
2006-12-13 06:47 -------- d----c--- C:\Programme\Gemeinsame Dateien\aol
2006-12-13 06:47 -------- d----c--- C:\Programme\aol
2006-12-13 06:46 -------- d----c--- C:\Programme\Gemeinsame Dateien\aolshare
2006-11-28 16:49 -------- d----c--- C:\DOKUME~1\DarkLord\Anwendungsdaten\temp
2006-11-18 21:13 -------- d----c--- C:\Programme\msxml 4.0
2006-11-17 12:05 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-16 17:44 33592 --a--c--- C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 17:44 25136 --a--c--- C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-08 06:06 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 -----c--- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 -----c--- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 -----c--- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a--c--- C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a--c--- C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 -----c--- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a--c--- C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a--c--- C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a--c--- C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a--c--- C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a--c--- C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a--c--- C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a--c--- C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a--c--- C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a--c--- C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a--c--- C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a--c--- C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a--c--- C:\WINDOWS\system32\msxml4.dll
2006-11-04 11:57 6451 --a--c--- C:\Programme\pstrip.ini
2006-11-03 22:57 6339 --a--c--- C:\Programme\pstrip.bak
2006-11-03 11:08 6269 --a--c--- C:\Programme\pstrip.bko
2006-11-03 10:02 8282112 --a--c--- C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:56 99840 --a--c--- C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:55 275968 --a--c--- C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:54 8192 --a--c--- C:\WINDOWS\system32\asferror.dll
2006-11-02 11:51 43008 -----c--- C:\WINDOWS\system32\wpdshextres.dll
2006-10-24 18:22 98304 --a--c--- C:\WINDOWS\system32\cmdlineext.dll
2006-10-20 02:38 715776 --a--c--- C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a--c--- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a--c--- C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a--c--- C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 767488 -----c--- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a--c--- C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 -----c--- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a--c--- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a--c--- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 -----c--- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a--c--- C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a--c--- C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 -----c--- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a--c--- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a--c--- C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a--c--- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 37376 --a--c--- C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a--c--- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a--c--- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a--c--- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a--c--- C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a--c--- C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 -----c--- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a--c--- C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 -----c--- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 -----c--- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a--c--- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a--c--- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 -----c--- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 -----c--- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a--c--- C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a--c--- C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a--c--- C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a--c--- C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 -----c--- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a--c--- C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a--c--- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 -----c--- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a--c--- C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a--c--- C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 -----c--- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a--c--- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 -----c--- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a--c--- C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a--c--- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 -----c--- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 -----c--- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 -----c--- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a--c--- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 -----c--- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 -----c--- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a--c--- C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a--c--- C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 -----c--- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a--c--- C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 -----c--- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 -----c--- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a--c--- C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a--c--- C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 -----c--- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a--c--- C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a--c--- C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a--c--- C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 -----c--- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 -----c--- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a--c--- C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 -----c--- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a--c--- C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a--c--- C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 -----c--- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="C:\\Programme\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"Shareaza"="\"C:\\Programme\\Shareaza\\Shareaza.exe\" -tray"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"EA Core"="C:\\Programme\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"AOL Dialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOlDial.exe"
"Ashampoo PopUpBlocker"="C:\\PROGRA~1\\Ashampoo\\ASHAMP~3\\PopUpKiller.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
"CounterSpyCleaner"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunASCleaner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AdaptecDirectCD"="\"C:\\Programme\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"HP Software Update"="C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"DeviceDiscovery"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"Conceptronic Conceptronic 54Mbps Wireless Utility"="C:\\Programme\\Conceptronic\\Conceptronic 54Mbps Wireless Utility\\WLANmon.exe"
"ANIWZCS2Service"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
@=""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"Glass2k"="C:\\Programme\\Glass2k\\Glass2k.exe"
"LClock"="C:\\Programme\\LClock\\LClock.exe"
"BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165988786\\ee\\AOLSoftware.exe"
"mspwr"="C:\\WINDOWS\\system32\\PuXpMan2.exe"
"Maplom"="C:\\Programme\\Maplom\\Maplom.exe /silent"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b894a4-1177-11d9-9ee1-806d6172696f}]
Shell\AutoRun\command D:\setupSNK.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATWPKT2

Completion time: 07-01-14 19:11:40
C:\ComboFix2.txt ... 07-01-14 17:17

Logfile of HijackThis v1.99.1
Scan saved at 19:32:19, on 14.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe





HjT Log folgt in 2 Minuten



Mfg
Charlie

#10 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein: (ohne zitat)

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\run|SpybotSD TeaTimer
HKLM\software\microsoft\windows\currentversion\run|Shareaza
HKLM\software\microsoft\windows\currentversion\run|EA Core

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000003}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847}

Files to delete:
C:\WINDOWS\system32\pushow83.dll_tobedeleted

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

nach dem neustart erscheint das log vom Avenger - kopiere es hier
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xiaqsawh

*******************

Script file located at: \??\C:\WINDOWS\fdnpnbjo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\pushow83.dll_tobedeleted not found!
Deletion of file C:\WINDOWS\system32\pushow83.dll_tobedeleted failed!

Could not process line:
C:\WINDOWS\system32\pushow83.dll_tobedeleted
Status: 0xc0000034



Could not delete registry value HKLM\software\microsoft\windows\currentversion\run|SpybotSD TeaTimer
Deletion of registry value HKLM\software\microsoft\windows\currentversion\run|SpybotSD TeaTimer failed!
Status: 0xc0000034



Could not delete registry value HKLM\software\microsoft\windows\currentversion\run|Shareaza
Deletion of registry value HKLM\software\microsoft\windows\currentversion\run|Shareaza failed!
Status: 0xc0000034



Could not delete registry value HKLM\software\microsoft\windows\currentversion\run|EA Core
Deletion of registry value HKLM\software\microsoft\windows\currentversion\run|EA Core failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000003} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E0E0F0-5C30-11D4-945D-000000000003} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847} not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#12 fein
nun poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Logfile of HijackThis v1.99.1
Scan saved at 22:22:35, on 14.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Danke dir, dass du so geduldig bist :-)

#14 öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - (no file)

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Shareaza] "C:\Programme\Shareaza\Shareaza.exe" -tray

Pc neustarten

»»
poste das neue log vom HijacktHis
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Logfile of HijackThis v1.99.1
Scan saved at 22:37:15, on 14.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\DarkLord\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Glass2k] C:\Programme\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165988786\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Maplom] C:\Programme\Maplom\Maplom.exe /silent
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [AOL Dialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~3\PopUpKiller.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1A322A-DAA3-4A2E-BFF3-793D930562FB}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe