Critical System Errors!

#0
09.02.2007, 19:00
...neu hier

Beiträge: 1
#1 Bitte helft mir dieses Problem zu lösen!
Hoffe ich habe alle Logfiles für Euch...
Freundliche Grüsse aus Wien, Markus

Logfile of HijackThis v1.99.1
Scan saved at 22:59:32, on 31.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\DOKUME~1\Norbert\LOKALE~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOKUME~1\Norbert\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inode.at
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www6.inode.at/config/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Inode
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt0.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Programme\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFE7B5DE-6E02-4CD7-9242-EBCF435B5FC1}: NameServer = 195.34.133.21 195.34.133.22
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe

***********************************

"Norbert" - 07-02-09 18:48:39 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Dokumente und Einstellungen\Norbert\Desktop\hi"

((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 ))))))))))))))))))))))))))))))))))


2007-01-25 09:25 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\CyberLink
2007-01-25 08:37 <DIR> d-------- C:\DOKUME~1\Norbert\Anwendungsdaten\CyberLink
2007-01-20 15:55 <DIR> d--hs---- C:\FOUND.002
2007-01-13 18:09 <DIR> d-------- C:\DOKUME~1\Norbert\Anwendungsdaten\Google
2007-01-13 18:08 <DIR> d-------- C:\Programme\Google


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-06 22:02 -------- d-------- C:\Programme\partygaming.net
2006-12-28 16:39 -------- d-------- C:\DOKUME~1\Norbert\Anwendungsdaten\adobe
2006-12-25 19:48 -------- d-------- C:\Programme\norton internet security
2006-12-20 17:32 -------- d-------- C:\Programme\msxml 4.0
2006-12-19 21:23 -------- d-------- C:\Programme\itunes
2006-12-19 21:23 -------- d-------- C:\Programme\ipod
2006-12-19 21:22 -------- d-------- C:\Programme\quicktime
2006-12-19 19:35 -------- d-------- C:\DOKUME~1\Norbert\Anwendungsdaten\lavasoft
2006-12-19 19:31 -------- d-------- C:\Programme\lavasoft
2006-12-15 18:40 -------- d-------- C:\DOKUME~1\Norbert\Anwendungsdaten\apple computer
2006-12-15 18:39 -------- d-------- C:\Programme\apple software update
2006-12-15 01:29 -------- d-------- C:\Programme\inode
2006-12-15 01:19 -------- d-------- C:\Programme\yahoo!
2006-12-15 01:19 -------- d-------- C:\DOKUME~1\Norbert\Anwendungsdaten\macromedia
2006-12-15 01:18 -------- d-------- C:\Programme\acer
2006-12-15 01:15 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-12-14 23:35 19456 --a------ C:\WINDOWS\system32\rosdzop.dll
2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"LaunchApp"="Alaunch"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"AzMixerSel"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"ntiMUI"="C:\\Programme\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe /idle"
"LogitechCameraAssistant"="C:\\Programme\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Programme\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Programme\\Norton Internet Security\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{bb720bab-2f75-456b-a850-04d77b20f6b8}"="impasse"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILDRV10710


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton Internet Security - Vollst„ndige Systemprfung ausfhren - Norbert.job

Completion time: 07-02-09 18:49:31
C:\ComboFix2.txt ... 07-01-31 23:19

*******************************************************

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 0954-16DC

Verzeichnis von C:\WINDOWS\system32

09.02.2007 18:10 18.206 coh.cache
09.02.2007 18:04 451 eRLog.ini
09.02.2007 18:03 51.048 nvapps.xml
09.02.2007 18:03 1.158 wpa.dbl
31.01.2007 23:32 38.204 EraserAHS.log
31.01.2007 23:32 20.047 EraserAHS.tlg
16.01.2007 18:12 4.286 ot.ico
03.01.2007 00:19 10.980.776 MRT.exe
20.12.2006 18:17 53.770 perfc009.dat
20.12.2006 18:17 393.030 perfh007.dat
20.12.2006 18:17 382.026 perfh009.dat
20.12.2006 18:17 64.802 perfc007.dat
20.12.2006 18:17 902.370 PerfStringBackup.INI
20.12.2006 18:16 158.752 FNTCACHE.DAT
15.12.2006 01:29 1.750.016 AXWebchecker16Proj1.ocx
15.12.2006 01:22 3.251 lvcoinst.log
15.12.2006 01:19 51 Installer.log
15.12.2006 01:15 308 results.txt
15.12.2006 01:10 37.585 $winnt$.inf
14.12.2006 23:35 19.456 rosdzop.dll
07.12.2006 07:40 2.362.184 wmvcore.dll

