Home » Spyware & Browser Hijacker Support Forum » Adware+2xInternetexplorer!!! » Themenansicht

Adware+2xInternetexplorer!!!

Thema ist geschlossen!
Thema ist geschlossen!
#0
16.01.2007, 17:03
mmtmeiko
...neu hier

Beiträge: 4
#1 Hi zusammen. Hab kräftig Adware mit iexplorer 7. Außerdem steht bei mir im Taskmanager auch wenn ich den browser gar nicht offen hab.ing processes: C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FolderSize\FolderSizeSvc.exe
C:\Programme\Logitech\Easy Synchronization\servicestub.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\spiele\steam.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\FRITZ!DSL\StCenter.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe
C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Michael Tran\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "d:\spiele\steam.exe" -silent
O4 - HKCU\..\Run: [signbolt] C:\DOKUME~1\MICHAE~1\ANWEND~1\exitdeaf\Nurb list.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7353BF-4F7E-4E6D-98BE-EA697C514702}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B7353BF-4F7E-4E6D-98BE-EA697C514702}: NameServer = 192.168.122.252,192.168.122.253
O18 - Protocol: bw+0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {9026D611-D138-403E-9BED-4E873AEA2F95} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: LBTWlgn - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Seitenanfang Seitenende
16.01.2007, 17:12
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.01.2007, 19:26
mmtmeiko
...neu hier

Themenstarter

Beiträge: 4
#3 "Michael Tran" - 07-01-16 18:03:31 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Dokumente und Einstellungen\Michael Tran\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))


2007-01-15 19:13 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\IE7pro
2007-01-15 19:11 <DIR> d-------- C:\Programme\IE7pro
2007-01-15 18:14 <DIR> d-------- C:\Programme\CCleaner
2007-01-14 16:12 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\TEMP
2007-01-11 16:29 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Messenger Plus!
2007-01-11 15:27 <DIR> d-------- C:\Programme\LIUtilities
2007-01-11 15:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-01-11 14:56 <DIR> d-------- C:\WINDOWS\pss
2007-01-11 14:19 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\PC Tools
2007-01-10 19:17 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-09 15:43 <DIR> d-------- C:\Programme\MSECache
2007-01-08 22:03 <DIR> d-------- C:\Programme\Windows Live Safety Center
2007-01-08 17:32 0 -rahs---- C:\MSDOS.SYS
2007-01-08 17:32 0 -rahs---- C:\IO.SYS
2007-01-05 21:59 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-01-05 21:57 <DIR> d-------- C:\Programme\OO Software
2007-01-05 21:42 311 --a------ C:\WINDOWS\system32\cleartmp.bat
2007-01-05 21:41 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-01-05 19:35 <DIR> d-------- C:\Programme\Messenger Plus! Live
2007-01-05 19:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-05 19:32 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Contacts
2007-01-05 19:05 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\MULTIBEEPCAST32
2007-01-05 19:04 <DIR> d-------- C:\Programme\MessengerPlus! 3
2007-01-05 19:04 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\exitdeaf
2007-01-05 18:55 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-01-05 18:55 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-01-05 18:55 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2007-01-05 18:55 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2007-01-05 18:55 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2007-01-05 18:55 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2007-01-05 18:55 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-01-05 18:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-01-04 22:07 <DIR> d-------- C:\Programme\Your Uninstaller 2006
2007-01-04 19:44 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\URSoft
2007-01-04 18:14 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\Media Player Classic
2007-01-04 18:13 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-01-04 18:13 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-01-04 18:13 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2007-01-04 18:13 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2007-01-04 18:13 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-01-04 18:13 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-01-04 18:13 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-01-04 18:09 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-01-04 18:09 <DIR> d-------- C:\Programme\K-Lite Codec Pack
2007-01-03 19:52 <DIR> d-------- C:\Programme\FolderSize

