Wie bekomme ich TRFlood.VB.AF, Worm\vb.dw. und W32.Alcra.F wieder weg? |
||
---|---|---|
#0
| ||
18.02.2007, 13:32
Ehrenmitglied
Beiträge: 29434 |
||
|
||
18.02.2007, 13:39
Member
Themenstarter Beiträge: 17 |
#17
achso ich weiß auch warum,
weil er den log gleich erstellt hat, bevor ich die haken gemacht habe und bevor ich gescannt habe und so war es jetz auch wieder, also hier der neuere: (hab jetz nichts verändert) Logfile of HijackThis v1.99.1 Scan saved at 13:36:50, on 18.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Toshiba\Toshiba Applet\thotkey.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\QuickTime\qttask.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\VisualTaskTips\VisualTaskTips.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox 2 Beta 2\firefox.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\teXXas\IEButtonAmazonInterface.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\teXXas\IEButtonEbayInterface.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VisualTaskTips] C:\Programme\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: amazon Suche - C:\Programme\teXXas\Searchamazon.htm O8 - Extra context menu item: amazon Suche starten - C:\Programme\teXXas\Searchamazon.htm O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\teXXas\SearchEbaymein.htm O8 - Extra context menu item: eBay - Powersuche - C:\Programme\teXXas\SearchEbaypower.htm O8 - Extra context menu item: eBay - Startseite - C:\Programme\teXXas\SearchEbay.htm O8 - Extra context menu item: eBay Suche starten - C:\Programme\teXXas\SearchEbay.htm O8 - Extra context menu item: Google Suche - C:\Programme\teXXas\SearchGoogle.htm O8 - Extra context menu item: Google Suche starten - C:\Programme\teXXas\SearchGoogle.htm O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bmxer-benni1991.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
18.02.2007, 14:09
Ehrenmitglied
Beiträge: 29434 |
#18
poste dieses log
http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2007, 14:18
Member
Themenstarter Beiträge: 17 |
#19
Bitteschön:
ComboScan v20070212.14 run by Benni0 on 2007-02-18 at 14:13:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis log (run as Benni0.com) ------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:13:43, on 18.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Toshiba\Toshiba Applet\thotkey.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\TOSHIBA\Tvs\TvsTray.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\QuickTime\qttask.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\VisualTaskTips\VisualTaskTips.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Dokumente und Einstellungen\Benni0\Desktop\comboscan.exe C:\DOKUME~1\Benni0\LOKALE~1\Temp\~mmaweex.tmp\Benni0.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\teXXas\IEButtonAmazonInterface.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\teXXas\IEButtonEbayInterface.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VisualTaskTips] C:\Programme\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: amazon Suche - C:\Programme\teXXas\Searchamazon.htm O8 - Extra context menu item: amazon Suche starten - C:\Programme\teXXas\Searchamazon.htm O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\teXXas\SearchEbaymein.htm O8 - Extra context menu item: eBay - Powersuche - C:\Programme\teXXas\SearchEbaypower.htm O8 - Extra context menu item: eBay - Startseite - C:\Programme\teXXas\SearchEbay.htm O8 - Extra context menu item: eBay Suche starten - C:\Programme\teXXas\SearchEbay.htm O8 - Extra context menu item: Google Suche - C:\Programme\teXXas\SearchGoogle.htm O8 - Extra context menu item: Google Suche starten - C:\Programme\teXXas\SearchGoogle.htm O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bmxer-benni1991.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- HijackThis Fixed Entries (C:\Programme\hijackthis\backups\) ------------------ backup-20070216-164022-304 O2 - BHO: (no name) - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file) backup-20070216-164022-315 O2 - BHO: (no name) - {324C90C5-AFF7-F0A8-6FD8-135448AB4406} - (no file) backup-20070216-164022-335 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) backup-20070216-164022-376 O3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file) backup-20070216-164022-490 O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) backup-20070216-164022-643 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s backup-20070216-164022-842 O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" backup-20070218-131055-802 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) backup-20070218-131056-112 O4 - HKLM\..