spyware problem |
||
|---|---|---|
| #0
| ||
|
23.02.2007, 19:26
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
24.02.2007, 16:17
Ehrenmitglied
 Beiträge: 29434 |
#2
mediaprof
«« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html «« poste das log von ComboScan.txt und Supplementary.txt http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.02.2007, 18:40
...neu hier
Themenstarter Beiträge: 2 |
#3
system32.txt:
Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 0D2C-13DD Verzeichnis von C:\WINDOWS\system32 27.02.2007 16:14 1.158 wpa.dbl 27.02.2007 16:13 451 eRLog.ini 24.02.2007 09:44 9.216 avgwlntf.dll 23.02.2007 18:11 110.592 avgfwafu.dll 23.02.2007 18:04 16 coh.cache 22.02.2007 20:27 230 spupdsvc.inf 18.02.2007 01:58 122.142 TZLog.log 07.02.2007 23:01 12.293.536 MRT.exe 29.01.2007 09:58 60.416 tzchange.exe 25.01.2007 13:52 617.472 urlmon.dll 23.01.2007 20:30 546.304 hhctrl.ocx systemtemp: Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 0D2C-13DD Verzeichnis von C:\DOKUME~1\Basti\LOKALE~1\Temp 27.02.2007 18:10 1.898 wmplog03.sqm 27.02.2007 07:49 2.582 wmplog00.sqm 26.02.2007 20:36 1.402 wmplog02.sqm 26.02.2007 20:32 1.370 wmplog01.sqm 25.02.2007 11:04 16.384 ~DFB105.tmp 25.02.2007 11:04 16.384 ~DFB906.tmp 25.02.2007 11:03 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}2077.html 24.02.2007 23:45 16.384 ~DF96A9.tmp 24.02.2007 23:45 16.384 ~DF9CA3.tmp 24.02.2007 12:02 16.384 ~DFFA22.tmp 24.02.2007 12:02 16.384 ~DF4FFC.tmp 24.02.2007 11:31 0 rs7B4.tmp 24.02.2007 09:43 368.640 $749E4A2F.t$m 24.02.2007 09:43 3.072 regincd2.exe 24.02.2007 09:35 4.957 5691vqhn.ABI 24.02.2007 09:34 4 PMShared 23.02.2007 20:24 16.384 ~DFE608.tmp 23.02.2007 20:24 16.384 ~DF3898.tmp 23.02.2007 19:14 16.384 ~DFB4A2.tmp 23.02.2007 19:14 16.384 ~DF4DC8.tmp 23.02.2007 18:13 32.723 SDLanguage.ini 23.02.2007 18:11 169.359 avg7inst.log 23.02.2007 18:07 417.452 Norton Setup 10,2,0 2-23-2007 18h2m52s.log 23.02.2007 18:07 158 isDel.bat 23.02.2007 18:07 7.192.562 Norton Internet Security 2007 Uninstall 2-23-2007 18h2m56s.log 23.02.2007 18:06 15.179 SNDunin.log system: Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 0D2C-13DD Verzeichnis von C:\WINDOWS 27.02.2007 18:13 586.027 setupapi.log 27.02.2007 16:19 1.708.475 WindowsUpdate.log 27.02.2007 16:13 0 0.log 27.02.2007 16:13 3.748 ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt 27.02.2007 16:13 159 wiadebug.log 27.02.2007 16:12 97 ComponentList.xml 27.02.2007 16:11 2.048 bootstat.dat 27.02.2007 07:49 32.630 SchedLgU.Txt 27.02.2007 07:49 50 wiaservc.log 26.02.2007 23:34 54.156 QTFont.qfn 26.02.2007 19:31 73.509 wmsetup.log 24.02.2007 17:23 233.308 ntbtlog.txt 24.02.2007 09:33 694 win.ini 23.02.2007 13:34 2.899 mozver.dat 23.02.2007 09:01 1.409 QTFont.for 23.02.2007 00:15 1.374 imsins.log 23.02.2007 00:15 18.514 KB928090.log tmp: Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 0D2C-13DD Verzeichnis von C:\WINDOWS\Temp 27.02.2007 18:30 255 WGAErrLog.txt 27.02.2007 16:14 409 WGANotify.settings 27.02.2007 16:12 2.048 sqlite_ol13BZspLIW03vu 27.02.2007 16:12 0 CLML_AGENT_LOG1.txt 27.02.2007 16:12 132.175 XMLaunchLog.txt 30.01.2007 10:54 2.048 sqlite_j3RB044bWEndgcG 10.12.2006 01:01 2.048 sqlite_z5pBeN1jdH5wbGa 09.12.2006 22:34 2.048 sqlite_k1QjTQfzoGpS8PP 09.12.2006 21:38 2.048 sqlite_QQd6qDeexf6cQiC 09.12.2006 19:10 2.048 sqlite_gesWbo6vxcTSTsm 06.12.2006 23:36 2.048 sqlite_idgBlomcTMtBf11 05.12.2006 23:14 2.048 sqlite_Apz9w0t7uWQXMxa 05.11.2006 21:10 2.048 sqlite_cfI0VOyqqIgx8YQ 12.10.2006 19:17 2.048 sqlite_wHt2pWh6mORwS4D 10.10.2006 22:22 2.048 sqlite_PbVOoemTzccbQmM 02.10.2006 23:51 2.048 sqlite_a9oOLGWucbs6zy5 28.09.2006 21:25 10 LUInit.ini 10.09.2006 21:29 2.048 sqlite_Xu3ocqcQ4Y2xMXh 07.09.2006 23:55 763 log.txt 07.09.2006 23:43 0 T30DebugLogFile.txt 24.07.2006 20:54 1.890 patch.log 21 Datei(en) 162.126 Bytes 0 Verzeichnis(se), 32.106.348.544 Bytes frei down: Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 0D2C-13DD Verzeichnis von C:\WINDOWS\Downloaded Program Files 06.12.2006 09:11 224.768 symdlmgr.dll 06.12.2006 09:10 350 symdlmgr.inf 09.11.2006 14:36 5.019 swflash.inf 15.06.2006 18:33 1.132.192 EPUWALcontrol.dll 13.09.2004 12:32 65 desktop.ini 5 Datei(en) 1.362.394 Bytes 0 Verzeichnis(se), 32.106.315.776 Bytes frei sys: Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 0D2C-13DD Verzeichnis von C:\ 27.02.2007 18:39 0 sys.txt 27.02.2007 18:39 491 down.txt 27.02.2007 18:38 1.412 tmp.txt 27.02.2007 18:38 11.214 system.txt 27.02.2007 18:37 35.732 systemtemp.txt 27.02.2007 18:34 106.964 system32.txt 27.02.2007 16:11 526.897.152 hiberfil.sys 27.02.2007 16:11 792.723.456 pagefile.sys 28.09.2006 19:36 0 MSDOS.SYS 28.09.2006 19:36 0 IO.SYS 07.09.2006 23:48 211 boot.ini 18.05.2006 21:52 780 Patch.rev 17.05.2006 14:34 77 Preload.rev 17.05.2006 14:34 77 preload.aaa 05.07.2005 07:48 167 bcmwl5.log 05.07.2005 07:45 4 wps.dat 13.09.2004 12:14 512 BOOTSECT.DOS 04.08.2004 05:00 4.952 bootfont.bin 04.08.2004 05:00 251.184 ntldr 04.08.2004 05:00 47.564 NTDETECT.COM 20 Datei(en) 1.320.081.949 Bytes 0 Verzeichnis(se), 32.106.250.240 Bytes frei ComboScan v20070226.18 run by Basti on 2007-02-27 at 18:41:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as Basti.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 18:46:33, on 27.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Video Access ActiveX Object\pmsnrr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Launch Manager\OSDCtrl.exe C:\Programme\Launch Manager\Wbutton.exe C:\acer\Empowering Technology\ePower\epm-dm.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Programme\Office-Bibliothek\PCLib.exe C:\WINDOWS\system32\txtuser.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Dokumente und Einstellungen\Basti\Desktop\comboscan.exe C:\DOKUME~1\Basti\Desktop\HIJACK~1\Basti.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ebay.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [LManager] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [SDR6U_Check] "C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free\sdrmon.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk = C:\Programme\Office-Bibliothek\PCLib.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{12D12A98-5B8A-459D-9E1D-E14C0A265B84}: NameServer = 192.168.2.1 O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - C:\WINDOWS\system32\drivers\AegisP.sys 0R agpCPQ (Compaq AGP-Bus-Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS 3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS 0R alim1541 (ALI AGP-Bus-Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS 0R amdagp (AMD AGP-Bus-Filtertreiber) - C:\WINDOWS\system32\drivers\AMDAGP.SYS 3S Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys 1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys 1R AvgMfx86 (AVG Minifilter x86 Resident Driver) - C:\WINDOWS\system32\drivers\avgmfx86.sys 0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys 0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys 2R EpmPsd (Acer EPM Power Scheme Driver) - C:\WINDOWS\system32\drivers\epm-psd.sys 2R EpmShd (Acer EPM System Hardware Driver) - C:\WINDOWS\system32\drivers\epm-shd.sys 3S FETNDIS (VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber) - C:\WINDOWS\system32\drivers\fetnd5.sys 0R gagp30kx (Microsoft Allgemeiner AGPv3.0-Filter für K8-Prozessorplattformen) - C:\WINDOWS\system32\drivers\GAGP30KX.SYS 3R HidUsb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys 1R Hotkey - C:\WINDOWS\system32\drivers\HOTKEY.sys 3R HSFHWICH - C:\WINDOWS\system32\drivers\HSFHWICH.sys 3S HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys 3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys 3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3R mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys 3R NdisFilt (OSA NdisFilter Protocol) - C:\WINDOWS\system32\drivers\NdisFilt.sys 3S NETMNT (Acer NetMonitor Protocol) - C:\WINDOWS\system32\drivers\NETMNT.sys 3S NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys 3S NPF (NetGroup Packet Filter Driver) - C:\WINDOWS\system32\drivers\npf.sys 3S NSCIRDA (NSC-Infrarotgerätetreiber) - C:\WINDOWS\system32\drivers\nscirda.sys 3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys 0R ohci1394 (Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys 1R OsaFsLoc - C:\WINDOWS\system32\drivers\OsaFsLoc.sys 2R osaio - C:\WINDOWS\system32\drivers\osaio.sys 2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys 3S pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S Rasirda (WAN-Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys 3R RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys 2R s24trans (WLAN-Transport) - C:\WINDOWS\system32\drivers\s24trans.sys 0R sisagp (SIS AGP-Bus-Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS 3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys 0R UBHelper - C:\WINDOWS\system32\drivers\UBHelper.sys 3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys 3S usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB-Scannertreiber) - C:\WINDOWS\system32\drivers\usbscan.sys 3S usbstor (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys 0R viaagp (VIA AGP-Bus-Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS 3S w29n51 (Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP) - C:\WINDOWS\system32\drivers\w29n51.sys 3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys 1S Wbutton - C:\WINDOWS\system32\drivers\Wbutton.sys (not found) 3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys 1R WmiAcpi (Microsoft Windows-Verwaltungsschnittstelle für ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys 2R int15.sys - C:\Acer\Empowering Technology\eRecovery\int15.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2R AOL ACS (AOL Connectivity Service) - "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" 2R Automatisches LiveUpdate - Scheduler - "C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" 2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 2R AvgCoreSvc (AVG7 Resident Shield Service) - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe 2R AVGFwSrv (AVG Firewall) - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys 2R AWService (AdminWorks Agent X6) - "C:\Acer\Empowering Technology\admServ.exe" 2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe" 2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe" 2R CyberLink Media Library Service - "C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe" 2R EvtEng (Intel(R) PROSet/Wireless Event Log) - C:\Programme\Intel\Wireless\Bin\EvtEng.exe 2S Fax - C:\WINDOWS\system32\fxssvc.exe 3S gusvc (Google Updater Service) - "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe" 3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" 3S ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" 2R RegSrvc (Intel(R) PROSet/Wireless Registry Service) - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe" 2R S24EventMonitor (Intel(R) PROSet/Wireless Service) - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- Files created between 2007-01-27 and 2007-02-27 ------------------------------ 2007-02-24 16:23:03 0 dr-h----- C:\$VAULT$.AVG 2007-02-24 09:44:21 9216 --a------ C:\WINDOWS\system32\avgwlntf.dll 2007-02-23 18:11:12 110592 --a------ C:\WINDOWS\system32\avgfwafu.dll 2007-02-23 18:11:11 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-02-23 18:11:11 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-02-23 18:11:11 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-02-23 18:11:11 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-02-23 18:11:11 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-02-23 18:11:07 0 d-------- C:\Programme\Grisoft 2007-02-22 15:41:28 0 d-------- C:\Programme\SpyDawn 2007-02-22 15:40:41 0 d-------- C:\Programme\Video Access ActiveX Object<VIDEOA~1> 2007-02-22 15:34:38 20645 --a------ C:\WINDOWS\system32\drivers\IwUSB.sys 2007-02-22 15:34:37 0 d-------- C:\Programme\Coolspot 2007-02-06 07:53:07 2899 --a------ C:\WINDOWS\mozver.dat 2007-02-06 07:53:05 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1> 2007-02-06 07:52:29 0 d-------- C:\Programme\Lavasoft 2007-02-06 07:52:09 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-02-06 07:52:09 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-02-06 07:52:02 0 d-------- C:\Programme\Picasa2 2007-02-06 07:50:01 0 d-------- C:\Programme\Google 2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-28 23:36:38 0 d-------- C:\Programme\AOL -- Find3M Report ---------------------------------------------------------------- 2007-02-27 18:18:44 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\CCleanup 2007-02-23 19:05:50 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Lavasoft 2007-02-23 18:11:16 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\AVG7 2007-02-23 09:03:30 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\DriveCleaner 2006 Free<DRIVEC~1> 2007-02-22 20:25:50 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Google 2007-02-07 09:33:58 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Real 2007-02-06 07:53:08 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\Mozilla 2007-01-28 23:38:40 0 d-------- C:\Dokumente und Einstellungen\Basti\Anwendungsdaten\acccore 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 22:49:42 135168 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:17:04 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-11-27 15:54:16 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 15:54:16 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "PowerBar"="\"C:\\Programme\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "preload"="C:\\Windows\\RUNXMLPL.exe" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "SoundMan"="SOUNDMAN.EXE" "LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\"" "LManager"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\"" "CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\"" "LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSDCtrl.exe\"" "Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\"" "EPM-DM"="c:\\acer\\Empowering Technology\\ePower\\epm-dm.exe" "Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot" "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe" "ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\"" "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe" "SDR6U_Check"="\"C:\\Programme\\Gemeinsame Dateien\\DriveCleaner 2006 Free\\sdrmon.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] @="" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] @="" "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] @="" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" "eitheror"="{2016a466-91a2-43c6-97d8-2fd380f065ef}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "user32.dll"="C:\\Programme\\Video Access ActiveX Object\\isamntr.exe" "rare"="C:\\Programme\\Video Access ActiveX Object\\pmsnrr.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS -- End of ComboScan: finished at 2007-02-27 at 18:46:53 ------------------------- ComboScan v20070226.18 run by Basti on 2007-02-27 at 18:41:57 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) M processor 1.73GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 502.42 MiB / 231.51 MiB Pagefile Memory (total/avail): 1226.66 MiB / 905.71 MiB Virtual Memory (total/avail): 2047.88 MiB / 1971.54 MiB C: is Fixed (FAT32) - 44.37 GiB total, 30.29 GiB free. D: is Fixed (FAT32) - 44.86 GiB total, 44.67 GiB free. E: is CDROM (No Media) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: AVG Firewall 7.5.429 v7.5.429 (GRISOFT) AV: AVG 7.5.446 v7.5.446 (GRISOFT) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Basti\Anwendungsdaten CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Basti NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Intel\Wireless\Bin\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Programme PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\Basti\LOKALE~1\Temp TMP=C:\DOKUME~1\Basti\LOKALE~1\Temp USERDOMAIN=URUKAY USERNAME=Basti USERPROFILE=C:\Dokumente und Einstellungen\Basti windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- Basti (admin) Administrator (new local, admin) -- Add/Remove Programs ---------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\Acer Inc.\Acer German GUIDE LINK\Uninst.isu" --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acer Arcade --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall Acer eDataSecurity Management 1.00.26 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x7 -removeonly Acer eLock Management --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42} Acer Empowering Technology framework --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279} Acer eNet Management --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x7 Acer ePerformance Management --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041} Acer ePower Management --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9 Acer ePresentation Management --> C:\WINDOWS\UnInst32.exe AcerePrj.UNI Acer eSettings Management --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B} Acer Dieser Beitrag wurde am 27.02.2007 um 18:50 Uhr von mediaprof editiert.
|
|
|
|
|
|
|
28.02.2007, 00:20
Ehrenmitglied
Beiträge: 29434 |
#4
Avenger
http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die grüne Ampel - das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten «« smitfraudfix anwenden - Option 2 http://virus-protect.org/artikel/tools/smitfrautfix.html +++++++++++++++++++++++++++++++++++++++++++++++++++ auf deinem rechner scheint ein verstecktes Admin-Konto zu sein: (oder ist es das normale Adminkonto und du hast ein extra-Konto mit adminrechten fuer dich erstellt? ) -- User Profiles ---------------------------------------------------------------- Basti (admin) Administrator (new local, admin) - kennst du das ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
hier di log file von Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 19:22:31, on 23.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Programme\Video Access ActiveX Object\pmsnrr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSDCtrl.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\AOL\1170023815\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Programme\Office-Bibliothek\PCLib.exe
C:\Programme\Video Access ActiveX Object\pmmnt.exe
C:\WINDOWS\system32\txtuser.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\Basti\LOKALE~1\Temp\Rar$EX00.235\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ebay.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1170023815\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SDR6U_Check] "C:\Programme\Gemeinsame Dateien\DriveCleaner 2006 Free\sdrmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk = C:\Programme\Office-Bibliothek\PCLib.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12D12A98-5B8A-459D-9E1D-E14C0A265B84}: NameServer = 192.168.2.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
danke im vorraus!!
mfg mediaprof