ICQ Trojaner eingefangen !Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
22.03.2007, 20:59
Member
Beiträge: 15 |
||
|
||
23.03.2007, 08:54
Member
Beiträge: 694 |
#2
Hallo,
bitte folgendes abarbeiten: Zitat Zitat:scanne mit option 1 und 2 und poste die reporte Zitat: http://virus-protect.org/artikel/tools/smitfrautfix.html Da ist weit mehr auf Deinem Rechner; läuft Kaspersky noch (Service-EXE ist weg)? Wenn Du willst kannst Du das hier schon mal fixen, aber es fehlen Infos d.h. wir werden nicht alles "erwischen"; Zitat Hijackthis, fixen: |
|
|
||
23.03.2007, 10:13
Ehrenmitglied
Beiträge: 29434 |
#3
Chris85
poste also alle logs (ausser hijackTHis, dann saeubern wir das http://board.protecus.de/t23188.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.03.2007, 14:23
Member
Themenstarter Beiträge: 15 |
#4
Mach ich sobald ich von der Arbeit komme *rumhäng wart*
... so daheim^^ Einmal HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 15:49:25, on 23.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\D-Link\AirPlus G\AirGCFG.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Winamp\winampa.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\ICQ\ICQ.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Teamspeak2_RC2\TeamSpeak.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe C:\WINDOWS\System32\odtemdt2.exe C:\Dokumente und Einstellungen\Chris\Desktop\Needful\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file) O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uaeccjqk.dll (file missing) O2 - BHO: (no name) - {40D12BB6-6371-406A-859D-A5B251E57B8A} - C:\WINDOWS\system32\pmnlk.dll (file missing) O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {B2E3DF5B-35BC-331F-BD5A-3676143A55CF} - C:\WINDOWS\system32\cemsdp.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: strmatkc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (file missing) -------- Cleanup gemacht -------- Combofix : "Chris" - 07-03-23 15:55:23 Service Pack 2 ComboFix 07-03-22.2 - Running from: "C:\Dokumente und Einstellungen\Chris\Desktop\Needful" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\WINDOWS\system32\PPATCH~1 C:\qoobox\purity\WINDOWS\system32\PPATCH~1\m?iexec.exe ((((((((((((((((((((((((((((((( Files Created from 2007-02-23 to 2007-03-23 )))))))))))))))))))))))))))))))))) 2007-03-23 15:48 182,930 --a------ C:\WINDOWS\system32\odtemdt2.exe 2007-03-22 17:22 0 --a------ C:\WINDOWS\r81j7l4g.pif 2007-03-22 16:13 110,592 --a------ C:\WINDOWS\system32\Gi3DWFQ.dll 2007-03-22 16:13 0 --a------ C:\WINDOWS\9ergx.dat 2007-03-22 16:12 77,824 --a------ C:\WINDOWS\system32\strmatkc.dll 2007-03-22 16:12 77,824 --a------ C:\WINDOWS\system32\nmevmsas.dll 2007-03-22 16:12 61,440 --a------ C:\WINDOWS\system32\wmpcmsyu.exe 2007-03-22 16:12 4 --a------ C:\WINDOWS\system32\odtemdt2.dat 2007-03-22 16:12 241,664 --a------ C:\WINDOWS\system32\odtemdt2.dll 2007-03-22 16:12 <DIR> d--h----- C:\WINDOWS\PIF 2007-03-09 22:30 <DIR> d-------- C:\Programme\iTunes 2007-03-09 22:30 <DIR> d-------- C:\Programme\iPod 2007-03-09 22:30 <DIR> d-------- C:\DOKUME~1\Chris\ANWEND~1\Apple Computer 2007-03-09 22:29 <DIR> d-------- C:\Programme\QuickTime 2007-03-09 22:28 <DIR> d-------- C:\Programme\Apple Software Update 2007-03-09 22:28 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-22 17:44 -------- d-------- C:\Programme\icq 2007-03-22 15:48 -------- d-------- C:\DOKUME~1\Chris\ANWEND~1\teamspeak2 2007-03-07 15:29 -------- d-------- C:\Programme\world of warcraft 2007-02-05 17:02 -------- d-------- C:\Programme\megauploadtoolbar 2007-02-05 17:02 -------- d-------- C:\DOKUME~1\Chris\ANWEND~1\megauploadtoolbar 2006-12-31 18:26 617 --a------ C:\WINDOWS\ereg.dat 2006-12-31 16:56 48354 --a------ C:\WINDOWS\system32\perfc007.dat 2006-12-31 16:56 316924 --a------ C:\WINDOWS\system32\perfh007.dat 2006-12-31 16:39 63225 --a------ C:\WINDOWS\war3unin.dat 2006-12-31 16:35 2829 --a------ C:\WINDOWS\war3unin.pif 2006-12-31 16:35 139264 --a------ C:\WINDOWS\war3unin.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "D-Link AirPlus G"="C:\\Programme\\D-Link\\AirPlus G\\AirGCFG.exe" "Mirabilis ICQ"="C:\\PROGRA~1\\ICQ\\ICQNet.exe" "SoundMan"="SOUNDMAN.EXE" "WinampAgent"="C:\\Programme\\Winamp\\winampa.exe" "nTrayFw"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "SemanticInsight"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" @="" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^FRITZ!DSL Startcenter.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\FRITZ!DSL Startcenter.lnk" "backup"="C:\\WINDOWS\\pss\\FRITZ!DSL Startcenter.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FRITZ!~1\\StCenter.exe " "item"="FRITZ!DSL Startcenter" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WZCSLDR2" "hkey"="HKLM" "command"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="eDonkey2000" "hkey"="HKLM" "command"="C:\\Programme\\eDonkey2000\\eDonkey2000.exe -t" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="isuspm" "hkey"="HKLM" "command"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="issch" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="steam" "hkey"="HKCU" "command"="\"c:\\programme\\steam\\steam.exe\" -silent" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "de_serv"=dword:00000003 "ANIWZCSdService"=dword:00000002 "SAVScan"=dword:00000002 "NBService"=dword:00000003 "navapsvc"=dword:00000002 "ForcewareWebInterface"=dword:00000002 "ForceWare Intelligent Application Manager (IAM)"=dword:00000002 "AVM IGD CTRL Service"=dword:00000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="strmatkc.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"="C:\\Programme\\Symantec\\LiveUpdate\\ALUNotify.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odtemdt2 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\Dokumente und Einstellungen\Chris\Eigene Dateien\Azureus\Neuer Ordner\wow!! 2 Blonde SchC:\Dokumente und Einstellungen\Chris\Eigene Dateien\Azureus\Neuer Ordner\wow!! 2 Blonde SchC:\Dokumente und Einstellungen\Chris\Eigene Dateien\Azureus\Neuer Ordner\wow!! 2 Blonde Sch scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 ******************************************************************** Completion time: 07-03-23 15:56:42 ------ datFind: 1. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: DCE4-35DE Verzeichnis von C:\WINDOWS\system32 23.03.2007 15:48 182.930 odtemdt2.exe 23.03.2007 15:39 0 _nvidia_xxx_.log 23.03.2007 15:39 45.378 nvapps.xml 22.03.2007 16:13 110.592 Gi3DWFQ.dll 22.03.2007 16:13 4 odtemdt2.dat 22.03.2007 16:12 77.824 nmevmsas.dll 22.03.2007 16:12 61.440 wmpcmsyu.exe 22.03.2007 16:12 77.824 strmatkc.dll 22.03.2007 16:12 241.664 odtemdt2.dll 21.03.2007 19:31 2.206 wpa.dbl 07.03.2007 21:36 12.619.736 MRT.exe 17.02.2007 02:30 122.142 TZLog.log 16.02.2007 10:54 65.536 QuickTimeVR.qtx 16.02.2007 10:54 49.152 QuickTime.qts 29.01.2007 09:58 60.416 tzchange.exe 25.01.2007 13:52 617.472 urlmon.dll 23.01.2007 20:30 546.304 hhctrl.ocx 14.01.2007 11:42 0 nmp.log 11.01.2007 20:07 9.132 jupdate-1.5.0_10-b03.log - 2. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: DCE4-35DE Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp 23.03.2007 15:39 512 ~DFCE6D.tmp 23.03.2007 15:39 16.384 ~DFCE60.tmp 2 Datei(en) 16.896 Bytes 0 Verzeichnis(se), 64.875.589.632 Bytes frei - 3. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: DCE4-35DE Verzeichnis von C:\WINDOWS 23.03.2007 15:45 1.052.445 WindowsUpdate.log 23.03.2007 15:38 0 0.log 23.03.2007 15:38 2.048 bootstat.dat 22.03.2007 22:35 32.346 SchedLgU.Txt 22.03.2007 18:07 0 j2xbgwck2.bmp 22.03.2007 17:22 0 r81j7l4g.pif 22.03.2007 16:13 0 gbrw8nl7.log 22.03.2007 16:13 0 9ergx.dat 21.03.2007 19:48 116 NeroDigital.ini 15.03.2007 22:57 652.976 iis6.log 15.03.2007 22:57 192.856 comsetup.log 15.03.2007 22:57 27.687 tabletoc.log 15.03.2007 22:57 116.098 ntdtcsetup.log -- 4. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: DCE4-35DE Verzeichnis von C:\WINDOWS\temp -- 5. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: DCE4-35DE Verzeichnis von C:\WINDOWS\Downloaded Program Files 24.08.2006 08:28 141.424 asinst.dll 22.08.2006 09:06 537 asinst.inf 24.07.2006 11:33 65 desktop.ini 16.06.2004 05:02 323.584 isusweb.dll 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 6 Datei(en) 686.794 Bytes 0 Verzeichnis(se), 64.875.581.440 Bytes frei -- 6. Volumeseriennummer: DCE4-35DE Verzeichnis von C:\ 23.03.2007 16:01 0 sys.txt 23.03.2007 16:00 541 down.txt 23.03.2007 16:00 117 tmp.txt 23.03.2007 16:00 10.121 system.txt 23.03.2007 15:59 341 systemtemp.txt 23.03.2007 15:58 99.368 system32.txt 23.03.2007 15:56 9.432 ComboFix.txt 23.03.2007 15:38 1.610.612.736 pagefile.sys 02.12.2006 20:12 2.082 avenger.txt 01.12.2006 20:19 22.362 files.txt 01.12.2006 16:12 1.495 rapport.txt 30.11.2006 17:12 211 boot.ini 24.07.2006 19:18 1.024 .rnd 24.07.2006 12:54 32 ALCSetup.log 24.07.2006 11:34 0 MSDOS.SYS 24.07.2006 11:34 0 CONFIG.SYS 24.07.2006 11:34 0 IO.SYS 24.07.2006 11:34 0 AUTOEXEC.BAT ----- So ich glaube das sollte es gewesen sein, hoffe es ist alles dabei mfG Chris Dieser Beitrag wurde am 23.03.2007 um 16:01 Uhr von Chris85 editiert.
|
|
|
||
23.03.2007, 16:42
Ehrenmitglied
Beiträge: 29434 |
#5
Chris85
«« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººººº Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ------------- «« http://virus-protect.org/artikel/tools/sdfix.html im Normalmodus RunThis.bat doppelt klicken reinschreiben: 3 3 : wird Sophos geladen - waehle 6 - scanne und poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.03.2007, 17:32
Member
Themenstarter Beiträge: 15 |
#6
Hier das Avenger Script falls du brauchst:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\yhsfamco ******************* Script file located at: \??\C:\WINDOWS\ptveiodk.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\gbrw8nl7.log deleted successfully. File C:\WINDOWS\j2xbgwck2.bmp deleted successfully. File C:\WINDOWS\r81j7l4g.pif deleted successfully. File C:\WINDOWS\9ergx.dat deleted successfully. File C:\WINDOWS\system32\odtemdt2.exe deleted successfully. File C:\WINDOWS\system32\Gi3DWFQ.dll deleted successfully. File C:\WINDOWS\system32\odtemdt2.dat deleted successfully. File C:\WINDOWS\system32\nmevmsas.dll deleted successfully. File C:\WINDOWS\system32\wmpcmsyu.exe deleted successfully. File C:\WINDOWS\system32\strmatkc.dll deleted successfully. File C:\WINDOWS\system32\odtemdt2.dll deleted successfully. Folder C:\Programme\RXToolBar not found! Deletion of folder C:\Programme\RXToolBar failed! Could not process line: C:\Programme\RXToolBar Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SemanticInsight deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully. Registry key HKLM\SOFTWARE\Microsoft\odtemdt2 deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\odtemdt2 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40D12BB6-6371-406A-859D-A5B251E57B8A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67270207-b9ee-4d26-9270-860fdb060ca1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF} deleted successfully. Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2E3DF5B-35BC-331F-BD5A-3676143A55CF} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40D12BB6-6371-406A-859D-A5B251E57B8A} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40D12BB6-6371-406A-859D-A5B251E57B8A} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. ----- Hier der SDFix Report: Sophos Anti-Virus Version 4.15.0 [Win32/Intel] Virus data version 4.15, March 2007 Includes detection for 225202 viruses, trojans and worms Copyright (c) 1989-2007 Sophos Plc, www.sophos.com System time 17:06:51, System date 23 March 2007 Command line qualifiers are: -f -remove -nc -nb --stop-scan IDE directory is: C:\Dokumente und Einstellungen\Chris\Desktop\Needful\SDFix\IDE >>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0029901.dll Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0029905.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030064.exe Removal successful >>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030086.dll Removal successful >>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030087.dll Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030088.exe Removal successful >>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030090.dll Removal successful >>> Virus 'W32/Strati-Gen' found in file C:\System Volume Information\_restore{A3021250-4CB1-43E1-B37C-18CC817ACD25}\RP71\A0030091.exe Removal successful >>> Virus fragment 'W95/Sledge-A' found in file C:\WINDOWS\system32\ActiveScan\pskavs.dll Removal successful 1 boot sector swept. 14304 files swept in 24 minutes and 39 seconds. 9 viruses were discovered. 9 files out of 14304 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 Ending Sophos Anti-Virus. mfG Chris |
|
|
||
23.03.2007, 17:35
Ehrenmitglied
Beiträge: 29434 |
#7
1.
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann gleich wieder aktivieren) 2. loesche das backup vom avenger + leere den papierkorb 3. wenn die windowsupdates funktionieren - ist alles wieder i.o. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.03.2007, 17:39
Member
Themenstarter Beiträge: 15 |
||
|
||
Logfile of HijackThis v1.99.1
Scan saved at 21:00:30, on 22.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe
C:\Dokumente und Einstellungen\Chris\Eigene Dateien\Naruto\its_me.pif
C:\WINDOWS\System32\odtemdt2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe
C:\Programme\Winamp\Winamp.exe
C:\mIRC\mirc.exe
C:\Programme\ICQ\Icq.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Chris\Desktop\Needful\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\uaeccjqk.dll (file missing)
O2 - BHO: (no name) - {40D12BB6-6371-406A-859D-A5B251E57B8A} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {B2E3DF5B-35BC-331F-BD5A-3676143A55CF} - C:\WINDOWS\system32\cemsdp.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programme\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: strmatkc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: odtemdt2 - C:\WINDOWS\system32\odtemdt2.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (file missing)
mfG
Chris