\Run: [dhpojksd] C:\itmletwk.bat backup-20070218-131056-142 O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) backup-20070218-131056-227 O3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file) backup-20070218-131056-247 O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" backup-20070218-131056-362 O2 - BHO: (no name) - {324C90C5-AFF7-F0A8-6FD8-135448AB4406} - (no file) backup-20070218-131056-379 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s backup-20070218-131056-578 O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe backup-20070218-131056-600 O2 - BHO: (no name) - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file) backup-20070218-131056-807 O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing) -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 0 ACPIEC (Microsoft Embedded Controllertreiber) - system32\DRIVERS\ACPIEC.sys 2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - system32\DRIVERS\AegisP.sys 3 AF05BDA (AF9005 BDA Device) - system32\drivers\AF05BDA.sys 3 AgereSoftModem (TOSHIBA V92 Software Modem) - system32\DRIVERS\AGRSM.sys 3 Arp1394 (1394-ARP-Clientprotokoll) - system32\DRIVERS\arp1394.sys 3 ATHFMWDL (NETGEAR WPN111 Bootloader driver) - System32\Drivers\athwpn.sys 3 ati2mtag - system32\DRIVERS\ati2mtag.sys 1 AVG Anti-Spyware Driver - \??\C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys 1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys 1 avgio - \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys 3 avgntflt - \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys 3 BlueletAudio (Bluetooth Audio Service) - system32\DRIVERS\blueletaudio.sys 3 BT (Bluetooth PAN Network Adapter) - system32\DRIVERS\btnetdrv.sys 3 Btcsrusb (Bluetooth USB For Bluetooth Service) - System32\Drivers\btcusb.sys 3 BTHidEnum (Bluetooth HID Enumerator) - system32\DRIVERS\vbtenum.sys 0 BTHidMgr (Bluetooth HID Manager Service) - System32\Drivers\BTHidMgr.sys 3 BTNetFilter (Bluetooth Network Filter) - \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys 3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\D:\INSTAL~A\Core\BVRPMPR5.SYS 3 CCDECODE (Untertiteldecoder) - system32\DRIVERS\CCDECODE.sys 2 DLABOIOM - System32\DLA\DLABOIOM.SYS 1 DLACDBHM - System32\Drivers\DLACDBHM.SYS 2 DLADResN - System32\DLA\DLADResN.SYS 2 DLAIFS_M - System32\DLA\DLAIFS_M.SYS 2 DLAOPIOM - System32\DLA\DLAOPIOM.SYS 2 DLAPoolM - System32\DLA\DLAPoolM.SYS 1 DLARTL_N - System32\Drivers\DLARTL_N.SYS 2 DLAUDFAM - System32\DLA\DLAUDFAM.SYS 2 DLAUDF_M - System32\DLA\DLAUDF_M.SYS 3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\DNINDIS5.SYS 0 DRVMCDB - System32\Drivers\DRVMCDB.SYS 2 DRVNDDM - System32\Drivers\DRVNDDM.SYS 3 E100B (Intel(R) PRO Network Connection Driver) - system32\DRIVERS\e100b325.sys 1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys 3 EraserUtilRebootDrv - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys 3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys 3 HidUsb (Microsoft HID Class-Treiber) - system32\DRIVERS\hidusb.sys 3 ialm - system32\DRIVERS\ialmnt5.sys 3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys 1 intelppm (Intel-Prozessortreiber) - system32\DRIVERS\intelppm.sys 3 Iviaspi (IVI ASPI Shell) - system32\drivers\iviaspi.sys 1 kbdhid (Tastatur-HID-Treiber) - system32\DRIVERS\kbdhid.sys 3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys 2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - system32\DRIVERS\mdc8021x.sys 3 mouhid (Maus-HID-Treiber) - system32\DRIVERS\mouhid.sys 3 MPE (BDA MPE-Filter) - system32\DRIVERS\MPE.sys 3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - system32\drivers\MSTEE.sys 3 NABTSFEC (NABTS/FEC VBI-Codec) - system32\DRIVERS\NABTSFEC.sys 3 NAVENG - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20060904.021\NAVENG.Sys 3 NAVEX15 - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20060904.021\NavEx15.Sys 3 NdisIP (Microsoft TV-/Videoverbindung) - system32\DRIVERS\NdisIP.sys 2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - system32\DRIVERS\netdevio.sys 3 NIC1394 (1394-Netzwerktreiber) - system32\DRIVERS\nic1394.sys 0 ohci1394 (Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller) - system32\DRIVERS\ohci1394.sys 0 PCIIde - system32\DRIVERS\pciide.sys 0 Pcmcia - system32\DRIVERS\pcmcia.sys 3 Pfc (Padus ASPI Shell) - system32\drivers\pfc.sys 0 PxHelp20 - System32\Drivers\PxHelp20.sys 3 QCMerced (Logitech QuickCam Communicate) - system32\DRIVERS\LVCM.sys 3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys 2 s24trans (WLAN-Transport) - system32\DRIVERS\s24trans.sys 1 SAVRT - \??\C:\Programme\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 1 SAVRTPEL - \??\C:\Programme\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 3 sdbus - system32\DRIVERS\sdbus.sys 3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - system32\DRIVERS\SE27bus.sys 3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys 1 SPBBCDrv - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys 0 srescan - system32\ZoneLabs\srescan.sys 3 streamip (BDA-IPSink) - system32\DRIVERS\StreamIP.sys 1 StyleXPHelper - \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe 3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS 3 SymEvent - \??\C:\Programme\Symantec\SYMEVENT.SYS 3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS 3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS 3 SYMIDSCO - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20070214.003\symidsco.sys 2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys 3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS 3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS 1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS 3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys 3 tifm21 - system32\drivers\tifm21.sys 3 tosrfec (Bluetooth ACPI from TOSHIBA) - system32\DRIVERS\tosrfec.sys 3 TVALD (Toshiba Mobile PC Service) - system32\DRIVERS\NBSMI.sys 3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - system32\DRIVERS\Tvs.sys 3 usbaudio (USB-Audiotreiber (WDM)) - system32\drivers\usbaudio.sys 3 usbccgp (Microsoft Standard-USB-Haupttreiber) - system32\DRIVERS\usbccgp.sys 3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - system32\DRIVERS\usbehci.sys 3 usbprint (Microsoft USB-Druckerklasse) - system32\DRIVERS\usbprint.sys 3 USBSTOR (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS 3 VComm (Virtual Serial port driver) - system32\DRIVERS\VComm.sys 3 VcommMgr (Bluetooth VComm Manager Service) - System32\Drivers\VcommMgr.sys 1 vsdatant - System32\vsdatant.sys 3 w39n51 (Intel(R) PRO/Wireless 3945ABG Adapter Driver) - system32\DRIVERS\w39n51.sys 3 WPN111 (Wireless USB 2.0 Adapter with RangeMax Service) - system32\DRIVERS\WPN111.sys 1 WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - \SystemRoot\System32\drivers\ws2ifsl.sys 3 WSTCODEC (World Standard Teletext-Codec) - system32\DRIVERS\WSTCODEC.SYS 3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys 3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe 2 AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe 3 aspnet_state (ASP.NET-Statusdienst) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe 2 AVG Anti-Spyware Guard - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe 2 AVM IGD CTRL Service - C:\Programme\FRITZ!DSL\IGDCTRL.EXE 2 ccEvtMgr (Symantec Event Manager) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe" 3 ccISPwdSvc (Symantec Internet Security Password Validation) - "C:\Programme\Norton Internet Security\ccPwdSvc.exe" 2 ccProxy (Symantec Network Proxy) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe" 2 ccSetMgr (Symantec Settings Manager) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe" 2 CFSvcs (ConfigFree Service) - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe 3 comHost (COM Host) - "C:\Programme\Norton Internet Security\comHost.exe" 3 de_serv (AVM FRITZ!web Routing Service) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe 2 EvtEng (Intel(R) PROSet/Wireless Event Log) - C:\Programme\Intel\Wireless\Bin\EvtEng.exe 3 IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3 iPod Service - "C:\Programme\iPod\bin\iPodService.exe" 2 navapsvc (Norton AntiVirus Auto-Protect-Dienst) - "C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe" 3 NSCService (Norton Protection Center Service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE" 3 ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" 4 Poweroff - "C:\WINDOWS\system32\poweroff.exe" -service 2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 2 S24EventMonitor (Intel(R) PROSet/Wireless