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-16 17:41 -------- d-------- C:\Programme\emule
2007-01-16 15:51 -------- d-------- C:\Programme\java
2007-01-16 15:49 -------- d-------- C:\Programme\mozilla firefox
2007-01-13 12:45 -------- d-------- C:\Programme\staroffice7
2007-01-13 10:49 -------- d-------- C:\Programme\msn messenger
2007-01-12 20:01 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\corel
2007-01-11 16:36 -------- d---s---- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\microsoft
2007-01-11 14:10 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-09 16:27 -------- d-------- C:\Programme\ashampoo
2007-01-07 17:49 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\dvdcss
2007-01-07 15:56 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\adobe
2007-01-07 15:52 -------- d-------- C:\Programme\Gemeinsame Dateien\adobe
2007-01-04 23:07 -------- d-------- C:\Programme\fritz!dsl
2007-01-03 19:52 -------- d--h----- C:\Programme\installshield installation information
2006-12-31 14:24 2019 --a------ C:\WINDOWS\newrecorder.reg
2006-12-31 14:24 1730594 --a------ C:\WINDOWS\recorder.reg
2006-12-30 12:01 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-17 17:30 -------- d-------- C:\Programme\freeware-surfer
2006-12-17 13:49 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\canon
2006-12-14 20:55 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\vlc
2006-12-14 20:53 -------- d-------- C:\Programme\videolan
2006-12-13 18:25 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\ldoce4
2006-12-13 18:21 126976 --a------ C:\WINDOWS\system32\uaservice7.exe
2006-12-13 18:21 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\securom
2006-12-13 18:19 -------- d-------- C:\Programme\textware


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Steam"="\"d:\\spiele\\steam.exe\" -silent"
"signbolt"="C:\\DOKUME~1\\MICHAE~1\\ANWEND~1\\exitdeaf\\Nurb list.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"InstantTray"="C:\\Programme\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe"
"IW_Drop_Icon"="C:\\Programme\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /DropDisc"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVMWlanClient"="C:\\Programme\\avmwlanstick\\wlangui.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"Logitech Hardware Abstraction Layer"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\khalshared\\KHALMNPR.EXE\""
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Easy Synchronization"="C:\\Programme\\Logitech\\Easy Synchronization\\LogitechEasySync.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"CorelDRAW ESSENTIALS14"="C:\\Programme\\Corel\\CorelDRAW ESSENTIALS 2\\Register\\Registration.exe /title=\"CorelDRAW ESSENTIALS\" /date=100606 serial=ES02WBG-0090091-CML"
"OpwareSE2"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"OPSE reminder"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\EregGer\\Ereg.exe\" -r \"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\EregGer\\ereg.ini\""
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Phone Detect 4"="C:\\PROGRA~1\\ALCATE~2\\LinkSetup\\PhoneDetectLaunch.exe"
"LogitechQuickCamRibbon"="\"C:\\Programme\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\LComMgr\\LVComSX.exe\""
"QuickFinder Scheduler"="\"C:\\Programme\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"PinnacleRemote"="C:\\Programme\\Pinnacle\\Shared Files\\remoterm.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\LComMgr\\Communications_Helper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"="C:\\Programme\\Logitech\\Easy Synchronization\\LogitechEasySync.exe --ports"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"="ShellExecuteHook class"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bfaa0cd-8d02-11db-afb3-00138fa4f9db}]


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\B9963FCB9035ACAF.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-16 18:06:37
Seitenanfang Seitenende
17.01.2007, 00:29
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
C:\WINDOWS\tasks\B9963FCB9035ACAF.job

Folders to delete:
C:\Programme\MessengerPlus! 3
C:\Programme\Messenger Plus! Live
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\Contacts
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\exitdeaf
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MULTIBEEPCAST32
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
scanne mit Counterspy und lasse den ganzen MessengerPlus! 3-MUELL
loeschen
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 18:14
mmtmeiko
...neu hier

Themenstarter

Beiträge: 4
#5 Hi glaub jetzt gehts, doch exitdeaf.exe und contacts hab ich nicht wegbekommen. Is des noch gefährlich? Hab nochma combofix:

