Home » Viren, Trojaner & Malware Forum » Popups von Drive Cleaner und Co. » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Popups von Drive Cleaner und Co.

11.03.2007, 00:09

Erdnussflipx

...neu hier

Beiträge: 9

#1 Hi,
ich habe zurzeit ein Problem mit Popups von Drive Cleaner, Win AntiVirus o.ä. Manchmal öffnen sich einfach nur beim surfen neue Fenster oder es erscheint ein Fenster in dem einem mitgeteilt wird, dass die von einem besuchten Sex-Webseiten auf dem Computer gespeichert werden und fragt, ob man nun Drive Cleaner installiere möchte um sie zu löschen (hab ich natürlich nicht gemacht). Egal was man dann klickt ("Ok"; "Abbrechen"; "X") öffnet sich ein Fenster, wo man Drivecleaner downloaden kann. Es kommen auch andere, ähnliche Popups.
Ich kann diese Spyware Cookies zwar löschen, aber sie komme immer wieder. Habe schon hunderte Spywarescanner ausprobiert.
Außerdem kann ich nicht auf meinen Papierkorb zugreifen (erscheint irgendwie transparent). Vorausahnen poste ich mal mein Hijack this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 23:59:44, on 10.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Programme\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\Neue neue eigene Dateien\mousometer.exe
C:\Programme\Messenger\msmsgs.exe
D:\Neue neue eigene Dateien\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\wgxjxowd.dll",setvm
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [THGuard] "D:\Programme\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [amcpbgdt] C:\gmilbakn.bat
O4 - HKLM\..\Run: [gsbxwqfr] C:\kpcgbfiq.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Mousometer.lnk = D:\Neue neue eigene Dateien\mousometer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148031810390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148159700125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam03.lugano.ch/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.verisign-grs.com/plug-in/i-navinstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5130BED4-2704-48DB-8EE8-153A4A4D65C7}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - d:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

11.03.2007, 14:37

Sabina

Ehrenmitglied

Beiträge: 29434

#2 poste die zwei logs, die bei comboscan erstellt werden
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.03.2007, 15:03

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#3 Ok...
erstmal ComboScan.txt

ComboScan v20070306.20 run by Phil on 2007-03-11 at 14:59:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
54: 2007-03-11 13:59:28 UTC - RP54 - ComboScan Restore Point
53: 2007-03-11 00:05:09 UTC - RP53 - Systemprüfpunkt
52: 2007-03-09 21:52:03 UTC - RP52 - Systemprüfpunkt
51: 2007-03-08 20:23:42 UTC - RP51 - AntiVir PersonalEdition Classic - 08.03.2007 21:23
50: 2007-03-08 19:58:39 UTC - RP50 - Systemprüfpunkt

-- First Restore Point --
1: 2007-02-12 14:11:40 UTC - RP1 - Systemprüfpunkt

Performed disk cleanup.

-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:59:31, on 11.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Programme\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Neue neue eigene Dateien\mousometer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Phil\Eigene Dateien\comboscan.exe
D:\NEUENE~1\HIJACK~2\Phil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - AE44EB-2E7F-48B6-B2D9-AC2C9DCA5582} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - xAJ - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AC44C864-3463-450C-B266-3EA7A1C9C99F} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\fccayyy.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
O2 - BHO: (no name) - {D47F92E3-C43A-4462-8752-EC61BB5404Db} - C:\WINDOWS\system32\ptvektsv.dll
O2 - BHO: (no name) - {DA8DFE81-A39F-4538-8970-644765839071} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: (no name) - {F86240BA-B7F1-483F-91ED-F6748214CE67} - (no file)
O2 - BHO: (no name) - È@0E0F0-5C30-11D4-945D-000000000010} - (no file)
O2 - BHO: (no name) - ˜@49220-F900-46B3-B5E7-38B9A74E05C4} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\wgxjxowd.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [amcpbgdt] C:\gmilbakn.bat
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Mousometer.lnk = D:\Neue neue eigene Dateien\mousometer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148031810390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148159700125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam03.lugano.ch/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.verisign-grs.com/plug-in/i-navinstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5130BED4-2704-48DB-8EE8-153A4A4D65C7}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccayyy - C:\WINDOWS\SYSTEM32\fccayyy.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - d:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-- HijackThis Fixed Entries (D:\NEUENE~1\HIJACK~2\backups\) --------------------

backup-20070311-003947-442 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070311-003947-886 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
2R ACEDRV07 - C:\WINDOWS\system32\drivers\ACEDRV07.sys
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3S APLMp50 (APLMp50 NDIS Protocol Driver) - C:\WINDOWS\system32\Drivers\APLMp50.sys (not found)
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys
1R avgio - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
3R avgntflt - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
3R ElbyDelay - C:\WINDOWS\system32\drivers\ElbyDelay.sys
3R ezplay (VSO Software ezplay) - C:\WINDOWS\system32\drivers\ezplay.sys
3S FXDRV - E:\Fxdrv.sys (not found)
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HCW848NT (Hauppauge Win/TV) - C:\WINDOWS\system32\drivers\hcw848nt.sys
3R HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3R HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3R HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys
1R InCDPass - C:\WINDOWS\system32\drivers\InCDpass.sys
1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDrm.sys
2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys
3S NPF (NetGroup Packet Filter Driver) - C:\WINDOWS\system32\drivers\npf.sys (not found)
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R nvatabus - C:\WINDOWS\system32\drivers\nvatabus.sys
3S NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
1R NVTCP (NVIDIA TCP/IP Protocol Driver) - C:\WINDOWS\system32\drivers\NVTCP.SYS
1S oreans32 - ""
3S PCANDIS5 (PCANDIS5 Protocol Driver) - C:\WINDOWS\system32\PCANDIS5.SYS
3R pcouffin (VSO Software pcouffin) - C:\WINDOWS\system32\drivers\pcouffin.sys
1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys
0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys
0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
1R sp_rsdrv2 (Spyware Terminator Driver 2) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
1R SSHDRV76 - C:\WINDOWS\system32\drivers\SSHDRV76.sys
1R Tcpip6 (Microsoft IPv6-Protokolltreiber) - C:\WINDOWS\system32\drivers\tcpip6.sys
3R usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Miniporttreiber für Microsoft USB Open Host-Controller) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys
3R USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys
3R uscbs108 - C:\WINDOWS\system32\drivers\uscbs108.sys
3R uscsc108 - C:\WINDOWS\system32\drivers\uscsc108.sys
3S vaxscsi - C:\WINDOWS\system32\Drivers\vaxscsi.sys (not found)
3R wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - C:\WINDOWS\system32\drivers\wg111nd5.sys
3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
0R WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
2R AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Programme\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R ForceWare Intelligent Application Manager (IAM) - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
2R ForcewareWebInterface (Forceware Web Interface) - "C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice
3S gusvc (Google Updater Service) - "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R InCDsrv (InCD Helper) - C:\Programme\Ahead\InCD\InCDsrv.exe
2S InCDsrvR (InCD Helper (read only)) - C:\Programme\Ahead\InCD\InCDsrv.exe -r
3S iPod Service - "C:\Programme\iPod\bin\iPodService.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2S nSvcIp (ForceWare IP service) - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
2R nSvcLog (ForceWare user log service) - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
3S rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "C:\Programme\WinPcap\rpcapd.exe" -d -f "C:\Programme\WinPcap\rpcapd.ini"
2R sp_rssrv (Spyware Terminator Realtime Shield Service) - d:\Programme\Spyware Terminator\sp_rsser.exe
2R StarWindService (StarWind iSCSI Service) - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
3S usnjsvc (Messenger USN Journal Reader-Service für freigegebene Ordner) - "C:\Programme\MSN Messenger\usnsvc.exe"

-- Scheduled Tasks -------------------------------------------------------------

2007-02-11 13:55:02 346 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2006-09-21 19:57:44 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2006-05-16 17:44:57 284 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job<HPUSGD~1.JOB>

-- Files created between 2007-02-11 and 2007-03-11 -----------------------------

-- Find3M Report ---------------------------------------------------------------

2007-03-11 11:18:14 1598563 ---hs---- C:\WINDOWS\system32\dwoxjxgw.ini2<DWOXJX~1.INI>
2007-03-11 11:10:18 126976 --a------ C:\zip.exe
2007-03-10 23:18:37 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-10 23:18:37 56 -r-hs---- C:\WINDOWS\system32\70469FCE5F.sys<70469F~1.SYS>
2007-03-10 18:39:29 418749 ---hs---- C:\WINDOWS\system32\ycbeg.bak2<YCBEG~2.BAK>
2007-03-10 18:39:05 131604 --a------ C:\WINDOWS\system32\ptvektsv.dll
2007-03-09 20:54:45 0 d-------- C:\Programme\Tiscali
2007-03-09 20:54:45 0 d-------- C:\Programme\Everest Poker.net<EVERES~1.NET>
2007-03-09 19:38:53 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\TrojanHunter<TROJAN~1>
2007-03-09 18:38:30 131604 --a------ C:\WINDOWS\system32\vswceere.dll
2007-03-08 21:23:55 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-03-08 19:51:33 0 d-------- C:\Programme\Yahoo!
2007-03-08 19:43:57 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Yahoo!
2007-03-08 14:07:53 231328 --a------ C:\WINDOWS\Timmy Screensaver.scr<TIMMYS~1.SCR>
2007-03-08 14:07:53 560412 --a------ C:\WINDOWS\Timmy Screensaver.exe<TIMMYS~1.EXE>
2007-03-08 14:07:53 40960 --a------ C:\WINDOWS\Timmy Screensaver.dll<TIMMYS~1.DLL>
2007-03-07 18:04:11 453110 ---hs---- C:\WINDOWS\system32\ycbeg.bak1<YCBEG~1.BAK>
2007-03-07 18:04:07 282212 -----n--- C:\WINDOWS\system32\gebcy.dll
2007-03-07 17:35:44 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Azureus
2007-03-07 14:11:59 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Lavasoft
2007-03-07 14:11:55 0 d-------- C:\Programme\Lavasoft
2007-03-07 14:11:22 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard<WISEIN~1>
2007-03-07 13:46:56 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\PC Tools<PCTOOL~1>
2007-03-06 20:56:04 123412 --a------ C:\WINDOWS\system32\wgxjxowd.dll
2007-03-05 20:50:28 26685 -----n--- C:\WINDOWS\system32\fccayyy.dll
2007-03-05 14:55:49 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AdobeUM
2007-03-05 13:48:40 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Vso
2007-03-03 23:15:26 0 d-------- C:\Programme\MSN Messenger<MSNMES~1>
2007-02-23 18:47:14 34 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.log
2007-02-23 18:47:11 47360 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.sys
2007-02-23 18:47:11 1144 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.inf
2007-02-23 18:47:11 7824 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.cat
2007-02-23 18:47:11 87608 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ezpinst.exe
2007-02-22 17:12:25 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-02-22 14:18:44 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-02-20 21:18:18 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\My The Lord of the Rings, The Rise of the Witch-king Files<MYTHEL~1>
2007-02-20 20:46:29 34 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AHIZLNXA.log
2007-02-20 20:46:25 94080 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ezplay.sys
2007-02-20 20:46:25 7172 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ezplay.cat
2007-02-20 20:46:25 125 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AHIZLNXA.ini
2007-02-20 20:46:25 1104 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AHIZLNXA.inf
2007-02-20 15:21:11 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Engelmann Media<ENGELM~1>
2007-02-20 15:20:44 0 d-------- C:\Programme\S.A.D<SA269F~1.D>
2007-02-20 15:20:17 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-02-19 21:21:04 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien<MEINED~3>
2007-02-18 12:45:43 0 d-------- C:\Programme\Alwil Software<ALWILS~1>
2007-02-15 20:35:26 0 d-------- C:\Programme\DVD Shrink<DVDSHR~1>
2007-02-15 15:45:29 0 d-------- C:\Programme\Google
2007-02-14 13:43:58 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1>
2007-02-14 13:29:22 0 d-------- C:\Programme\Symantec Technical Support<SYMANT~1>
2007-02-11 15:51:05 0 d-------- C:\Programme\Gemeinsame Dateien\{50DC16E6-08A1-1031-0805-050310060031}<{50DC1~1>
2007-02-11 13:49:26 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Symantec
2007-02-11 11:10:36 0 d-------- C:\Programme\Gemeinsame Dateien\element5 Shared<ELEMEN~1>
2007-02-11 11:09:47 0 d-------- C:\Programme\boesetaten.de Bildstörung<BOESET~1.DEB>
2007-02-11 11:09:39 0 d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2007-02-11 00:27:39 415470 --a------ C:\WINDOWS\system32\perfh007.dat
2007-02-11 00:27:39 74996 --a------ C:\WINDOWS\system32\perfc007.dat
2007-02-10 19:50:54 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ImgBurn
2007-02-06 22:55:38 0 d-------- C:\Programme\Coolspot
2007-02-06 19:55:29 0 d-------- C:\Programme\Avira
2007-01-29 16:59:38 0 d-------- C:\Programme\Java
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-17 15:40:16 0 d-------- C:\Programme\SpamButcher<SPAMBU~1>
2007-01-17 15:40:16 0 d-------- C:\Programme\Replay Converter<REPLAY~1>
2007-01-17 15:36:56 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\uTorrent
2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 22:49:41 135168 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:17:03 334336 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-15 21:38:54 356352 --a------ C:\WINDOWS\eSellerateEngine.dll<ESELLE~1.DLL>
2006-12-13 21:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\wgxjxowd.dll\",setvm"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"amcpbgdt"="C:\\gmilbakn.bat"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SpybotSD TeaTimer"="d:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HPHUPD05"="C:\\Programme\\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"WordPerfect Office 1215"="C:\\Programme\\WordPerfect Office 12\\Programs\\Registration.exe /title=\"WordPerfect Office 12\" /date=053006 serial=WS12WTX-9999998-UYR lang=EN"
"SoundMan"="SOUNDMAN.EXE"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NVIDIA nTune"="\"C:\\Programme\\NVIDIA Corporation\\nTune\\\\nTune.exe\" clear"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"mspd"="C:\\WINDOWS\\system32\\mspd.exe"
"FamilyFilter"="C:\\Programme\\Coolspot\\FamilyFilter\\Admin.exe /defuser"
"nTrayFw"="C:\\PROGRA~1\\NVIDIA~1\\NETWOR~1\\bin\\nTrayFw.exe"
"startupmanager"="C:\\WINDOWS\\system32\\vshost.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"System: PPFSYS.EXE Don`t remove it!"="ppfsys.exe"
"WinampAgent"="\"D:\\Programme\\Winamp\\Winampa.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"SpywareTerminator"="\"D:\\Programme\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"THGuard"="\"D:\\Programme\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B07CB267-5E6F-441F-9B3C-324EFE70F897}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"HideClock"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccayyy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- Hosts -----------------------------------------------------------------------

127.0.0.1 dl1.avgate.net
127.0.0.1 dl2.avgate.net
127.0.0.1 dl3.avgate.net
127.0.0.1 dl4.avgate.net
127.0.0.1 dl5.avgate.net
127.0.0.1 dl6.avgate.net
127.0.0.1 dl7.avgate.net
127.0.0.1 dl8.avgate.net
127.0.0.1 dl9.avgate.net

-- End of ComboScan: finished at 2007-03-11 at 14:59:51 ------------------------

********************************************************************************************************************
********************************************************************************************************************
********************************************************************************************************************
********************************************************************************************************************
********************************************************************************************************************

jetzt Supplementary.txt

ComboScan v20070306.20 run by Phil on 2007-03-11 at 14:59:25
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2047.47 MiB / 1477.21 MiB
Pagefile Memory (total/avail): 3433.44 MiB / 2979.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1988.69 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 48.73 GiB total, 2.1 GiB free.
D: is Fixed (NTFS) - 184.15 GiB total, 9.51 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR]
AV: avast! antivirus 4.7.942 [VPS 000722-4] v4.7.942 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) [COLOR=RED]Outdated[/COLOR]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users.WINDOWS
APPDATA=C:\Dokumente und Einstellungen\Phil\Anwendungsdaten
CLASSPATH=.;C:\Programme\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=PHILIPP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Phil
LOGONSERVER=\\PHILIPP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Phil\LOKALE~1\Temp
TMP=C:\DOKUME~1\Phil\LOKALE~1\Temp
USERDOMAIN=PHILIPP
USERNAME=Phil
USERPROFILE=C:\Dokumente und Einstellungen\Phil
VeriSign=C:\Programme\VeriSign
VeriSignTemp=C:\Programme\VeriSign\Temp
VRSN=C:\Programme\VeriSign
VRSNTemp=C:\Programme\VeriSign\Temp
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Phil (admin)
Erdnussflip (admin)
Administrator.PHILIPP (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Programme\7-Zip\Uninstall.exe"
a-squared Free 2.1 --> "d:\Programme\a-squared Free\unins000.exe"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Aufstieg des Hexenkönigs™ --> d:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\EAUninstall.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus --> d:\Programme\Azureus\Uninstall.exe
BlindWrite 6 --> "d:\Programme\VSO\BlindWrite6\unins000.exe"
CloneDVD2 --> "d:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="d:\Programme\Elaborate Bytes\CloneDVD2"
Company of Heroes Single Player Demo --> MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
CUEcards 2000 --> d:\Programme\CUEcards\uninstall.exe
DCS - DVD Copy Suite --> MsiExec.exe /I{27DCB0FF-E8D8-44DE-9725-A7C96CC3FEB6}
Die Schlacht um Mittelerde™ II --> D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
Dkill95 --> C:\WINDOWS\unin0407.exe -fd:\Programme\Dkill95\DeIsL1.isu -cd:\Programme\Dkill95\_ISREG32.DLL
DVD Shrink 3.2 --> "d:\Programme\DVD Shrink\unins000.exe"
DVD Shrink 3.2 deutsch (DeCSS-frei) --> "d:\Programme\DVD Shrink DE\unins000.exe"
DVDStyler v1.5beta7 --> "d:\Programme\DVDStyler\unins000.exe"
Free Spyware Scanner 9.6 --> D:\PROGRA~1\FREESP~1\UNWISE.EXE D:\PROGRA~1\FREESP~1\INSTALL.LOG
GameJack 6 --> MsiExec.exe /X{A919AABD-61FA-4E16-0000-26966C3D2481}
GetASFStream --> "d:\Program Files\GetASFStream\epuninst.exe" /s
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
Gothic III --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 1.99.1 --> D:\Neue neue eigene Dateien\hijackthis\HijackThis.exe /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
HP Software Update --> MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
HP Speicher-Disc --> MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302}
ImgBurn (Remove Only) --> "d:\Programme\ImgBurn\uninstall.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{885894A5-BA0A-460E-AB4C-96C5C9B2C5E2}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Medieval II Total War Demo Gold --> C:\Programme\InstallShield Installation Information\{4A665599-6771-4732-BE74-06B43B9F611B}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! 3 --> "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "D:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft AutoRoute 2002 --> MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> C:\Programme\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Picture It! Foto 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Word 2002 --> MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{EDDDC607-91D9-4758-9F57-265FDCD8A772}
Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}
Mix-FX --> "D:\Programme\Mix-FX\uninstall.exe"
Moorhuhn Invasion Vollversion --> C:\PROGRA~1\PHENOM~1\MOORHU~1\UNWISE.EXE C:\PROGRA~1\PHENOM~1\MOORHU~1\INSTALL.LOG
Moorhuhn Wanted XXL --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A116D023-A3BC-4C70-A8B8-9FE77850F0D9}\Setup.exe" -l0x7 DUIM
Nero OEM --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite --> C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
NETGEAR WG111 Software --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}\SETUP.EXE" -uninst
NVDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\Setup.exe" -uninstall
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1031
NVIDIA nTune --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1031
Oblivion --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x7 -removeonly
PASSWORD PROTECT FOLDERS™ --> "D:\Programme\Password Protect Folders\unins000.exe"
phase6 --> MsiExec.exe /X{B398C579-6578-4A6A-AE55-310D7C1A80B6}
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Programme\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
PokerStars.net --> d:\Programme\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
potc fdk Screen Saver --> C:\WINDOWS\system32\potc fdk.scr /u
PowerDirector Express --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Prince of Persia Warrior Within --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE5BC0BB-9EDA-423C-8276-48857B735D68}\Setup.exe" -l0x7
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegAlyzer 1.4 --> "d:\Programme\Safer Networking\RegAlyzer\unins000.exe"
Replay Converter 2.20 --> C:\WINDOWS\iun6002.exe "d:\Program Files\Replay Converter\irunin.ini"
Riva FLV Encoder 2.0 --> "D:\Programme\Riva\Riva FLV Encoder 2.0\unins000.exe"
Rome - Total War - Gold Edition --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x7 -removeonly
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913433) --> C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
SimonTools XP-Tuner 2004 --> "C:\Programme\SimonTools\XP-Tuner 2004\unins000.exe"
SpamExperts Home --> "d:\Programme\SpamExperts\Uninstall.exe"
Spybot - Search & Destroy 1.4 --> "d:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "d:\Programme\Spyware Terminator\unins000.exe"
Star Wars Battlefront II --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x7 -removeonly
Super DVD Ripper (remove only) --> "d:\Programme\Super DVD Ripper\sdvd-uninst.exe"
SuperUtility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{10E33F6D-16E6-400E-BA1E-DF9F1BCD1B30}\setup.exe" -l0x9
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
T-Online 4.0 Hilfe --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\TOHELP4.ISU
T-Online Browser 4.5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{00490EBE-23A5-4976-B95B-BE6B9DF6E2FB}\Setup.exe"
T-Online Copas Client 4.0 --> C:\t-online\CoPaS\UNWISE.EXE /U C:\t-online\CoPaS\INSTALL.LOG
T-Online eMail 4.0 --> C:\t-online\EMAIL4\UNWISE.EXE /U C:\t-online\EMAIL4\INSTALL.LOG
T-Online Messenger (TOM) --> C:\t-online\Messenger\unwise.exe C:\t-online\MESSEN~1\INSTALL.LOG
T-Online OnlineBanking 4.0 --> C:\t-online\OB4HBCI\UNWISE.EXE /U C:\t-online\OB4HBCI\INSTALL.LOG
T-Online Software 4.0 --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\TOSO40.ISU
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{52E9D791-5A64-474D-A575-20ADC2446B3B}
Tomb Raider: Legend 1.0 --> d:\Programme\Tomb Raider - Legend\uninsttrl.exe
Trojancheck 6 --> "d:\Programme\Trojancheck 6\unins000.exe"
TrojanHunter 4.6 --> "d:\Programme\TrojanHunter 4.6\unins000.exe"
TuneUp Utilities 2003 --> MsiExec.exe /I{9665B325-3F96-11D6-A1FA-000374890932}
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
WinAce Archiver --> "C:\Programme\WinAce\SXUNINST.EXE" "C:\Programme\WinAce\SXUNINST.INI"
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Media Encoder 7.1 --> C:\Programme\Windows Media Components\Encoder\_instENC.exe /U
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Xfire (remove only) --> "C:\Programme\Xfire\uninst.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- End of ComboScan: finished at 2007-03-11 at 14:59:51 ------------------------

Dieser Beitrag wurde am 11.03.2007 um 15:06 Uhr von Erdnussflipx editiert.

11.03.2007, 15:10

Sabina

Ehrenmitglied

Beiträge: 29434

#4 stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.03.2007, 16:12

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#5 system32.txt:

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS\system32

11.03.2007 15:49 425.887 ycbeg.ini
11.03.2007 15:45 18.044 SpamExpertsLSP.txt
11.03.2007 15:39 1.598.562 dwoxjxgw.ini2
11.03.2007 15:28 50.868 nvapps.xml
11.03.2007 15:28 12.598 wpa.dbl
11.03.2007 11:17 1.599.083 dwoxjxgw.tmp
11.03.2007 11:17 1.599.023 dwoxjxgw.ini
11.03.2007 11:11 189 _nvidia_xxx_.log
10.03.2007 23:18 1.682 KGyGaAvL.sys
10.03.2007 23:18 56 70469FCE5F.sys
10.03.2007 18:39 418.749 ycbeg.bak2
10.03.2007 18:39 131.604 ptvektsv.dll
09.03.2007 19:05 59.392 streamhlp.dll
09.03.2007 18:38 131.604 vswceere.dll
07.03.2007 20:47 143 mcrh.tmp
07.03.2007 20:39 12.672 ikhcore.log
07.03.2007 18:04 453.110 ycbeg.bak1
07.03.2007 18:04 282.212 gebcy.dll
06.03.2007 20:56 123.412 wgxjxowd.dll
05.03.2007 20:50 26.685 fccayyy.dll
18.02.2007 12:45 3.002 CONFIG.NT
15.02.2007 18:01 337.280 WgaTray.exe
15.02.2007 18:01 1.476.992 LegitCheckControl.dll
15.02.2007 18:00 236.928 WgaLogon.dll
15.02.2007 15:29 122.142 TZLog.log
11.02.2007 00:27 62.344 perfc009.dat
11.02.2007 00:27 401.064 perfh009.dat

systemtemp.txt:

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\DOKUME~1\Phil\LOKALE~1\Temp

11.03.2007 15:39 512 ~DF52CE.tmp
11.03.2007 15:39 16.384 ~DF52C2.tmp
2 Datei(en) 16.896 Bytes
0 Verzeichnis(se), 2.309.988.352 Bytes frei

windows.txt:

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS

11.03.2007 11:12 0 0.log
11.03.2007 11:11 1.273.499 WindowsUpdate.log
11.03.2007 11:11 2.048 bootstat.dat
11.03.2007 11:10 32.552 SchedLgU.Txt
08.03.2007 18:00 116 NeroDigital.ini
08.03.2007 14:09 278 system.ini
08.03.2007 14:07 560.412 Timmy Screensaver.exe
08.03.2007 14:07 231.328 Timmy Screensaver.scr
08.03.2007 14:07 40.960 Timmy Screensaver.dll
06.03.2007 21:48 167.271 setupact.log
05.03.2007 15:52 216 wiadebug.log
05.03.2007 15:26 50 wiaservc.log
03.03.2007 23:15 9.316 DPINST.LOG
03.03.2007 23:05 520 HCWPNP.INI
01.03.2007 19:45 0 Sti_Trace.log
28.02.2007 17:22 102.036 spupdsvc.log
28.02.2007 14:14 24.011 WgaNotify.log
28.02.2007 14:14 113.838 updspapi.log
20.02.2007 17:19 234 SIERRA.INI
15.02.2007 15:29 339.523 tsoc.log

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS\Temp

11.03.2007 15:28 409 WGANotify.settings
11.03.2007 15:28 43 WGAErrLog.txt
11.03.2007 11:11 16.384 Perflib_Perfdata_788.dat
3 Datei(en) 16.836 Bytes
0 Verzeichnis(se), 2.309.971.968 Bytes frei

down.txt:

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS\Downloaded Program Files

29.01.2007 18:08 59.556 Doremi.ttf
09.11.2006 14:36 5.019 swflash.inf
05.09.2006 16:14 297 setup.inf
27.07.2006 12:52 367 LegitCheckControl.inf
25.06.2006 11:50 1.793 erma.inf
15.05.2006 18:34 65 desktop.ini
10.11.2005 13:05 876 jinstall-1_5_0_06.inf
26.05.2005 03:19 291 wuweb.inf
26.05.2005 03:19 293 muweb.inf
18.11.2003 13:10 232 Mnviewer.inf
15.11.2001 16:42 325 AxisCamControl.inf
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 17:52 697 DirectAnimation Java Classes.osd
13 Datei(en) 70.973 Bytes
0 Verzeichnis(se), 2.309.951.488 Bytes frei

c.txt:

Verzeichnis von C:\

11.03.2007 16:00 0 sys.txt
11.03.2007 15:56 934 down.txt
11.03.2007 15:55 385 tmp.txt
11.03.2007 15:53 13.879 system.txt
11.03.2007 15:53 329 systemtemp.txt
11.03.2007 15:52 3.902 system32.txt
11.03.2007 11:11 7.054 avenger.txt
11.03.2007 11:11 2.147.000.320 hiberfil.sys
11.03.2007 11:11 1.610.612.736 pagefile.sys
11.03.2007 11:10 126.976 zip.exe
03.03.2007 22:41 244 sqmnoopt01.sqm
03.03.2007 22:41 268 sqmdata01.sqm
20.02.2007 15:20 215 boot.ini
22.10.2006 10:10 528.493.568 Capture.AVI
29.09.2006 23:09 2.541 Enlish.lng
19.09.2006 20:37 244 sqmnoopt00.sqm
19.09.2006 20:37 268 sqmdata00.sqm
30.07.2006 21:37 229.376 ffastun.ffo
30.07.2006 21:37 5.501 ffastun.ffa
30.07.2006 21:37 483.328 ffastun.ffl
30.07.2006 21:37 2.449.408 ffastun0.ffx
22.05.2006 13:41 47.564 NTDETECT.COM
22.05.2006 13:41 251.184 ntldr
15.05.2006 18:48 1.024 .rnd
12.05.2006 17:36 0 CONFIG.SYS
12.05.2006 17:36 0 IO.SYS
12.05.2006 17:36 0 AUTOEXEC.BAT
12.05.2006 17:36 0 MSDOS.SYS
29.08.2002 13:00 4.952 bootfont.bin
29 Datei(en) 4.289.736.200 Bytes
0 Verzeichnis(se), 2.309.668.864 Bytes frei

11.03.2007, 18:04

Sabina

Ehrenmitglied

Beiträge: 29434

#6 Erdnussflipx

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\vshost.exe
C:\WINDOWS\system32\mspd.exe
C:\WINDOWS\system32\ppfsys.exe

poste hier die reporte

--------------------------------------

»»
scanne mit Vundofix
http://virus-protect.org/artikel/tools/vundofixx.html

««
Avenger
http://virus-protect.org/artikel/tools/avenger.html

Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks|contrabandists
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|{B07CB267-5E6F-441F-9B3C-324EFE70F897}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|2chkdsk
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|WordPerfect Office 1215
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|mspd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|startupmanager
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-|System: PPFSYS.EXE Don`t remove it!"="ppfsys.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccayyy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy
HKLM\SOFTWARE\Classes\CLSID\{B07CB267-5E6F-441F-9B3C-324EFE70F897}

Files to delete:
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\SpamExpertsLSP.txt
C:\WINDOWS\system32\dwoxjxgw.ini2
C:\WINDOWS\system32\dwoxjxgw.tmp
C:\WINDOWS\system32\dwoxjxgw.ini
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ptvektsv.dll
C:\WINDOWS\system32\streamhlp.dll
C:\WINDOWS\system32\vswceere.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\wgxjxowd.dll
C:\WINDOWS\system32\fccayyy.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

-----------

»»
scanne mit ewido und poste hier den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.03.2007, 21:18

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#7 Complete scanning result of "ppfsys.exe", received in VirusTotal at 03.11.2007, 19:59:02 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.41 03.11.2007 no virus found
Authentium 4.93.8 03.09.2007 no virus found
Avast 4.7.936.0 03.11.2007 no virus found
AVG 7.5.0.447 03.11.2007 no virus found
BitDefender 7.2 03.11.2007 no virus found
CAT-QuickHeal 9.00 03.10.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 03.11.2007 no virus found
DrWeb 4.33 03.11.2007 no virus found
eSafe 7.0.14.0 03.11.2007 Suspicious Trojan/Worm
eTrust-Vet 30.6.3469 03.10.2007 no virus found
Ewido 4.0 03.11.2007 no virus found
FileAdvisor 1 03.11.2007 no virus found
Fortinet 2.85.0.0 03.11.2007 no virus found
F-Prot 4.3.1.45 03.09.2007 no virus found
F-Secure 6.70.13030.0 03.11.2007 no virus found
Ikarus T3.1.1.3 03.11.2007 no virus found
Kaspersky 4.0.2.24 03.11.2007 no virus found
McAfee 4981 03.09.2007 no virus found
Microsoft 1.2306 03.11.2007 no virus found
NOD32v2 2107 03.11.2007 no virus found
Norman 5.80.02 03.10.2007 no virus found
Panda 9.0.0.4 03.10.2007 no virus found
Prevx1 V2 03.11.2007 no virus found
Sophos 4.15.0 03.10.2007 no virus found
Sunbelt 2.2.907.0 03.10.2007 VIPRE.Suspicious
Symantec 10 03.11.2007 no virus found
TheHacker 6.1.6.073 03.09.2007 no virus found
UNA 1.83 03.11.2007 no virus found
VBA32 3.11.2 03.10.2007 no virus found
VirusBuster 4.3.19:9 03.11.2007 no virus found

Aditional Information
File size: 122880 bytes
MD5: 7c27df18453a39e2507c73581f803d73
SHA1: f7ce362e430a07d81edf03723fbef0b0043f8b16
packers: Aspack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential Thread that are deemed suspicious through heuristics.

########################################################################################################
########################################################################################################

bei vshost.exe und mspd.exe kam die Meldung:
0 bytes size received / Se ha recibido un archivo vacio
(und bei durchsuchen hab ich das auch nicht gefunden)

Vundofix hat n bischen was gefunden und gelöscht. Die Backups konnte ich aber nur in den Papierkorb löschen und nicht noch aus dem Papierkorb leeren, denn ich kann meinen Papierkorb ja nicht öffnen.

Der avenger hat zwar das Skript ausgeführt aber mit 100000000 Errors.

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Bfast
Path: C:\Dokumente und Einstellungen\Phil\Cookies\phil@bfast[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Dokumente und Einstellungen\Phil\Cookies\phil@cpvfeed[2].txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: C:\Dokumente und Einstellungen\Phil\Cookies\phil@ivwbox[1].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Dokumente und Einstellungen\Phil\Cookies\phil@mediaplex[1].txt
Risk: Medium

Name: Adware.VirusBurst
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\contrabandists
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-1229272821-1614895754-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}
Risk: Medium

Name: Adware.Casino
Path: C:\System Volume Information\_restore{4B2065BE-65DF-4024-A7BE-A92CCC624A9E}\RP51\A0027764.exe
Risk: Medium

Name: Adware.Casino
Path: C:\System Volume Information\_restore{4B2065BE-65DF-4024-A7BE-A92CCC624A9E}\RP51\A0027765.exe
Risk: Medium

Name: Adware.Virtumonde
Path: C:\System Volume Information\_restore{4B2065BE-65DF-4024-A7BE-A92CCC624A9E}\RP54\A0030048.dll
Risk: Medium

Name: Adware.Virtumonde
Path: C:\VundoFix Backups\fccayyy.dll.bad
Risk: Medium

Name: Trojan.Qhosts
Path: C:\WINDOWS\system32\drivers\etc\hosts
Risk: High

Name: Trojan.Qhosts
Path: C:\WINDOWS\system32\drivers\etc\hosts.msn
Risk: High

Name: Adware.Casino
Path: D:\Programme\Everest Poker\cstart-tmp.exe
Risk: Medium

Name: Adware.Casino
Path: D:\Programme\Everest Poker\CStart.exe
Risk: Medium

Name: Adware.Casino
Path: D:\Programme\Everest Poker\Everest Poker.exe
Risk: Medium

Name: Adware.Casino
Path: D:\Programme\Everest Poker.net\cstart-tmp.exe
Risk: Medium

Name: Adware.Casino
Path: D:\Programme\Everest Poker.net\CStart.exe
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/10.scl
Risk: Medium

Name: TrackingCookie.Adtech
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/11.scl
Risk: Medium

Name: TrackingCookie.Falkag
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/12.scl
Risk: Medium

Name: TrackingCookie.Komtrack
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/13.scl
Risk: Medium

Name: TrackingCookie.2o7
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/14.scl
Risk: Medium

Name: TrackingCookie.Bfast
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/16.scl
Risk: Medium

Name: TrackingCookie.71i
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/17.scl
Risk: Medium

Name: TrackingCookie.Reliablestats
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/18.scl
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/19.scl
Risk: Medium

Name: TrackingCookie.Overture
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/20.scl
Risk: Medium

Name: TrackingCookie.Zedo
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/21.scl
Risk: Medium

Name: TrackingCookie.Atdmt
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/5.scl
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/6.scl
Risk: Medium

Name: TrackingCookie.Hitbox
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/7.scl
Risk: Medium

Name: TrackingCookie.Hitbox
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/8.scl
Risk: Medium

Name: TrackingCookie.Hitbox
Path: D:\Programme\Free Spyware Scanner\Backup\03_08_200714_03_40.zip/9.scl
Risk: Medium

Name: TrackingCookie.Advertising
Path: D:\Programme\Free Spyware Scanner\Backup\03_09_200721_51_13.zip/0.scl
Risk: Medium

Name: TrackingCookie.Atdmt
Path: D:\Programme\Free Spyware Scanner\Backup\03_09_200721_51_13.zip/1.scl
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: D:\Programme\Free Spyware Scanner\Backup\03_09_200721_51_13.zip/2.scl
Risk: Medium

Name: TrackingCookie.Komtrack
Path: D:\Programme\Free Spyware Scanner\Backup\03_09_200721_51_13.zip/3.scl
Risk: Medium

Name: TrackingCookie.Advertising
Path: D:\Programme\Free Spyware Scanner\Temp\03_09_200721_51_13\0.scl
Risk: Medium

Name: TrackingCookie.Atdmt
Path: D:\Programme\Free Spyware Scanner\Temp\03_09_200721_51_13\1.scl
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: D:\Programme\Free Spyware Scanner\Temp\03_09_200721_51_13\2.scl
Risk: Medium

Name: TrackingCookie.Komtrack
Path: D:\Programme\Free Spyware Scanner\Temp\03_09_200721_51_13\3.scl
Risk: Medium

Name: Adware.Casino
Path: D:\Programme\GV Casino Partie\Casino Partie.exe
Risk: Medium

Name: Adware.Casino
Path: D:\Programme\GV Casino Partie\CStart.exe
Risk: Medium

11.03.2007, 21:40

Sabina

Ehrenmitglied

Beiträge: 29434

#8 ««
"remove infections" klicken (ewido)

««
poste och mal die 6 logs von datfindabt + das log von combofix
__________
MfG Sabina

rund um die PC-Sicherheit

12.03.2007, 16:39

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#9 1. remove infections hab ich schon gemacht

2. Mein Vierenscanner war schon seit Monaten nicht geupdatet, weil das bei mir irgendwie nicht mit dem Update geklappt hat. Jetzt hat es aber geklappt und der virenscanner (AntiVir) hat auch prompt einige Trojaner gefunden.

3. Papierkorb ist immer noch kaputt.

4. logs poste ich wahrscheinlich heute abend.

thx Phil

12.03.2007, 16:44

Sabina

Ehrenmitglied

Beiträge: 29434

#10 poste zusaetzlich zu den 6 logs von datfindbat noch dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

12.03.2007, 19:29

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#11 Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS\system32

12.03.2007 19:21 8.374 SpamExpertsLSP.txt
12.03.2007 17:44 50.868 nvapps.xml
12.03.2007 17:44 12.598 wpa.dbl
12.03.2007 17:41 189 _nvidia_xxx_.log
10.03.2007 23:18 1.682 KGyGaAvL.sys
10.03.2007 23:18 56 70469FCE5F.sys
07.03.2007 20:39 12.672 ikhcore.log
18.02.2007 12:45 3.002 CONFIG.NT
15.02.2007 18:01 337.280 WgaTray.exe
15.02.2007 18:01 1.476.992 LegitCheckControl.dll
15.02.2007 18:00 236.928 WgaLogon.dll
15.02.2007 15:29 122.142 TZLog.log
11.02.2007 00:27 401.064 perfh009.dat
11.02.2007 00:27 415.470 perfh007.dat
11.02.2007 00:27 62.344 perfc009.dat
11.02.2007 00:27 74.996 perfc007.dat
11.02.2007 00:27 940.174 PerfStringBackup.INI
10.02.2007 23:55 0 h323log.txt
07.02.2007 23:01 12.293.536 MRT.exe
29.01.2007 16:59 9.132 jupdate-1.5.0_10-b03.log
29.01.2007 09:58 60.416 tzchange.exe
23.01.2007 20:30 546.304 hhctrl.ocx
19.01.2007 12:53 51.056 sirenacm.dll
15.01.2007 18:32 689.280 aswBoot.exe
15.01.2007 18:23 90.112 AVASTSS.scr
12.01.2007 09:27 3.580.416 mshtml.dll
12.01.2007 09:27 458.752 msfeeds.dll
12.01.2007 09:27 477.696 mshtmled.dll
12.01.2007 09:27 670.720 mstime.dll
12.01.2007 09:27 1.149.952 urlmon.dll
12.01.2007 09:27 232.960 webcheck.dll
12.01.2007 09:27 132.608 extmgr.dll
12.01.2007 09:27 822.784 wininet.dll
12.01.2007 09:27 27.136 jsproxy.dll
12.01.2007 09:27 51.712 msfeedsbs.dll
12.01.2007 09:27 6.054.400 ieframe.dll
10.01.2007 17:42 1.040.384 ieframe.dll.mui
08.01.2007 19:04 105.984 url.dll
08.01.2007 19:04 102.400 occache.dll
08.01.2007 19:03 193.024 msrating.dll
08.01.2007 19:02 1.823.744 inetcpl.cpl
08.01.2007 19:02 44.544 iernonce.dll
08.01.2007 19:02 266.752 iertutil.dll
08.01.2007 19:02 384.000 iedkcs32.dll
08.01.2007 19:02 230.400 ieaksie.dll
08.01.2007 19:02 161.792 ieakui.dll
08.01.2007 19:02 153.088 ieakeng.dll
08.01.2007 19:02 383.488 ieapfltr.dll
08.01.2007 19:01 17.408 corpol.dll
08.01.2007 19:00 124.928 advpack.dll
08.01.2007 18:08 56.832 ie4uinit.exe
08.01.2007 18:08 13.824 ieudinit.exe
19.12.2006 22:49 135.168 shsvcs.dll
19.12.2006 22:49 8.494.592 shell32.dll
19.12.2006 19:17 334.336 wiaservc.dll
16.12.2006 19:57 96.642 app_filter_ui.log
13.12.2006 21:24 89.296 ElbyCDIO.dll
12.12.2006 20:17 341.832 FNTCACHE.DAT
06.12.2006 18:15 16.832 amcompat.tlb
06.12.2006 18:15 23.392 nscompat.tlb
03.12.2006 21:09 34 oeminfo.ini

2348 Datei(en) 541.345.775 Bytes
0 Verzeichnis(se), 2.279.063.552 Bytes frei

################################################

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\DOKUME~1\Phil\LOKALE~1\Temp

12.03.2007 19:21 512 ~DF7BA3.tmp
12.03.2007 19:21 16.384 ~DF7B90.tmp
2 Datei(en) 16.896 Bytes
0 Verzeichnis(se), 2.279.026.688 Bytes frei

########################################

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS

12.03.2007 17:42 0 0.log
12.03.2007 17:41 1.306.205 WindowsUpdate.log
12.03.2007 17:41 2.048 bootstat.dat
12.03.2007 17:12 32.552 SchedLgU.Txt
11.03.2007 20:30 637 setupapi.log
08.03.2007 18:00 116 NeroDigital.ini
08.03.2007 14:09 278 system.ini
08.03.2007 14:07 560.412 Timmy Screensaver.exe
08.03.2007 14:07 231.328 Timmy Screensaver.scr
08.03.2007 14:07 40.960 Timmy Screensaver.dll
06.03.2007 21:48 167.271 setupact.log
05.03.2007 15:52 216 wiadebug.log
05.03.2007 15:26 50 wiaservc.log
03.03.2007 23:15 9.316 DPINST.LOG
03.03.2007 23:05 520 HCWPNP.INI
01.03.2007 19:45 0 Sti_Trace.log
28.02.2007 17:22 102.036 spupdsvc.log
28.02.2007 14:14 24.011 WgaNotify.log
28.02.2007 14:14 113.838 updspapi.log
20.02.2007 17:19 234 SIERRA.INI
15.02.2007 15:29 32.869 ocmsn.log
15.02.2007 15:29 1.374 imsins.log
15.02.2007 15:29 27.039 KB927779.log
15.02.2007 15:29 242.072 comsetup.log
15.02.2007 15:29 339.523 tsoc.log
15.02.2007 15:29 439.285 ocgen.log
15.02.2007 15:29 44.022 msgsocm.log
15.02.2007 15:29 870.200 FaxSetup.log
15.02.2007 15:29 23.736 KB927802.log
15.02.2007 15:29 24.244 KB928255.log
15.02.2007 15:29 20.763 KB924667.log
15.02.2007 15:29 33.199 KB931836.log
15.02.2007 15:28 22.704 KB926436.log
15.02.2007 15:28 15.005 KB928090-IE7.log
15.02.2007 15:28 17.856 KB918118.log
15.02.2007 15:28 16.657 KB928843.log
14.02.2007 13:43 20.866 LUINSTALL.LOG
11.02.2007 00:43 1.454 COM+.log
10.02.2007 10:42 1.095 win.ini
06.02.2007 22:51 226 Pfui-Client.INI
14.01.2007 13:10 23 BlendSettings.ini
13.01.2007 01:25 3.549 KB929969.log
22.12.2006 22:33 32 HCWBTDLG.INI
17.12.2006 11:25 4 INI1=No
17.12.2006 11:25 4 INI2=No
15.12.2006 21:38 356.352 eSellerateEngine.dll
15.12.2006 21:35 10.648 KB925398.log
15.12.2006 21:35 14.449 KB926255.log
15.12.2006 21:35 15.085 KB923694.log
10.12.2006 20:29 737.280 iun6002.exe
09.12.2006 16:23 65.834 ie7_main.log
09.12.2006 16:23 103.165 ie7.log
09.12.2006 16:23 27.144 IDNMitigationAPIs.log
09.12.2006 16:22 26.992 NLSDownlevelMapping.log
09.12.2006 16:22 23.839 KB915865.log
09.12.2006 16:21 1.495 iereseticons.log
09.12.2006 15:47 25.159 ie7Uninst.log
08.12.2006 23:18 59 wininit.ini
08.12.2006 23:00 68 mix-fx.ini
08.12.2006 19:34 44 TV total.ini
06.12.2006 18:44 2.174 WMEncoder.log
06.12.2006 18:12 3.310 wmsetup10.log
06.12.2006 18:07 7.844 KB926239.log
06.12.2006 18:07 5.196 MSCompPackV1.log
06.12.2006 18:07 18.133 wmp11.log
06.12.2006 18:06 26.465 WMFDist11.log
06.12.2006 18:06 11.212 Wudf01000Inst.log
06.12.2006 17:39 49 iltwain.ini

273 Datei(en) 33.802.367 Bytes
0 Verzeichnis(se), 2.279.026.688 Bytes frei

#############################################

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS\Temp

12.03.2007 17:41 16.384 Perflib_Perfdata_77c.dat
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 2.279.026.688 Bytes frei

################################################

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\WINDOWS\Downloaded Program Files

29.01.2007 18:08 59.556 Doremi.ttf
09.11.2006 14:36 5.019 swflash.inf
05.09.2006 16:14 297 setup.inf
27.07.2006 12:52 367 LegitCheckControl.inf
11.07.2006 09:41 345.656 ewidoOnlineScan.dll
25.06.2006 11:50 1.793 erma.inf
15.05.2006 18:34 65 desktop.ini
10.11.2005 13:05 876 jinstall-1_5_0_06.inf
26.05.2005 03:19 291 wuweb.inf
26.05.2005 03:19 293 muweb.inf
18.11.2003 13:10 232 Mnviewer.inf
15.11.2001 16:42 325 AxisCamControl.inf
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 17:52 697 DirectAnimation Java Classes.osd
14 Datei(en) 416.629 Bytes
0 Verzeichnis(se), 2.279.026.688 Bytes frei

##########################################

Datentr„ger in Laufwerk C: ist XP
Volumeseriennummer: 50DC-16E6

Verzeichnis von C:\

12.03.2007 19:28 0 sys.txt
12.03.2007 19:27 991 down.txt
12.03.2007 19:27 278 tmp.txt
12.03.2007 19:26 13.929 system.txt
12.03.2007 19:25 329 systemtemp.txt
12.03.2007 19:24 115.031 system32.txt
12.03.2007 17:41 2.147.000.320 hiberfil.sys
12.03.2007 17:40 1.610.612.736 pagefile.sys
11.03.2007 21:43 6.774 avenger.txt
11.03.2007 20:17 911 VundoFix.txt
03.03.2007 22:41 244 sqmnoopt01.sqm
03.03.2007 22:41 268 sqmdata01.sqm
20.02.2007 15:20 215 boot.ini

29 Datei(en) 4.289.720.984 Bytes
0 Verzeichnis(se), 2.279.026.688 Bytes frei

###############################################
###############################################
###############################################

ComboScan v20070306.20 run by Phil on 2007-03-12 at 19:29:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:29:52, on 12.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Programme\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Neue neue eigene Dateien\mousometer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Phil\Eigene Dateien\comboscan.exe
D:\NEUENE~1\HIJACK~2\Phil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - AE44EB-2E7F-48B6-B2D9-AC2C9DCA5582} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - xAJ - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1164F822-98FA-4B53-878F-17CB4A9DD95F} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AC44C864-3463-450C-B266-3EA7A1C9C99F} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\fccayyy.dll (file missing)
O2 - BHO: (no name) - {D47F92E3-C43A-4462-8752-EC61BB5404Db} - C:\WINDOWS\system32\tjhnwfau.dll (file missing)
O2 - BHO: (no name) - {F86240BA-B7F1-483F-91ED-F6748214CE67} - (no file)
O2 - BHO: (no name) - È@0E0F0-5C30-11D4-945D-000000000010} - (no file)
O2 - BHO: (no name) - ˜@49220-F900-46B3-B5E7-38B9A74E05C4} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amcpbgdt] C:\gmilbakn.bat
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Mousometer.lnk = D:\Neue neue eigene Dateien\mousometer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148031810390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148159700125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam03.lugano.ch/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.verisign-grs.com/plug-in/i-navinstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5130BED4-2704-48DB-8EE8-153A4A4D65C7}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - d:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-- Files created between 2007-02-12 and 2007-03-12 -----------------------------

-- Find3M Report ---------------------------------------------------------------

2007-03-11 21:41:29 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-03-10 23:18:37 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-10 23:18:37 56 -r-hs---- C:\WINDOWS\system32\70469FCE5F.sys<70469F~1.SYS>
2007-03-09 20:54:45 0 d-------- C:\Programme\Tiscali
2007-03-09 20:54:45 0 d-------- C:\Programme\Everest Poker.net<EVERES~1.NET>
2007-03-09 19:38:53 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\TrojanHunter<TROJAN~1>
2007-03-08 19:51:33 0 d-------- C:\Programme\Yahoo!
2007-03-08 19:43:57 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Yahoo!
2007-03-08 14:07:53 231328 --a------ C:\WINDOWS\Timmy Screensaver.scr<TIMMYS~1.SCR>
2007-03-08 14:07:53 560412 --a------ C:\WINDOWS\Timmy Screensaver.exe<TIMMYS~1.EXE>
2007-03-08 14:07:53 40960 --a------ C:\WINDOWS\Timmy Screensaver.dll<TIMMYS~1.DLL>
2007-03-07 17:35:44 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Azureus
2007-03-07 14:11:59 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Lavasoft
2007-03-07 14:11:55 0 d-------- C:\Programme\Lavasoft
2007-03-07 14:11:22 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard<WISEIN~1>
2007-03-07 13:46:56 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\PC Tools<PCTOOL~1>
2007-03-05 14:55:49 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AdobeUM
2007-03-05 13:48:40 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Vso
2007-03-03 23:15:26 0 d-------- C:\Programme\MSN Messenger<MSNMES~1>
2007-02-23 18:47:14 34 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.log
2007-02-23 18:47:11 47360 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.sys
2007-02-23 18:47:11 1144 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.inf
2007-02-23 18:47:11 7824 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\pcouffin.cat
2007-02-23 18:47:11 87608 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ezpinst.exe
2007-02-22 17:12:25 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-02-22 14:18:44 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-02-20 21:18:18 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\My The Lord of the Rings, The Rise of the Witch-king Files<MYTHEL~1>
2007-02-20 20:46:29 34 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AHIZLNXA.log
2007-02-20 20:46:25 94080 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ezplay.sys
2007-02-20 20:46:25 7172 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ezplay.cat
2007-02-20 20:46:25 125 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AHIZLNXA.ini
2007-02-20 20:46:25 1104 --a------ C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\AHIZLNXA.inf
2007-02-20 15:21:11 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Engelmann Media<ENGELM~1>
2007-02-20 15:20:44 0 d-------- C:\Programme\S.A.D<SA269F~1.D>
2007-02-20 15:20:17 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-02-19 21:21:04 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien<MEINED~3>
2007-02-18 12:45:43 0 d-------- C:\Programme\Alwil Software<ALWILS~1>
2007-02-15 20:35:26 0 d-------- C:\Programme\DVD Shrink<DVDSHR~1>
2007-02-15 15:45:29 0 d-------- C:\Programme\Google
2007-02-14 13:43:58 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1>
2007-02-14 13:29:22 0 d-------- C:\Programme\Symantec Technical Support<SYMANT~1>
2007-02-11 15:51:05 0 d-------- C:\Programme\Gemeinsame Dateien\{50DC16E6-08A1-1031-0805-050310060031}<{50DC1~1>
2007-02-11 13:49:26 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Symantec
2007-02-11 11:10:36 0 d-------- C:\Programme\Gemeinsame Dateien\element5 Shared<ELEMEN~1>
2007-02-11 11:09:47 0 d-------- C:\Programme\boesetaten.de Bildstörung<BOESET~1.DEB>
2007-02-11 11:09:39 0 d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2007-02-11 00:27:39 415470 --a------ C:\WINDOWS\system32\perfh007.dat
2007-02-11 00:27:39 74996 --a------ C:\WINDOWS\system32\perfc007.dat
2007-02-10 19:50:54 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ImgBurn
2007-02-06 22:55:38 0 d-------- C:\Programme\Coolspot
2007-02-06 19:55:29 0 d-------- C:\Programme\Avira
2007-01-29 16:59:38 0 d-------- C:\Programme\Java
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-17 15:40:16 0 d-------- C:\Programme\SpamButcher<SPAMBU~1>
2007-01-17 15:40:16 0 d-------- C:\Programme\Replay Converter<REPLAY~1>
2007-01-17 15:36:56 0 d-------- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\uTorrent
2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 22:49:41 135168 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:17:03 334336 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-15 21:38:54 356352 --a------ C:\WINDOWS\eSellerateEngine.dll<ESELLE~1.DLL>
2006-12-13 21:24:42 89296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"amcpbgdt"="C:\\gmilbakn.bat"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"NBJ"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
"SpybotSD TeaTimer"="d:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HPHUPD05"="C:\\Programme\\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SoundMan"="SOUNDMAN.EXE"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"NVIDIA nTune"="\"C:\\Programme\\NVIDIA Corporation\\nTune\\\\nTune.exe\" clear"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"FamilyFilter"="C:\\Programme\\Coolspot\\FamilyFilter\\Admin.exe /defuser"
"nTrayFw"="C:\\PROGRA~1\\NVIDIA~1\\NETWOR~1\\bin\\nTrayFw.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"System: PPFSYS.EXE Don`t remove it!"="ppfsys.exe"
"WinampAgent"="\"D:\\Programme\\Winamp\\Winampa.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"SpywareTerminator"="\"D:\\Programme\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"THGuard"="\"D:\\Programme\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B07CB267-5E6F-441F-9B3C-324EFE70F897}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"HideClock"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of ComboScan: finished at 2007-03-12 at 19:30:08 ------------------------

12.03.2007, 23:59

Sabina

Ehrenmitglied

Beiträge: 29434

#12 ««
start - Ausfuehren - regedit

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"System: PPFSYS.EXE Don`t remove it!"="ppfsys.exe" - loeschen

««
avenger

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks|{B07CB267-5E6F-441F-9B3C-324EFE70F897}
HKLM\software\microsoft\windows\currentversion\run-|System: PPFSYS.EXE Don`t remove it!

Files to delete:
C:\WINDOWS\System32\ppfsys.exe

Folders to delete:
C:\Programme\Everest Poker.net
C:\Programme\Gemeinsame Dateien\{50DC16E6-08A1-1031-0805-050310060031}

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - AE44EB-2E7F-48B6-B2D9-AC2C9DCA5582} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - xAJ - (no file)

O2 - BHO: (no name) - {1164F822-98FA-4B53-878F-17CB4A9DD95F} - C:\WINDOWS\system32\gebcy.dll (file missing)

O2 - BHO: (no name) - {AC44C864-3463-450C-B266-3EA7A1C9C99F} - (no file)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\fccayyy.dll (file missing)
O2 - BHO: (no name) - {D47F92E3-C43A-4462-8752-EC61BB5404Db} - C:\WINDOWS\system32\tjhnwfau.dll (file missing)
O2 - BHO: (no name) - {F86240BA-B7F1-483F-91ED-F6748214CE67} - (no file)
O2 - BHO: (no name) - È@0E0F0-5C30-11D4-945D-000000000010} - (no file)
O2 - BHO: (no name) - ˜@49220-F900-46B3-B5E7-38B9A74E05C4} - (no file)

PC neustarten

««
http://www.funkytoad.com/download/HostsXpert.zip
Press 'Restore Microstoft's Hosts File' and press 'OK'
Exit Program.

»»
scanne, poste den report + das neue log vom Hijackthis
http://virus-protect.org/artikel/tools/superantispyware.html
__________
MfG Sabina

rund um die PC-Sicherheit

13.03.2007, 13:44

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#13 Papierkorb ist immer noch weg

Welches Logfile soll ich posten?

Logfile of HijackThis v1.99.1
Scan saved at 13:45:14, on 13.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Programme\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Neue neue eigene Dateien\mousometer.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\fw_watch.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Neue neue eigene Dateien\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amcpbgdt] C:\gmilbakn.bat
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Mousometer.lnk = D:\Neue neue eigene Dateien\mousometer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spamexpertslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148031810390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148159700125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam03.lugano.ch/activex/AxisCamControl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.verisign-grs.com/plug-in/i-navinstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5130BED4-2704-48DB-8EE8-153A4A4D65C7}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - d:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

13.03.2007, 13:50

Sabina

Ehrenmitglied

Beiträge: 29434

#14 versuche es damit:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q810869
__________
MfG Sabina

rund um die PC-Sicherheit

13.03.2007, 19:12

Erdnussflipx

...neu hier

Themenstarter

Beiträge: 9

#15 Das mit dem Papierkorb klappt nicht. Hast du noch eine andere Lösung

Außerdem habe ich das Gefühl das mein Internet n bisschen langsam läuft.

Dieser Beitrag wurde am 14.03.2007 um 14:16 Uhr von Erdnussflipx editiert.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2