Service) - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 3 SAVScan (Symantec AVScan) - "C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe" 2 SNDSrvc (Symantec Network Drivers Service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe" 2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe" 2 StyleXPService - "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" 2 Symantec Core LC - "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" 2 TAPPSRV (TOSHIBA Application Service) - "C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe" 3 usnsvc (Messenger Sharing USN Journal Reader-Service) - C:\WINDOWS\system32\svchost.exe -k usnsvc 2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service 3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - C:\Programme\Windows Media Player\WMPNetwk.exe 3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup -- Scheduled Tasks -------------------------------------------------------------- 2007-02-18 13:37:56 350 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB> 2007-02-16 20:00:01 594 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Benni0.job<NORTON~1.JOB> 2007-02-13 19:25:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> -- Files created between 2007-01-18 and 2007-02-18 ------------------------------ 2007-02-17 13:45:31 0 d-------- C:\WINDOWS\pss 2007-02-16 21:20:05 0 d-------- C:\SAV32CLI 2007-02-16 17:35:15 0 d-------- C:\SDFix 2007-02-16 17:05:52 3878 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-16 16:54:39 0 d-------- C:\avenger 2007-02-15 15:15:35 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.> 2007-02-15 15:15:28 0 d-------- C:\Programme\Grisoft 2007-02-15 15:11:46 0 d-------- C:\Programme\hijackthis<HIJACK~1> 2007-02-12 13:24:32 0 d-------- C:\!KillBox 2007-02-11 16:11:30 0 d-------- C:\Programme\Xilisoft 2007-02-11 16:04:10 403968 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll<NCTWMA~1.DLL><Unsigned: Online Media Technologies Ltd.> 2007-02-11 16:04:10 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll<NC23F6~1.DLL><Unsigned: Online Media Technologies Ltd.> 2007-02-11 16:04:10 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll<NC69D2~1.DLL><Unsigned: Online Media Technologies Ltd.> 2007-02-11 16:04:09 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll<NC2912~1.DLL><Unsigned: Online Media Technologies Ltd.> 2007-02-11 16:04:09 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll<NCEF6C~1.DLL><Unsigned: Online Media Technologies Ltd.> 2007-02-11 16:04:08 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll<NCTAUD~4.DLL><Unsigned: Online Media Technologies Ltd.> 2007-02-11 16:04:06 0 d-------- C:\Programme\NewLive All Media To Mp3 Converter<NEWLIV~1> 2007-02-10 22:34:38 128000 --a------ C:\WINDOWS\system32\Dsslji.dat 2007-02-10 22:34:15 6442762 --a------ C:\WINDOWS\system32\Eminem - Like Toy Soldiers.Scr<EMINEM~1.SCR> 2007-02-10 22:08:30 2244096 --a------ C:\WINDOWS\system32\kernel1.exe<Unsigned: Microsoft Corporation> 2007-02-10 21:09:15 0 d-------- C:\Programme\TGTSoft 2007-02-10 16:52:15 0 d-------- C:\Programme\XVideoConverter<XVIDEO~1> 2007-02-10 16:48:43 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll<Unsigned: Adaptec> 2007-02-10 16:48:43 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys<Unsigned: Adaptec> 2007-02-10 16:48:43 3535 --a------ C:\WINDOWS\system\Wowpost.exe<Unsigned: n/a> 2007-02-10 16:48:43 4455 --a------ C:\WINDOWS\system\Winaspi.dll<Unsigned: n/a> 2007-02-10 16:48:42 94208 --a------ C:\WINDOWS\system32\mp4_lib.dll<Unsigned: n/a> 2007-02-10 16:48:41 16896 --a------ C:\WINDOWS\system32\avutil-49.dll<AVUTIL~1.DLL><Unsigned: n/a> 2007-02-10 16:48:41 217088 --a------ C:\WINDOWS\system32\avformat-50.dll<AVFORM~1.DLL><Unsigned: n/a> 2007-02-10 16:48:37 1839104 --a------ C:\WINDOWS\system32\avcodec-51.dll<AVCODE~1.DLL><Unsigned: n/a> 2007-02-10 16:48:08 0 d-------- C:\Programme\XviD 2007-02-10 16:48:05 0 d-------- C:\Programme\AoA DVD Ripper<AOADVD~1> 2007-02-08 13:47:29 69632 --a------ C:\WINDOWS\system32\lfgif13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 462848 --a------ C:\WINDOWS\system32\ltkrn13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 450560 --a------ C:\WINDOWS\system32\ltimg13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 163840 --a------ C:\WINDOWS\system32\ltfil13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 206336 --a------ C:\WINDOWS\system32\ltefx13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 299008 --a------ C:\WINDOWS\system32\ltdis13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 401408 --a------ C:\WINDOWS\system32\lfcmp13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-08 13:47:27 57344 --a------ C:\WINDOWS\system32\lfbmp13n.dll<Unsigned: LEAD Technologies, Inc.> 2007-02-05 12:50:24 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe 2007-02-04 16:24:39 0 d-------- C:\Programme\VirtualDubMod_1_5_10_2_All_inclusive<VIRTUA~1> 2007-02-03 14:31:10 0 d-------- C:\Programme\Samurize 2007-01-29 17:38:58 0 d-------- C:\Programme\Browser MOUSE<BROWSE~1> 2007-01-19 01:12:54 0 d-------- C:\Games -- Find3M Report ---------------------------------------------------------------- 2007-02-18 14:14:13 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1> 2007-02-18 13:16:17 0 d-------- C:\Programme\Mozilla Firefox 2 Beta 2<MOZILL~2> 2007-02-13 20:13:06 0 d-------- C:\Programme\QuickTime<QUICKT~1> 2007-02-13 20:12:46 0 d-------- C:\Programme\Apple Software Update<APPLES~1> 2007-02-13 15:44:27 0 d-------- C:\Programme\Java 2007-02-10 20:20:33 0 d-------- C:\Programme\Messenger<MESSEN~1> 2007-02-10 20:20:33 0 d-------- C:\Programme\iTunes 2007-02-10 20:20:32 0 d-------- C:\Programme\ICQToolbar<ICQTOO~1> 2007-02-10 20:20:31 0 d-------- C:\Programme\FRITZ!DSL<FRITZ!~2> 2007-02-10 20:20:31 0 d-------- C:\Programme\FotoWorks<FOTOWO~1> 2007-02-10 20:20:30 0 d-------- C:\Programme\Desktop Sidebar<DESKTO~1> 2007-02-10 20:20:29 0 d-------- C:\Programme\Movie Maker<MOVIEM~1> 2007-02-10 20:20:26 0 d-------- C:\Programme\Real Alternative<REALAL~1> 2007-02-10 20:20:25 0 d-------- C:\Programme\teXXas 2007-02-09 15:03:39 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1> 2007-02-05 12:50:24 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1> 2007-02-05 12:46:25 0 d-------- C:\Dokumente und Einstellungen\Benni0\Anwendungsdaten\AdobeUM 2007-02-04 21:47:52 0 d-------- C:\Programme\IpodConverter<IPODCO~1> 2007-01-28 16:54:27 0 d-------- C:\Dokumente und Einstellungen\Benni0\Anwendungsdaten\Rainlendar<RAINLE~1> 2007-01-28 16:50:34 3805 --a------ C:\WINDOWS\mozver.dat 2007-01-28 16:45:53 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1> 2007-01-28 16:28:41 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE<Unsigned: n/a> 2007-01-28 16:20:00 0 d-------- C:\Programme\Stardock -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "VisualTaskTips"="C:\\Programme\\VisualTaskTips\\VisualTaskTips.exe" "CCleaner"="\"C:\\Programme\\CCleaner\\CCleaner.exe\" /AUTO" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "THotkey"="C:\\Programme\\Toshiba\\Toshiba Applet\\thotkey.exe" "NDSTray.exe"="NDSTray.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "Tvs"="C:\\Programme\\TOSHIBA\\Tvs\\TvsTray.exe" "IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "CFSServ.exe"="CFSServ.exe -NoClient" "IS CfgWiz"="C:\\Programme\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\"" "Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "TkBellExe"="\"realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "FLMOFFICE4DMOUSE"="C:\\Programme\\Browser MOUSE\\mouse32a.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benni0^Startmenü^Programme^Autostart^Screen Saver Control.lnk] "path"="C:\\Dokumente und Einstellungen\\Benni0\\Startmenü\\Programme\\Autostart\\Screen Saver Control.lnk" "backup"="C:\\WINDOWS\\pss\\Screen Saver Control.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\FSScrCtl.exe " "item"="Screen Saver Control" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SweetIM" "hkey"="HKCU" "command"="C:\\Programme\\Macrogaming\\SweetIM\\SweetIM.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Save" "hkey"="HKCU" "command"="\"C:\\Programme\\Save\\Save.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"=dword:00000000 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 "FoFileAssociate"=dword:00000000 "StartMenuLogoff"=dword:00000000 "NoShellSearchButton"=dword:00000000 "NoLowDiskSpaceChecks"=dword:00000000 "HideClock"=dword:00000000 "NoRecentDocsMenu"=dword:00000000 "NoFolderOptions"=dword:00000000 "NoUserNameInStartMenu"=dword:00000000 "NoRecentDocsNetHood"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST -- End of ComboScan: finished at 2007-02-18 at 14:14:54 ------------------------- Anhang: Supplementary.txt Dieser Beitrag wurde am 18.02.2007 um 14:27 Uhr von songoku13 editiert.
|
|
|
||
18.02.2007, 14:27
Ehrenmitglied
Beiträge: 29434 |
#20
Avenger
Zitat registry keys to delete:»» scanne mit Bitdefender/Online - poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2007, 14:42
Member
Themenstarter Beiträge: 17 |
#21
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tsxdlxai ******************* Script file located at: \??\C:\WINDOWS\system32\rtvdnmpc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe not found! Deletion of file C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe failed! Could not process line: C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe Status: 0xc0000034 Folder C:\Programme\Macrogaming deleted successfully. Folder C:\Programme\Mario Forever Toolbar not found! Deletion of folder C:\Programme\Mario Forever Toolbar failed! Could not process line: C:\Programme\Mario Forever Toolbar Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave deleted successfully. Completed script processing. ******************* Finished! Terminate. ich kann mario auch deinstallieren, dann müsste die toolbar auch weg sein! des mit bitdenfender klappt nicht, der zeigt an, dass er die seite nicht gefunden hat??! |
|
|
||
18.02.2007, 14:51
Ehrenmitglied
Beiträge: 29434 |
#22
ja die seite ist down...
sanne mit Trend-Micro/HouseCall http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.02.2007, 22:54
Member
Themenstarter Beiträge: 17 |
#23
Trend-Micro/HouseCall funktioniert auch nicht, der lädt die Seite ewig, aber es passiert einfach nichts!
?? |
|
|
||
18.02.2007, 23:01
Ehrenmitglied
Beiträge: 29434 |
#24
nun, dann scanne mit kaspersky
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.02.2007, 12:23
Member
Themenstarter Beiträge: 17 |
#25
Guten Morgen,
hab gestern Abend mit Kaspersky den Arbeitsplatz (alle Festplatten und Netzlaufwerke) durchsuchen lassen. Dann hat er angezeigt Viren:5 Infizierte Dateien: über 7500 (weiß die Zahl nicht mehr) Die infizierten Dateien waren alle in Antivir in der Quarantäne! Des dumme war, dass ich nicht geblickt hab, wie man da ein Log erstellt! Soll ich auch wichtige Objekte scannen? Und wie kann ich da ein Log erstellen? PS: Bis jetz kam noch keine Virusmeldung von Antivir Aber im Windows/Temp-Ordner sind immernoch komische Dateien denk ich mal.. Wär zu schön, wenn der Virus nun weg wäre Vielen Dank |
|
|
||
19.02.2007, 12:33
Ehrenmitglied
Beiträge: 29434 |
#26
scanne - stelle nach dem scan alles , was gefunden wurde auf #remove# und kopiere hier den scanreport
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.02.2007, 02:24
Member
Themenstarter Beiträge: 17 |
||
|
||
20.02.2007, 13:34
Ehrenmitglied
Beiträge: 29434 |
#28
so ein vermuellter PC
allerdings muesste nun wieder alles o.k. sein ...oder ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.02.2007, 14:01
Member
Themenstarter Beiträge: 17 |
||
|
||
20.02.2007, 16:53
Ehrenmitglied
Beiträge: 29434 |
#30
scanne mit Antivirus , im abgesicherten Modus, dan boote wieder in den Normalmodus und poste den scanreport
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
auf den Messenger 3 plus verzichte in Zukunft.
__________
MfG Sabina
rund um die PC-Sicherheit