2007-01-17 17:49 <DIR> d-------- C:\Programme\Messenger Plus! Live
2007-01-17 16:57 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\Opera
2007-01-17 16:54 <DIR> d-------- C:\Programme\Opera
2007-01-17 16:27 <DIR> d-------- C:\Programme\Sunbelt Software
2007-01-17 16:18 <DIR> d-------- C:\avenger
2007-01-15 19:13 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\IE7pro
2007-01-15 19:11 <DIR> d-------- C:\Programme\IE7pro
2007-01-15 18:14 <DIR> d-------- C:\Programme\CCleaner
2007-01-14 16:12 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\TEMP
2007-01-11 15:27 <DIR> d-------- C:\Programme\LIUtilities
2007-01-11 15:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-01-11 14:56 <DIR> d-------- C:\WINDOWS\pss
2007-01-11 14:19 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\PC Tools
2007-01-10 19:17 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-09 15:43 <DIR> d-------- C:\Programme\MSECache
2007-01-08 22:03 <DIR> d-------- C:\Programme\Windows Live Safety Center
2007-01-08 17:32 0 -rahs---- C:\MSDOS.SYS
2007-01-08 17:32 0 -rahs---- C:\IO.SYS
2007-01-05 21:59 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-01-05 21:57 <DIR> d-------- C:\Programme\OO Software
2007-01-05 21:42 311 --a------ C:\WINDOWS\system32\cleartmp.bat
2007-01-05 21:41 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-01-05 19:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-01-05 19:32 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Contacts
2007-01-05 18:55 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-01-05 18:55 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-01-05 18:55 634,880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2007-01-05 18:55 522,752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2007-01-05 18:55 467,968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2007-01-05 18:55 467,456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2007-01-05 18:55 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-01-05 18:47 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-01-04 22:07 <DIR> d-------- C:\Programme\Your Uninstaller 2006
2007-01-04 19:44 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\URSoft
2007-01-04 18:14 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\Media Player Classic
2007-01-04 18:13 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-01-04 18:13 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-01-04 18:13 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2007-01-04 18:13 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2007-01-04 18:13 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-01-04 18:13 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-01-04 18:13 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-01-04 18:09 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-01-04 18:09 <DIR> d-------- C:\Programme\K-Lite Codec Pack
2007-01-03 19:52 <DIR> d-------- C:\Programme\FolderSize
2007-01-03 19:52 <DIR> d-------- C:\Programme\DiscWizard 2003
2007-01-03 19:44 <DIR> d-------- C:\Programme\PC Wizard 2006
2007-01-03 18:58 <DIR> d-------- C:\Programme\RMClock
2007-01-03 18:54 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-01-03 18:53 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-03 18:33 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\Talkback
2007-01-03 13:03 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Bluetooth Software
2007-01-03 12:59 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-01-03 12:58 47,104 --a------ C:\WINDOWS\system32\drivers\vserial.sys
2007-01-03 12:58 18,167 --a------ C:\WINDOWS\system32\drivers\vsb.sys
2007-01-03 12:58 <DIR> d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\Logitech
2007-01-03 12:58 <DIR> d-------- C:\DOKUME~1\LOCALS~1\Anwendungsdaten\Logitech
2007-01-03 12:57 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-01-03 12:57 71,936 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-01-03 12:57 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-01-03 12:57 56,064 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-01-03 12:57 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-01-03 12:57 290,881 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2007-01-03 12:57 27,136 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-01-03 12:57 19,372 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys
2007-01-03 12:57 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-01-03 12:57 131,072 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-01-03 12:57 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-01-03 12:57 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-01-03 12:54 <DIR> d-------- C:\Programme\WIDCOMM
2007-01-03 12:46 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-01-03 12:46 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-12-31 14:27 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Fellowes
2006-12-31 14:24 <DIR> d-------- C:\Programme\Pinnacle


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 16:06 -------- d-------- C:\Programme\mozilla firefox
2007-01-16 18:28 -------- d-------- C:\Programme\emule
2007-01-16 15:51 -------- d-------- C:\Programme\java
2007-01-13 12:45 -------- d-------- C:\Programme\staroffice7
2007-01-13 10:49 -------- d-------- C:\Programme\msn messenger
2007-01-12 20:01 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\corel
2007-01-11 16:36 -------- d---s---- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\microsoft
2007-01-11 14:10 -------- d-------- C:\Programme\antivir personaledition classic
2007-01-09 16:27 -------- d-------- C:\Programme\ashampoo
2007-01-07 17:49 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\dvdcss
2007-01-07 15:56 -------- d-------- C:\DOKUME~1\MICHAE~1\Anwendungsdaten\adobe
2007-01-07 15:52 -------- d-------- C:\Programme\Gemeinsame Dateien\adobe
2007-01-04 23:07 -------- d-------- C:\Programme\fritz!dsl
2007-01-03 19:52 -------- d--h----- C:\Programme\installshield installation information
2007-01-03 12:59 -------- d-------- C:\Programme\logitech
2007-01-03 12:57 -------- d-------- C:\Programme\Gemeinsame Dateien\logitech
2006-12-31 14:24 2019 --a------ C:\WINDOWS\newrecorder.reg
2006-12-31 14:24 1730594 --a------ C:\WINDOWS\recorder.reg
2006-12-30 12:01 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-12-17 17:30 -------- d-------- C:\Programme\freeware-surfer
2006-12-17 14:30 -------- d-------- C:\Programme\avmwlanstick


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Steam"="\"d:\\spiele\\steam.exe\" -silent"
"signbolt"="C:\\DOKUME~1\\MICHAE~1\\ANWEND~1\\exitdeaf\\Nurb list.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"InstantTray"="C:\\Programme\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe"
"IW_Drop_Icon"="C:\\Programme\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /DropDisc"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVMWlanClient"="C:\\Programme\\avmwlanstick\\wlangui.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"Logitech Hardware Abstraction Layer"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\khalshared\\KHALMNPR.EXE\""
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Easy Synchronization"="C:\\Programme\\Logitech\\Easy Synchronization\\LogitechEasySync.exe"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"CorelDRAW ESSENTIALS14"="C:\\Programme\\Corel\\CorelDRAW ESSENTIALS 2\\Register\\Registration.exe /title=\"CorelDRAW ESSENTIALS\" /date=100606 serial=ES02WBG-0090091-CML"
"OpwareSE2"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"OPSE reminder"="\"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\EregGer\\Ereg.exe\" -r \"C:\\Programme\\ScanSoft\\OmniPageSE2.0\\EregGer\\ereg.ini\""
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Phone Detect 4"="C:\\PROGRA~1\\ALCATE~2\\LinkSetup\\PhoneDetectLaunch.exe"
"LogitechQuickCamRibbon"="\"C:\\Programme\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\LComMgr\\LVComSX.exe\""
"QuickFinder Scheduler"="\"C:\\Programme\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"PinnacleRemote"="C:\\Programme\\Pinnacle\\Shared Files\\remoterm.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"LogitechCommunicationsManager"="\"C:\\Programme\\Gemeinsame Dateien\\Logitech\\LComMgr\\Communications_Helper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"="C:\\Programme\\Logitech\\Easy Synchronization\\LogitechEasySync.exe --ports"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"="ShellExecuteHook class"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bfaa0cd-8d02-11db-afb3-00138fa4f9db}]


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-17 18:01:12
C:\ComboFix2.txt ... 07-01-16 18:06
Seitenanfang Seitenende
17.01.2007, 18:49
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 1.
Avenger

Zitat

Folders to delete:
C:\Programme\Messenger Plus! Live
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\Contacts
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\exitdeaf
2.
öffne das HijackThis -- Button "scan" -- vor diesen Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKCU\..\Run: [signbolt] C:\DOKUME~1\MICHAE~1\ANWEND~1\exitdeaf\Nurb list.exe
PC neustarten

««
scanne mit Counterspy und lasse den ganzen MessengerPlus! 3 - MUELL
loeschen
http://virus-protect.org/counterspy.html
__________

dann sollten auch die popups ein Ende haben ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 21:52
mmtmeiko
...neu hier

Themenstarter

Beiträge: 4
#7 Danke, danke, danke, danke, danke, danke!!!

Seid echt klasse!!!

Hat alles einwandfrei geklappt und mir fällt ein Stein vom Herzen.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1