Wie bekomme ich TRFlood.VB.AF, Worm\vb.dw. und W32.Alcra.F wieder weg?

#0
18.02.2007, 13:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 du hast nichts gefixt, es ist alles noch vorhanden .. ;) - im Log vom HijacktHis
auf den Messenger 3 plus verzichte in Zukunft.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.02.2007, 13:39
Member

Themenstarter

Beiträge: 17
#17 achso ich weiß auch warum,
weil er den log gleich erstellt hat, bevor ich die haken gemacht habe und bevor ich gescannt habe und so war es jetz auch wieder, also hier der neuere:
(hab jetz nichts verändert)

Logfile of HijackThis v1.99.1
Scan saved at 13:36:50, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\VisualTaskTips\VisualTaskTips.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\teXXas\IEButtonAmazonInterface.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\teXXas\IEButtonEbayInterface.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programme\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: amazon Suche - C:\Programme\teXXas\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\teXXas\Searchamazon.htm
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\teXXas\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\teXXas\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\teXXas\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\teXXas\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Programme\teXXas\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\teXXas\SearchGoogle.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bmxer-benni1991.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Seitenanfang Seitenende
18.02.2007, 14:09
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
18.02.2007, 14:18
Member

Themenstarter

Beiträge: 17
#19 Bitteschön:

ComboScan v20070212.14 run by Benni0 on 2007-02-18 at 14:13:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Benni0.com) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:13:43, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\VisualTaskTips\VisualTaskTips.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Dokumente und Einstellungen\Benni0\Desktop\comboscan.exe
C:\DOKUME~1\Benni0\LOKALE~1\Temp\~mmaweex.tmp\Benni0.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: metaspinner GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\teXXas\IEButtonAmazonInterface.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\teXXas\IEButtonEbayInterface.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programme\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: amazon Suche - C:\Programme\teXXas\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\teXXas\Searchamazon.htm
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\teXXas\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\teXXas\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\teXXas\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\teXXas\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Programme\teXXas\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\teXXas\SearchGoogle.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bmxer-benni1991.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- HijackThis Fixed Entries (C:\Programme\hijackthis\backups\) ------------------