******************************************************

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 0954-16DC

Verzeichnis von C:\DOKUME~1\Norbert\LOKALE~1\Temp

30.08.2006 21:32 507.904 RtkBtMnt.exe
1 Datei(en) 507.904 Bytes
0 Verzeichnis(se), 43.917.213.696 Bytes frei

********************************************************

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 0954-16DC

Verzeichnis von C:\WINDOWS

09.02.2007 18:04 3.842 ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
09.02.2007 18:03 159 wiadebug.log
09.02.2007 18:03 0 0.log
09.02.2007 18:03 2.048 bootstat.dat
01.02.2007 00:06 19.782 SchedLgU.Txt
01.02.2007 00:06 50 wiaservc.log
01.02.2007 00:06 1.932.160 WindowsUpdate.log
01.02.2007 00:06 12 bthservsdp.dat
25.01.2007 10:08 54.156 QTFont.qfn
19.01.2007 23:48 386.029 setupact.log
19.01.2007 23:48 200.741 setupapi.log
18.01.2007 14:19 1.409 QTFont.for
12.01.2007 17:47 6.354 wmsetup.log
11.01.2007 17:49 101.892 ntdtcsetup.log
11.01.2007 17:49 225.373 tsoc.log
11.01.2007 17:49 26.662 ocmsn.log
11.01.2007 17:49 97.566 netfxocm.log
11.01.2007 17:49 56.646 plusoc.log
11.01.2007 17:49 24.216 msgsocm.log
11.01.2007 17:49 24.619 tabletoc.log
11.01.2007 17:49 52.960 MedCtrOC.log
11.01.2007 17:49 236.292 ocgen.log
11.01.2007 17:49 1.374 imsins.log
11.01.2007 17:49 11.569 KB929969.log
11.01.2007 17:49 560.125 iis6.log
11.01.2007 17:49 27.754 ehOCGen.log
11.01.2007 17:49 496.103 FaxSetup.log
11.01.2007 17:49 170.597 comsetup.log
11.01.2007 17:49 154.568 msmqinst.log
24.12.2006 18:28 1.179 ie7_main.log
20.12.2006 18:16 1.274 spupdsvc.log
20.12.2006 17:38 48.962 KB917734.log
20.12.2006 17:38 1.393 imsins.BAK
20.12.2006 17:38 26.626 updspapi.log
20.12.2006 17:38 51.133 KB899587.log
20.12.2006 17:38 55.103 KB925454.log
20.12.2006 17:37 45.098 KB924191.log
20.12.2006 17:37 44.696 KB922819.log
20.12.2006 17:37 42.190 KB885835.log
20.12.2006 17:37 41.935 KB885836.log
20.12.2006 17:37 42.896 KB923414.log
20.12.2006 17:37 42.877 KB911927.log
20.12.2006 17:37 40.483 KB925398.log
20.12.2006 17:36 42.955 KB922616.log
20.12.2006 17:36 42.375 KB901017.log
20.12.2006 17:36 42.691 KB899591.log
20.12.2006 17:36 42.246 KB920685.log
20.12.2006 17:36 42.884 KB896424.log
20.12.2006 17:36 42.877 KB893756.log
20.12.2006 17:36 42.456 KB923980.log
20.12.2006 17:36 41.843 KB911280.log
20.12.2006 17:36 41.305 KB911562.log
20.12.2006 17:35 37.270 KB896423.log
20.12.2006 17:35 40.904 KB900485.log
20.12.2006 17:35 40.463 KB924270.log
20.12.2006 17:35 38.000 KB873339.log
20.12.2006 17:35 38.973 KB924496.log
20.12.2006 17:35 36.103 KB887998.log
20.12.2006 17:35 39.118 KB921398.log
20.12.2006 17:34 37.692 KB887472.log
20.12.2006 17:34 38.617 KB896358.log
20.12.2006 17:34 29.979 KB910437.log
20.12.2006 17:34 36.091 KB923689.log
20.12.2006 17:34 36.571 KB920670.log
20.12.2006 17:33 36.048 KB891781.log
20.12.2006 17:33 36.776 KB918439.log
20.12.2006 17:33 41.875 KB902400.log
20.12.2006 17:33 34.565 KB920872.log
20.12.2006 17:33 33.116 KB919007.log
20.12.2006 17:33 33.423 KB914388.log
20.12.2006 17:33 32.778 KB917344.log
20.12.2006 17:33 32.026 KB905414.log
20.12.2006 17:32 31.226 KB917953.log
20.12.2006 17:32 31.331 KB901214.log
20.12.2006 17:32 27.548 KB923191.log
20.12.2006 17:32 29.588 KB917422.log
20.12.2006 17:31 22.649 KB922582.log
20.12.2006 17:31 34.812 KB926255.log
20.12.2006 17:31 33.510 KB888302.log
20.12.2006 17:31 27.098 KB900725.log
20.12.2006 17:31 25.484 KB925486.log
20.12.2006 17:31 25.582 KB920213.log
20.12.2006 17:31 23.635 KB912919.log
20.12.2006 17:31 16.736 KB886185.log
20.12.2006 17:31 22.952 KB916595.log
20.12.2006 17:30 23.667 KB923694.log
20.12.2006 17:30 23.129 KB904706.log
20.12.2006 17:30 22.303 KB901190.log
20.12.2006 17:30 22.848 KB908531.log
20.12.2006 17:30 22.409 KB905749.log
20.12.2006 17:29 22.557 KB913580.log
20.12.2006 17:29 20.667 KB896428.log
20.12.2006 17:29 21.348 KB894391.log
20.12.2006 17:29 19.060 KB908519.log
20.12.2006 17:29 19.284 KB920683.log
20.12.2006 17:29 18.694 KB914389.log
20.12.2006 17:29 19.601 KB890859.log
19.12.2006 21:23 357 GEARInstall.log
16.12.2006 02:16 8.446 KB898461.log
15.12.2006 01:20 81 ALaunch.ini
15.12.2006 01:19 88 GridV.UNI
15.12.2006 01:17 46.813 KB909667.log
15.12.2006 01:15 12.004 DPINST.LOG
15.12.2006 01:15 1.271.571 setupapi.log.0.old
15.12.2006 01:14 79 LManager.UNI
15.12.2006 01:12 1.174 OEWABLog.txt
15.12.2006 01:10 1.197.225 setuplog.txt
15.12.2006 01:08 2.741 sessmgr.setup.log
15.12.2006 01:08 641 DtcInstall.log
15.12.2006 01:03 4.038 regopt.log
15.12.2006 01:02 8.192 REGLOCS.OLD
14.12.2006 23:42 178 wininit.ini
14.12.2006 21:50 380 wmsetup10.log
29.10.2006 15:52 17.947 PATCH.LOG
29.10.2006 15:52 971 CLEANUP.CMD

********************************************************

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 0954-16DC

Verzeichnis von C:\WINDOWS\temp

********************************************************

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 0954-16DC

Verzeichnis von C:\WINDOWS\Downloaded Program Files

30.08.2006 20:52 65 desktop.ini
1 Datei(en) 65 Bytes
0 Verzeichnis(se), 43.917.115.392 Bytes frei

**********************************************************

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 0954-16DC

Verzeichnis von C:\

09.02.2007 18:55 0 sys.txt
09.02.2007 18:55 287 down.txt
09.02.2007 18:54 108 tmp.txt
09.02.2007 18:54 10.078 system.txt
09.02.2007 18:53 286 systemtemp.txt
09.02.2007 18:52 108.429 system32.txt
09.02.2007 18:49 6.691 ComboFix.txt
09.02.2007 18:03 1.071.763.456 hiberfil.sys
09.02.2007 18:03 1.610.612.736 pagefile.sys
31.01.2007 23:19 7.060 ComboFix2.txt
15.12.2006 01:10 209 boot.ini
30.08.2006 23:23 83 Preload.aaa
30.08.2006 21:33 50 AUTOEXEC.BAT
Seitenanfang Seitenende
10.02.2007, 01:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{18668683-731c-48fa-b1b9-ad013748fb00}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|impasse
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{bb720bab-2f75-456b-a850-04d77b20f6b8}

registry keys to delete:
HKLM\Software\Classes\CLSID\{18668683-731c-48fa-b1b9-ad013748fb00}
HKLM\Software\Classes\CLSID\{bb720bab-2f75-456b-a850-04d77b20f6b8}
HKLM\Software\Classes\CLSID\{f4d74aaa-a178-4463-846b-b4bc87a024e0}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4d74aaa-a178-4463-846b-b4bc87a024e0}

Files to delete:
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\rosdzop.dll

Folders to delete:
C:\WINDOWS\system32\components
C:\Programme\Safety Bar
C:\FOUND.002

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: