Home » Spyware & Browser Hijacker Support Forum » Mein eigener PC greift mich an?? HTTP LOP Toolbar Activity » Themenansicht

Mein eigener PC greift mich an?? HTTP LOP Toolbar Activity
#0
19.03.2007, 14:59
Joeschtu
...neu hier

Beiträge: 3
#1 Hab seit einiger Zeit das probelm das von meinen antivirus programm ständig die meldung bekomme ein angriff auf meinen cumputer wurde abgewehrt, als ich mal das detail angesehen habe stand da, der angreifende computer ist mein eigener dazu meine IP adresse! Was ist das??
Seitenanfang Seitenende
19.03.2007, 21:55
heptamer666
Member

Beiträge: 647
#2 Könnten wir mal den genauen Wortlaut der Meldung, besser noch ein logfile, sehen?
Auch wäre es toll zu erfahren welches Programm sich da meldet, Hellseher ist hier glaub ich noch keiner. ;)
__________
Es ist nicht wenig Zeit, die wir haben, sondern viel Zeit, die wir nicht nutzen...
Seitenanfang Seitenende
20.03.2007, 18:01
Joeschtu
...neu hier

Themenstarter

Beiträge: 3
#3 Meldung: Ein Eindringungsversuch von RENE wurde blockiert
Name des Risikos: HTTP LOP Toolbar Activity
Risikostufe: Hoch
Angrifender Computer: RENE (das ist der Name meines PC)
Zieladresse: ads.dns-look-up.com (64.34.228.116,80)
Trafficbeschreibung: TCP, 1042

Das sind die einzigen infos die ich habe. Hab den Norton Antivirus 2007
Seitenanfang Seitenende
21.03.2007, 17:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Joeschtu ;)

1.
Erstellen eines Hijackthis-Logfiles
http://virus-protect.org/hjtkurz.html

Lade/entpacke HijackThis in einem Ordner
---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor

nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
---------------------------------------------------------------

2.
Folgen den Anweisungen unter
http://virus-protect.org/cleanup.html
und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht)

3.
Combofix - Textdatei im Thead posten
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.03.2007, 17:50
Joeschtu
...neu hier

Themenstarter

Beiträge: 3
#5 Logfile of HijackThis v1.99.1
Scan saved at 17:39:54, on 21.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Messenger\msmsgs.exe
C:\windows\system\hpsysdrv.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe
C:\Programme\InterVideo\Common\Bin\WinRemote.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\HP\hpcoretech\comp\hptskmgr.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Logitech\Video\FxSvr2.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Downloads\HijackThis.exe
C:\Programme\Norton AntiVirus\NAVW32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-exit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_CH&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchTool\nsjBC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de-ch\msntb.dll
O3 - Toolbar: HP-Ansicht - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\programme\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de-ch\msntb.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Programme\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Programme\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MONITER] 34763.exe
O4 - HKLM\..\Run: [TorontoMail] NsCplTray.exe
O4 - HKLM\..\Run: [dmpbd.exe] C:\WINDOWS\system32\dmpbd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dmjty.exe] C:\WINDOWS\system32\dmjty.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Regs64TransChic] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mp3 army regs 64\PHONETWO.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Programme\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [UnSpyPC] "C:\Programme\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [XTermInit] SAPSTR.exe
O4 - HKCU\..\Run: [sound64] PrcIdle.exe
O4 - HKCU\..\Run: [utsgmon] Dest068.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Browse Seek] C:\DOKUME~1\Besitzer\ANWEND~1\CAST4C~1\FindBeepStore.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: >>> HENTAI MOVIES <<< - javascript:{document.location='http://www.archivehentai.com/ah/14/getpassword.html';}
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv68/x.chm::/load.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/5/s1//q.chm::/file.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://15.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c10.cab?266f0348bf63d754c8501e141382b74b11522b105eecf6045bf9df22830673d27ce23693f6fea70b0c9870da8e71b14be31d47c179aae9cfe8d5bcaff0414503d8d11ba045:e14874fba286e71b5da6e5d94259853a
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFA6CE4C-2199-4A4F-9542-12E0163D6841} - http://sessa.isprime.com:8080/tel2net/CABDialer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{222BF2E0-EBCB-41BD-9621-EECADE8E85E1}: NameServer = 85.255.116.165,85.255.112.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C436E26-90A9-4323-826D-9530560C3B83}: NameServer = 85.255.116.165,85.255.112.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF5576E4-41F7-45C7-AC5A-5B4476888BD3}: NameServer = 85.255.116.165,85.255.112.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{F97066E6-CB2A-4B31-9BBC-A4FACC66E5DF}: NameServer = 85.255.116.165,85.255.112.141
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.165 85.255.112.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{222BF2E0-EBCB-41BD-9621-EECADE8E85E1}: NameServer = 85.255.116.165,85.255.112.141
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.165 85.255.112.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{222BF2E0-EBCB-41BD-9621-EECADE8E85E1}: NameServer = 85.255.116.165,85.255.112.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.165 85.255.112.141
O18 - Protocol: bw+0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {3A9C9F4E-1498-4012-B5F4-E9725AED1276} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe


"Besitzer" - 07-03-21 18:08:29 Service Pack 2
ComboFix 07-03-21.3 - Running from: "C:\Dokumente und Einstellungen\Besitzer\Desktop"

/wow section not completed - STAGE #6D
((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-21 17:58 64452 --a------ C:\WINDOWS\system32\perfc007.dat
2007-03-21 17:58 392512 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-21 17:32 -------- d-------- C:\Programme\google
2007-03-02 19:46 -------- d-------- C:\Programme\pokerstars.net
2007-02-22 18:05 -------- d-------- C:\Programme\java
2007-02-17 01:27 2100 --a------ C:\WINDOWS\ladydata.dat
2007-02-10 05:32 -------- d-------- C:\DOKUME~1\Besitzer\ANWEND~1\vlc
2007-02-10 04:38 -------- d-------- C:\Programme\videolan
2007-02-08 23:00 -------- d-------- C:\Programme\msn messenger
2007-02-03 23:20 -------- d-------- C:\Programme\freevideo
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 23:14 382 --a------ C:\DOKUME~1\Besitzer\ANWEND~1\internaldb1942.dat
2007-01-07 02:55 356663 --a------ C:\WINDOWS\12-b101c483c2fe3ac4a2bd5fae3377ef4f.exe
2007-01-07 02:55 23 --a------ C:\DOKUME~1\Besitzer\ANWEND~1\inifile41.ini
2007-01-07 02:55 20480 --a------ C:\DOKUME~1\Besitzer\ANWEND~1\internaldb4827.dat
2007-01-07 02:55 0 --a------ C:\DOKUME~1\Besitzer\ANWEND~1\internaldb5436.dat
2006-12-22 18:49 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Acme.PCHButton"="C:\\PROGRA~1\\HPPAVI~1\\Pavilion\\XPHWWBS4\\plugin\\bin\\pchbutton.exe"
"BackupNotify"="c:\\Programme\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\MSMSGS.EXE\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"UnSpyPC"="\"C:\\Programme\\UnSpyPC\\UnSpyPC.exe\""
"XTermInit"="SAPSTR.exe"
"sound64"="PrcIdle.exe"
"utsgmon"="Dest068.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot"
"Browse Seek"="C:\\DOKUME~1\\Besitzer\\ANWEND~1\\CAST4C~1\\FindBeepStore.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHUPD05"="c:\\Programme\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Home Theater SchSvr"="\"C:\\Programme\\Gemeinsame Dateien\\InterVideo\\SchSvr\\SchSvr.exe\""
"WINREMOTE"="C:\\Programme\\InterVideo\\Common\\Bin\\WinRemote.exe"
"iTunesHelper"="C:\\Programme\\iTunes\\iTunesHelper.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"UpdateManager"="\"c:\\Programme\\Gemeinsame Dateien\\Sonic\\Update Manager\\sgtray.exe\" /r"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"MSN Messenger"="C:\\WINDOWS\\System32\\msmsgs.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"MONITER"="34763.exe"
"TorontoMail"="NsCplTray.exe"
"dmpbd.exe"="C:\\WINDOWS\\system32\\dmpbd.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"dmjty.exe"="C:\\WINDOWS\\system32\\dmjty.exe"
"hgqhp.exe"="C:\\WINDOWS\\system32\\hgqhp.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Programme\\Norton AntiVirus\\osCheck.exe\""
"Regs64TransChic"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\mp3 army regs 64\\PHONETWO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="csqbx.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"notepad.exe"="msmsgs.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AADF824491F00160.job
C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Besitzer.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-21 18:09:37
C:\ComboFix2.txt ... 07-03-21 18:03

Hoffe mal hab's richtig gemacht
Dieser Beitrag wurde am 21.03.2007 um 18:12 Uhr von Joeschtu editiert.
Seitenanfang Seitenende
21.03.2007, 18:34
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Joeschtu

willst du das wirklich reinigen ???? oder gleich besser sofort formatieren ???
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1