backup-20070216-164022-304 O2 - BHO: (no name) - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file)
backup-20070216-164022-315 O2 - BHO: (no name) - {324C90C5-AFF7-F0A8-6FD8-135448AB4406} - (no file)
backup-20070216-164022-335 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20070216-164022-376 O3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file)
backup-20070216-164022-490 O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
backup-20070216-164022-643 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070216-164022-842 O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
backup-20070218-131055-802 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
backup-20070218-131056-112 O4 - HKLM\..\Run: [dhpojksd] C:\itmletwk.bat
backup-20070218-131056-142 O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
backup-20070218-131056-227 O3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file)
backup-20070218-131056-247 O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
backup-20070218-131056-362 O2 - BHO: (no name) - {324C90C5-AFF7-F0A8-6FD8-135448AB4406} - (no file)
backup-20070218-131056-379 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
backup-20070218-131056-578 O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
backup-20070218-131056-600 O2 - BHO: (no name) - {8036D4D7-AAD3-4793-AB49-329E437155A8} - (no file)
backup-20070218-131056-807 O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controllertreiber) - system32\DRIVERS\ACPIEC.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - system32\DRIVERS\AegisP.sys
3 AF05BDA (AF9005 BDA Device) - system32\drivers\AF05BDA.sys
3 AgereSoftModem (TOSHIBA V92 Software Modem) - system32\DRIVERS\AGRSM.sys
3 Arp1394 (1394-ARP-Clientprotokoll) - system32\DRIVERS\arp1394.sys
3 ATHFMWDL (NETGEAR WPN111 Bootloader driver) - System32\Drivers\athwpn.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
1 AVG Anti-Spyware Driver - \??\C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
1 avgio - \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
3 avgntflt - \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
3 BlueletAudio (Bluetooth Audio Service) - system32\DRIVERS\blueletaudio.sys
3 BT (Bluetooth PAN Network Adapter) - system32\DRIVERS\btnetdrv.sys
3 Btcsrusb (Bluetooth USB For Bluetooth Service) - System32\Drivers\btcusb.sys
3 BTHidEnum (Bluetooth HID Enumerator) - system32\DRIVERS\vbtenum.sys
0 BTHidMgr (Bluetooth HID Manager Service) - System32\Drivers\BTHidMgr.sys
3 BTNetFilter (Bluetooth Network Filter) - \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\D:\INSTAL~A\Core\BVRPMPR5.SYS
3 CCDECODE (Untertiteldecoder) - system32\DRIVERS\CCDECODE.sys
2 DLABOIOM - System32\DLA\DLABOIOM.SYS
1 DLACDBHM - System32\Drivers\DLACDBHM.SYS
2 DLADResN - System32\DLA\DLADResN.SYS
2 DLAIFS_M - System32\DLA\DLAIFS_M.SYS
2 DLAOPIOM - System32\DLA\DLAOPIOM.SYS
2 DLAPoolM - System32\DLA\DLAPoolM.SYS
1 DLARTL_N - System32\Drivers\DLARTL_N.SYS
2 DLAUDFAM - System32\DLA\DLAUDFAM.SYS
2 DLAUDF_M - System32\DLA\DLAUDF_M.SYS
3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\DNINDIS5.SYS
0 DRVMCDB - System32\Drivers\DRVMCDB.SYS
2 DRVNDDM - System32\Drivers\DRVNDDM.SYS
3 E100B (Intel(R) PRO Network Connection Driver) - system32\DRIVERS\e100b325.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilRebootDrv - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class-Treiber) - system32\DRIVERS\hidusb.sys
3 ialm - system32\DRIVERS\ialmnt5.sys
3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys
1 intelppm (Intel-Prozessortreiber) - system32\DRIVERS\intelppm.sys
3 Iviaspi (IVI ASPI Shell) - system32\drivers\iviaspi.sys
1 kbdhid (Tastatur-HID-Treiber) - system32\DRIVERS\kbdhid.sys
3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys
2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - system32\DRIVERS\mdc8021x.sys
3 mouhid (Maus-HID-Treiber) - system32\DRIVERS\mouhid.sys
3 MPE (BDA MPE-Filter) - system32\DRIVERS\MPE.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI-Codec) - system32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20060904.021\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20060904.021\NavEx15.Sys
3 NdisIP (Microsoft TV-/Videoverbindung) - system32\DRIVERS\NdisIP.sys
2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - system32\DRIVERS\netdevio.sys
3 NIC1394 (1394-Netzwerktreiber) - system32\DRIVERS\nic1394.sys
0 ohci1394 (Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
0 Pcmcia - system32\DRIVERS\pcmcia.sys
3 Pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 QCMerced (Logitech QuickCam Communicate) - system32\DRIVERS\LVCM.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
2 s24trans (WLAN-Transport) - system32\DRIVERS\s24trans.sys
1 SAVRT - \??\C:\Programme\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\C:\Programme\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
3 sdbus - system32\DRIVERS\sdbus.sys
3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - system32\DRIVERS\SE27bus.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
1 SPBBCDrv - \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
0 srescan - system32\ZoneLabs\srescan.sys
3 streamip (BDA-IPSink) - system32\DRIVERS\StreamIP.sys
1 StyleXPHelper - \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Programme\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20070214.003\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys
3 tifm21 - system32\drivers\tifm21.sys
3 tosrfec (Bluetooth ACPI from TOSHIBA) - system32\DRIVERS\tosrfec.sys
3 TVALD (Toshiba Mobile PC Service) - system32\DRIVERS\NBSMI.sys
3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - system32\DRIVERS\Tvs.sys
3 usbaudio (USB-Audiotreiber (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft Standard-USB-Haupttreiber) - system32\DRIVERS\usbccgp.sys
3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB-Druckerklasse) - system32\DRIVERS\usbprint.sys
3 USBSTOR (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS
3 VComm (Virtual Serial port driver) - system32\DRIVERS\VComm.sys
3 VcommMgr (Bluetooth VComm Manager Service) - System32\Drivers\VcommMgr.sys
1 vsdatant - System32\vsdatant.sys
3 w39n51 (Intel(R) PRO/Wireless 3945ABG Adapter Driver) - system32\DRIVERS\w39n51.sys
3 WPN111 (Wireless USB 2.0 Adapter with RangeMax Service) - system32\DRIVERS\WPN111.sys
1 WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext-Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
2 AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
3 aspnet_state (ASP.NET-Statusdienst) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 AVG Anti-Spyware Guard - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 AVM IGD CTRL Service - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
2 ccEvtMgr (Symantec Event Manager) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
3 ccISPwdSvc (Symantec Internet Security Password Validation) - "C:\Programme\Norton Internet Security\ccPwdSvc.exe"
2 ccProxy (Symantec Network Proxy) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"
2 CFSvcs (ConfigFree Service) - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
3 comHost (COM Host) - "C:\Programme\Norton Internet Security\comHost.exe"
3 de_serv (AVM FRITZ!web Routing Service) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
2 EvtEng (Intel(R) PROSet/Wireless Event Log) - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Programme\iPod\bin\iPodService.exe"
2 navapsvc (Norton AntiVirus Auto-Protect-Dienst) - "C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
3 NSCService (Norton Protection Center Service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE"
3 ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
4 Poweroff - "C:\WINDOWS\system32\poweroff.exe" -service
2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
2 S24EventMonitor (Intel(R) PROSet/Wireless Service) - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
3 SAVScan (Symantec AVScan) - "C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 StyleXPService - "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe"
2 Symantec Core LC - "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe"
2 TAPPSRV (TOSHIBA Application Service) - "C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe"
3 usnsvc (Messenger Sharing USN Journal Reader-Service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - C:\Programme\Windows Media Player\WMPNetwk.exe
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-18 13:37:56 350 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-02-16 20:00:01 594 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Benni0.job<NORTON~1.JOB>
2007-02-13 19:25:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-18 and 2007-02-18 ------------------------------

2007-02-17 13:45:31 0 d-------- C:\WINDOWS\pss
2007-02-16 21:20:05 0 d-------- C:\SAV32CLI
2007-02-16 17:35:15 0 d-------- C:\SDFix
2007-02-16 17:05:52 3878 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-16 16:54:39 0 d-------- C:\avenger
2007-02-15 15:15:35 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-15 15:15:28 0 d-------- C:\Programme\Grisoft
2007-02-15 15:11:46 0 d-------- C:\Programme\hijackthis<HIJACK~1>
2007-02-12 13:24:32 0 d-------- C:\!KillBox
2007-02-11 16:11:30 0 d-------- C:\Programme\Xilisoft
2007-02-11 16:04:10 403968 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll<NCTWMA~1.DLL><Unsigned: Online Media Technologies Ltd.>
2007-02-11 16:04:10 522752 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll<NC23F6~1.DLL><Unsigned: Online Media Technologies Ltd.>
2007-02-11 16:04:10 467456 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll<NC69D2~1.DLL><Unsigned: Online Media Technologies Ltd.>
2007-02-11 16:04:09 966144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll<NC2912~1.DLL><Unsigned: Online Media Technologies Ltd.>
2007-02-11 16:04:09 634880 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll<NCEF6C~1.DLL><Unsigned: Online Media Technologies Ltd.>
2007-02-11 16:04:08 467968 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll<NCTAUD~4.DLL><Unsigned: Online Media Technologies Ltd.>
2007-02-11 16:04:06 0 d-------- C:\Programme\NewLive All Media To Mp3 Converter<NEWLIV~1>
2007-02-10 22:34:38 128000 --a------ C:\WINDOWS\system32\Dsslji.dat
2007-02-10 22:34:15 6442762 --a------ C:\WINDOWS\system32\Eminem - Like Toy Soldiers.Scr<EMINEM~1.SCR>
2007-02-10 22:08:30 2244096 --a------ C:\WINDOWS\system32\kernel1.exe<Unsigned: Microsoft Corporation>
2007-02-10 21:09:15 0 d-------- C:\Programme\TGTSoft
2007-02-10 16:52:15 0 d-------- C:\Programme\XVideoConverter<XVIDEO~1>
2007-02-10 16:48:43 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll<Unsigned: Adaptec>
2007-02-10 16:48:43 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys<Unsigned: Adaptec>
2007-02-10 16:48:43 3535 --a------ C:\WINDOWS\system\Wowpost.exe<Unsigned: n/a>
2007-02-10 16:48:43 4455 --a------ C:\WINDOWS\system\Winaspi.dll<Unsigned: n/a>
2007-02-10 16:48:42 94208 --a------ C:\WINDOWS\system32\mp4_lib.dll<Unsigned: n/a>
2007-02-10 16:48:41 16896 --a------ C:\WINDOWS\system32\avutil-49.dll<AVUTIL~1.DLL><Unsigned: n/a>
2007-02-10 16:48:41 217088 --a------ C:\WINDOWS\system32\avformat-50.dll<AVFORM~1.DLL><Unsigned: n/a>
2007-02-10 16:48:37 1839104 --a------ C:\WINDOWS\system32\avcodec-51.dll<AVCODE~1.DLL><Unsigned: n/a>
2007-02-10 16:48:08 0 d-------- C:\Programme\XviD
2007-02-10 16:48:05 0 d-------- C:\Programme\AoA DVD Ripper<AOADVD~1>
2007-02-08 13:47:29 69632 --a------ C:\WINDOWS\system32\lfgif13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 462848 --a------ C:\WINDOWS\system32\ltkrn13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 450560 --a------ C:\WINDOWS\system32\ltimg13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 163840 --a------ C:\WINDOWS\system32\ltfil13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 206336 --a------ C:\WINDOWS\system32\ltefx13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 299008 --a------ C:\WINDOWS\system32\ltdis13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 401408 --a------ C:\WINDOWS\system32\lfcmp13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-08 13:47:27 57344 --a------ C:\WINDOWS\system32\lfbmp13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-05 12:50:24 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-02-04 16:24:39 0 d-------- C:\Programme\VirtualDubMod_1_5_10_2_All_inclusive<VIRTUA~1>
2007-02-03 14:31:10 0 d-------- C:\Programme\Samurize
2007-01-29 17:38:58 0 d-------- C:\Programme\Browser MOUSE<BROWSE~1>
2007-01-19 01:12:54 0 d-------- C:\Games


-- Find3M Report ----------------------------------------------------------------

2007-02-18 14:14:13 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1>
2007-02-18 13:16:17 0 d-------- C:\Programme\Mozilla Firefox 2 Beta 2<MOZILL~2>
2007-02-13 20:13:06 0 d-------- C:\Programme\QuickTime<QUICKT~1>
2007-02-13 20:12:46 0 d-------- C:\Programme\Apple Software Update<APPLES~1>
2007-02-13 15:44:27 0 d-------- C:\Programme\Java
2007-02-10 20:20:33 0 d-------- C:\Programme\Messenger<MESSEN~1>
2007-02-10 20:20:33 0 d-------- C:\Programme\iTunes
2007-02-10 20:20:32 0 d-------- C:\Programme\ICQToolbar<ICQTOO~1>
2007-02-10 20:20:31 0 d-------- C:\Programme\FRITZ!DSL<FRITZ!~2>
2007-02-10 20:20:31 0 d-------- C:\Programme\FotoWorks<FOTOWO~1>
2007-02-10 20:20:30 0 d-------- C:\Programme\Desktop Sidebar<DESKTO~1>
2007-02-10 20:20:29 0 d-------- C:\Programme\Movie Maker<MOVIEM~1>
2007-02-10 20:20:26 0 d-------- C:\Programme\Real Alternative<REALAL~1>
2007-02-10 20:20:25 0 d-------- C:\Programme\teXXas
2007-02-09 15:03:39 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-02-05 12:50:24 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-02-05 12:46:25 0 d-------- C:\Dokumente und Einstellungen\Benni0\Anwendungsdaten\AdobeUM
2007-02-04 21:47:52 0 d-------- C:\Programme\IpodConverter<IPODCO~1>
2007-01-28 16:54:27 0 d-------- C:\Dokumente und Einstellungen\Benni0\Anwendungsdaten\Rainlendar<RAINLE~1>
2007-01-28 16:50:34 3805 --a------ C:\WINDOWS\mozver.dat
2007-01-28 16:45:53 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-01-28 16:28:41 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE<Unsigned: n/a>
2007-01-28 16:20:00 0 d-------- C:\Programme\Stardock


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"VisualTaskTips"="C:\\Programme\\VisualTaskTips\\VisualTaskTips.exe"
"CCleaner"="\"C:\\Programme\\CCleaner\\CCleaner.exe\" /AUTO"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"THotkey"="C:\\Programme\\Toshiba\\Toshiba Applet\\thotkey.exe"
"NDSTray.exe"="NDSTray.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"Tvs"="C:\\Programme\\TOSHIBA\\Tvs\\TvsTray.exe"
"IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"CFSServ.exe"="CFSServ.exe -NoClient"
"IS CfgWiz"="C:\\Programme\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TkBellExe"="\"realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"FLMOFFICE4DMOUSE"="C:\\Programme\\Browser MOUSE\\mouse32a.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benni0^Startmenü^Programme^Autostart^Screen Saver Control.lnk]
"path"="C:\\Dokumente und Einstellungen\\Benni0\\Startmenü\\Programme\\Autostart\\Screen Saver Control.lnk"
"backup"="C:\\WINDOWS\\pss\\Screen Saver Control.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\FSScrCtl.exe "
"item"="Screen Saver Control"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SweetIM"
"hkey"="HKCU"
"command"="C:\\Programme\\Macrogaming\\SweetIM\\SweetIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Save\\Save.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"FoFileAssociate"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"HideClock"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoUserNameInStartMenu"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of ComboScan: finished at 2007-02-18 at 14:14:54 -------------------------

Dieser Beitrag wurde am 18.02.2007 um 14:27 Uhr von songoku13 editiert.
Seitenanfang Seitenende
18.02.2007, 14:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave

Files to delete:
C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe

Folders to delete:
C:\Programme\Macrogaming
C:\Programme\Mario Forever Toolbar
»»
scanne mit Bitdefender/Online - poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.02.2007, 14:42
Member

Themenstarter

Beiträge: 17
#21 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tsxdlxai

*******************

Script file located at: \??\C:\WINDOWS\system32\rtvdnmpc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe not found!
Deletion of file C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe failed!

Could not process line:
C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_3890.exe
Status: 0xc0000034

Folder C:\Programme\Macrogaming deleted successfully.


Folder C:\Programme\Mario Forever Toolbar not found!
Deletion of folder C:\Programme\Mario Forever Toolbar failed!

Could not process line:
C:\Programme\Mario Forever Toolbar
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ich kann mario auch deinstallieren, dann müsste die toolbar auch weg sein! ;)

des mit bitdenfender klappt nicht, der zeigt an, dass er die seite nicht gefunden hat??! ;)
Seitenanfang Seitenende
18.02.2007, 14:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 ja die seite ist down...

sanne mit
Trend-Micro/HouseCall
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.02.2007, 22:54
Member

Themenstarter

Beiträge: 17
#23 Trend-Micro/HouseCall funktioniert auch nicht, der lädt die Seite ewig, aber es passiert einfach nichts! ;);)
??
Seitenanfang Seitenende
18.02.2007, 23:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 nun, dann scanne mit kaspersky ;)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.02.2007, 12:23
Member

Themenstarter

Beiträge: 17
#25 Guten Morgen,

hab gestern Abend mit Kaspersky den Arbeitsplatz (alle Festplatten und Netzlaufwerke) durchsuchen lassen.
Dann hat er angezeigt
Viren:5
Infizierte Dateien: über 7500 (weiß die Zahl nicht mehr)
Die infizierten Dateien waren alle in Antivir in der Quarantäne!

Des dumme war, dass ich nicht geblickt hab, wie man da ein Log erstellt!

Soll ich auch wichtige Objekte scannen?

Und wie kann ich da ein Log erstellen?

PS: Bis jetz kam noch keine Virusmeldung von Antivir;)
Aber im Windows/Temp-Ordner sind immernoch komische Dateien denk ich mal..
Wär zu schön, wenn der Virus nun weg wäre ;)

Vielen Dank
Seitenanfang Seitenende
19.02.2007, 12:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 scanne - stelle nach dem scan alles , was gefunden wurde auf #remove# und kopiere hier den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.02.2007, 02:24
Member

Themenstarter

Beiträge: 17
#27 Bittschön

Scan ist im Ahang

Viele Grüße

Seitenanfang Seitenende
20.02.2007, 13:34
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 so ein vermuellter PC ;)
allerdings muesste nun wieder alles o.k. sein ...oder ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.02.2007, 14:01
Member

Themenstarter

Beiträge: 17
#29 die meldungen von antivir und norton antivirus kommen leider immernoch...

viele grüße
Seitenanfang Seitenende
20.02.2007, 16:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#30 scanne mit Antivirus , im abgesicherten Modus, dan boote wieder in den Normalmodus und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende