Popups von DriveCleaner, Winantivirus 2006, Sicherheitscenter, Search the Web un |
||
---|---|---|
#0
| ||
09.04.2007, 15:06
...neu hier
Beiträge: 6 |
||
|
||
11.04.2007, 14:56
Ehrenmitglied
Beiträge: 29434 |
#2
Juergen1511
Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» scanne mit Bitdefender/Online und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.04.2007, 19:11
...neu hier
Themenstarter Beiträge: 6 |
#3
Hallo Sabina,
konnte leider nicht eher. Ich habe die Dateien und Verzeichnisse mit Avenger gelöscht und dann im normalen Modus den Bitdefender laufen lassen. Beim starten des Explorers ging dann schon wieder das Fenster mit dem Broadcaster auf. Der Scanner hat dann aber nichts gefunden. BitDefender Online Scanner - Real Time Virus Report Generated at: Thu, Apr 12, 2007 - 18:59:15 Scan Info Scanned Files 896565 Infected Files 0 Virus Detected No virus found. This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world. Ich habe nochmal einen aktuellen Comboscan hinzugefügt ComboScan v20070306.20 run by Hanke on 2007-04-12 at 19:06:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Hanke.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:06:27, on 12.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Logitech\G-series Software\LGDCore.exe C:\Programme\Windows Defender\MSASCui.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\DOKUME~1\Hanke\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOKUME~1\Hanke\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Hanke\Desktop\Virus 08.04.07\comboscan.exe C:\HJT\Hanke.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [AHQInit] C:\Programme\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Programme\Anti Trojan Elite\TJEnder.exe :NO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe -- Files created between 2007-03-12 and 2007-04-12 ----------------------------- 2007-04-11 21:43:50 0 d-------- C:\WINDOWS\LastGood 2007-04-11 21:39:36 0 d-------- C:\avenger 2007-04-11 20:43:19 0 d-------- C:\Programme\Alwil Software<ALWILS~1> 2007-04-10 21:41:36 0 d-------- C:\SAV32CLI 2007-04-10 18:10:56 0 d-------- C:\WINDOWS\Prefetch 2007-04-09 22:08:51 0 d-------- C:\Programme\Anti Trojan Elite<ANTITR~1> 2007-04-09 21:24:29 0 d-------- C:\UBCD4Win 2007-04-09 16:54:10 14 --a------ C:\Dokumente und Einstellungen\Hanke\getfile.dat 2007-04-09 15:16:08 0 d-------- C:\Programme\ClearProg<CLEARP~1> 2007-04-09 13:49:25 14 --a------ C:\WINDOWS\system32\getfile.dat 2007-04-09 13:41:14 0 d-------- C:\Programme\Gemeinsame Dateien\Softwin 2007-04-08 21:30:16 26752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-04-08 21:30:16 163856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-04-08 21:30:16 0 d-------- C:\Programme\Gemeinsame Dateien\Panda Software<PANDAS~1> 2007-04-08 20:10:24 287 --a------ C:\startmwav.bat<STARTM~1.BAT> 2007-04-08 19:47:50 130048 --a------ C:\avenger.exe 2007-04-08 17:51:22 0 d-------- C:\WINDOWS\BDOSCAN8 2007-04-08 17:45:50 0 d-------- C:\Programme\The Cleaner<THECLE~1> 2007-04-08 14:57:09 0 d--h----- C:\WINDOWS\Icons 2007-04-08 14:24:20 2472 --a------ C:\clean.bat 2007-04-08 14:21:49 0 d-------- C:\Programme\ETRemover<ETREMO~1> 2007-04-08 13:32:36 0 d-------- C:\Programme\L2MRemover<L2MREM~1> 2007-04-08 12:03:02 14776424 --a------ C:\mwav.exe 2007-04-07 22:33:09 72320 --a------ C:\WINDOWS\system32\drivers\core.sys 2007-04-07 22:11:41 0 d-------- C:\Programme\Ultra Video Splitter<ULTRAV~1> -- Find3M Report --------------------------------------------------------------- 2007-04-12 19:00:35 0 d-------- C:\Programme\Mozilla Firefox 2007-04-11 20:57:40 0 d-------- C:\Programme\IsoBuster<ISOBUS~1> 2007-04-11 20:44:00 0 d-------- C:\Dokumente und Einstellungen\Hanke\Anwendungsdaten\Azureus 2007-04-10 21:51:48 0 d-------- C:\Programme\CureROM 2007-04-09 23:05:29 0 d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared<SYMANT~1> 2007-04-09 23:02:30 0 d-------- C:\Programme\Symantec 2007-04-09 17:23:09 419580 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-09 17:23:09 76624 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-09 17:07:26 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1> 2007-04-09 13:41:14 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1> 2007-04-08 18:02:58 0 --a------ C:\CONFIG.SYS 2007-04-08 18:02:58 0 -----n--- C:\AUTOEXEC.BAT 2007-04-07 23:19:41 0 d-------- C:\Programme\EndItAll -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\"" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" "CCleaner"="\"C:\\Programme\\CCleaner\\CCleaner.exe\" /AUTO" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AHQInit"="C:\\Programme\\Creative\\SBLive\\Program\\AHQInit.exe" "Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE" "Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" "Norman ZANDA"="C:\\VIRUSfighter\\Bin\\ZLH.EXE /LOAD /SPLASH" "Anti Trojan Elite"="C:\\Programme\\Anti Trojan Elite\\TJEnder.exe :NO" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active] "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "GrooveMonitor"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\"" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KHALMNPR" "hkey"="HKLM" "command"="KHALMNPR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Updreg" "hkey"="HKLM" "command"="C:\\WINDOWS\\Updreg.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"=dword:00000000 "NoDispCPL"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 "NoSetTaskbar"=dword:00000000 "NoSaveSettings"=dword:00000000 "LWA"=dword:00000000 "LWB"=dword:00000000 "LWC"=dword:00000000 "LWD"=dword:00000000 "LWE"=dword:00000000 "LWF"=dword:00000000 "LWG"=dword:00000000 "LWH"=dword:00000000 "LWI"=dword:00000000 "LWJ"=dword:00000000 "LWK"=dword:00000000 "LWL"=dword:00000000 "LWM"=dword:00000000 "LWN"=dword:00000000 "LWO"=dword:00000000 "LWP"=dword:00000000 "LWQ"=dword:00000000 "LWR"=dword:00000000 "LWS"=dword:00000000 "LWT"=dword:00000000 "LWU"=dword:00000000 "LWV"=dword:00000000 "LWW"=dword:00000000 "LWX"=dword:00000000 "LWY"=dword:00000000 "LWZ"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp -- End of ComboScan: finished at 2007-04-12 at 19:07:19 ------------------------ Hier nochmal die filelistings ----- Root ----------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\ 12.04.2007 19:15 1.774 sys.txt 12.04.2007 19:15 900 down.txt 12.04.2007 19:15 568 tmp.txt 12.04.2007 19:14 1.989 system.txt 12.04.2007 19:13 3.305 systemtemp.txt 12.04.2007 19:13 721 system32.txt 11.04.2007 21:37 2.147.483.648 pagefile.sys 11.04.2007 21:36 2.054 avenger.txt 10.04.2007 18:05 278 rapport_clean.txt 09.04.2007 23:07 194.315 nonav.log 09.04.2007 20:37 468 errorlog.txt 09.04.2007 14:54 16.709 ComboFix.txt 09.04.2007 14:54 466 ComboFix-quarantined-files.txt 09.04.2007 13:27 582 found.txt 09.04.2007 08:45 0 23990098.$$$ 08.04.2007 19:31 16.368 ComboFix2.txt 08.04.2007 18:02 0 CONFIG.SYS 08.04.2007 18:02 0 AUTOEXEC.BAT 08.04.2007 15:58 18.275 ComboFix3.txt 08.04.2007 14:24 2.472 clean.bat 08.04.2007 12:05 14.776.424 mwav.exe 06.04.2007 20:13 389 boot.ini 32 Datei(en) 2.162.927.479 Bytes 0 Verzeichnis(se), 82.469.138.432 Bytes frei ----- System32 ------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\system32 11.04.2007 21:39 2.148 wpa.dbl 11.04.2007 21:36 21.243 OODBS.lor 11.04.2007 21:28 2.953 CONFIG.NT 09.04.2007 17:23 404.578 perfh009.dat 09.04.2007 17:23 63.798 perfc009.dat 09.04.2007 17:23 419.580 perfh007.dat 09.04.2007 17:23 76.624 perfc007.dat 09.04.2007 17:23 975.946 PerfStringBackup.INI 09.04.2007 13:49 2.957 x_dtrace_log 09.04.2007 13:49 14 getfile.dat 06.04.2007 20:13 2.322.432 TUKernel.exe 2637 Datei(en) 527.974.464 Bytes 0 Verzeichnis(se), 82.469.011.456 Bytes frei ----- Prefetch ------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\Prefetch ----- Windows -------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS 29.01.2077 07:32 467 Faces.prf 12.04.2007 19:10 202.652 WindowsUpdate.log 11.04.2007 21:44 24.077 setupapi.log 11.04.2007 21:38 0 0.log 11.04.2007 21:38 159 wiadebug.log 11.04.2007 21:37 50 wiaservc.log 11.04.2007 21:37 2.048 bootstat.dat 11.04.2007 21:28 1.983 win.ini 11.04.2007 20:51 8.200 comsetup.log 11.04.2007 20:51 4.970 ntdtcsetup.log 11.04.2007 20:51 26.854 iis6.log 11.04.2007 20:51 1.374 imsins.log 11.04.2007 20:51 11.284 tsoc.log 11.04.2007 20:51 1.244 tabletoc.log 11.04.2007 20:51 1.368 ocmsn.log 11.04.2007 20:51 15.763 KB931784.log 11.04.2007 20:51 4.332 netfxocm.log 11.04.2007 20:51 11.664 ocgen.log 11.04.2007 20:51 1.700 MedCtrOC.log 11.04.2007 20:51 1.236 msgsocm.log 11.04.2007 20:51 24.730 FaxSetup.log 11.04.2007 20:51 7.582 msmqinst.log 11.04.2007 20:51 1.374 imsins.BAK 11.04.2007 20:51 13.976 KB931261.log 11.04.2007 20:51 1.883 updspapi.log 11.04.2007 20:51 13.456 KB930178.log 11.04.2007 20:51 13.377 KB932168.log 10.04.2007 18:06 1.807.814 ntbtlog.txt 10.04.2007 18:03 180 setupact.log 10.04.2007 18:02 0 setuperr.log 09.04.2007 20:38 98 lecaxjgo.txt 08.04.2007 14:51 0 Sti_Trace.log 08.04.2007 12:14 8.873.577 REGBK00.ZIP 06.04.2007 22:42 210 GSdx9 sse2.INI 06.04.2007 21:42 230 NeroDigital.ini 06.04.2007 11:10 54.156 QTFont.qfn 223 Datei(en) 56.848.868 Bytes 0 Verzeichnis(se), 82.468.995.072 Bytes frei ----- Tasks ---------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\tasks 11.04.2007 21:57 322 MP Scheduled Scan.job 06.04.2007 20:03 396 1-Klick-Wartung.job 10.03.2007 14:47 6 SA.DAT 26.02.2007 17:00 386 {D8A061BE-740D-4418-B9B3-B734B6A0B9C2}_DELL_Hanke.job 16.02.2007 17:00 386 {C6C24FA5-3561-4C14-9AA4-D7B381E2996D}_DELL_Hanke.job 16.02.2007 10:00 386 {3242CA89-4672-4A7E-BECB-FFA9FDE3255C}_DELL_Hanke.job 18.08.2001 14:00 65 desktop.ini 7 Datei(en) 1.947 Bytes 0 Verzeichnis(se), 82.468.995.072 Bytes frei ----- Wintemp -------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\temp 11.04.2007 21:57 2.388 MpCmdRun.log 11.04.2007 21:39 409 WGANotify.settings 11.04.2007 21:37 255 WGAErrLog.txt 11.04.2007 20:58 524.288 TMP00000041F945FEB601FB34AD 11.04.2007 20:58 524.288 TMP000000403760CF7B7F19B389 11.04.2007 20:46 16.384 Perflib_Perfdata_608.dat 6 Datei(en) 1.068.012 Bytes 0 Verzeichnis(se), 82.468.995.072 Bytes frei ----- Temp ----------------------------- Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\DOKUME~1\Hanke\LOKALE~1\Temp 12.04.2007 19:16 144.275 filelist.txt 12.04.2007 18:45 711 xml6B.tmp 12.04.2007 18:45 711 xml6A.tmp 12.04.2007 18:45 711 xml69.tmp 12.04.2007 17:45 711 xml68.tmp 12.04.2007 17:45 711 xml67.tmp 12.04.2007 17:45 711 xml66.tmp 12.04.2007 16:45 711 xml65.tmp 12.04.2007 16:45 711 xml64.tmp 12.04.2007 16:45 711 xml63.tmp 12.04.2007 16:45 59.964 Adobelm_Cleanup.0001 12.04.2007 15:45 711 xml5E.tmp 12.04.2007 15:45 711 xml5D.tmp 12.04.2007 15:45 711 xml5C.tmp 12.04.2007 14:45 711 xml5B.tmp 12.04.2007 14:45 711 xml5A.tmp 12.04.2007 14:45 711 xml59.tmp 12.04.2007 13:45 711 xml58.tmp 12.04.2007 13:45 711 xml57.tmp 12.04.2007 13:45 711 xml56.tmp 12.04.2007 12:45 711 xml55.tmp 12.04.2007 12:45 711 xml54.tmp 12.04.2007 12:45 711 xml53.tmp 12.04.2007 11:45 711 xml52.tmp 12.04.2007 11:45 711 xml51.tmp 12.04.2007 11:45 711 xml50.tmp 12.04.2007 10:45 711 xml4F.tmp 12.04.2007 10:45 711 xml4E.tmp 12.04.2007 10:45 711 xml4D.tmp 12.04.2007 09:45 711 xml4C.tmp 12.04.2007 09:45 711 xml4B.tmp 12.04.2007 09:45 711 xml4A.tmp 12.04.2007 08:45 711 xml49.tmp 12.04.2007 08:45 711 xml48.tmp 12.04.2007 08:45 711 xml47.tmp 12.04.2007 07:45 711 xml46.tmp 12.04.2007 07:45 711 xml45.tmp 12.04.2007 07:45 711 xml44.tmp 12.04.2007 06:45 711 xml43.tmp 12.04.2007 06:45 711 xml42.tmp 12.04.2007 06:45 711 xml41.tmp 12.04.2007 04:47 711 xml40.tmp 12.04.2007 04:46 711 xml3F.tmp 12.04.2007 04:45 711 xml3E.tmp 12.04.2007 03:43 711 xml3D.tmp 12.04.2007 03:43 711 xml3C.tmp 12.04.2007 03:43 711 xml3B.tmp 12.04.2007 02:41 711 xml3A.tmp 12.04.2007 02:41 711 xml39.tmp 12.04.2007 02:41 711 xml38.tmp 12.04.2007 01:42 711 xml37.tmp 12.04.2007 01:42 711 xml36.tmp 12.04.2007 01:40 711 xml35.tmp 11.04.2007 23:40 711 xml34.tmp 11.04.2007 23:40 711 xml33.tmp 11.04.2007 23:40 711 xml32.tmp 11.04.2007 22:39 711 xml31.tmp 11.04.2007 22:39 711 xml30.tmp 11.04.2007 22:39 711 xml2F.tmp 11.04.2007 21:40 32.768 ~DF2CE.tmp 11.04.2007 21:39 711 xml5.tmp 11.04.2007 21:39 711 xml4.tmp 11.04.2007 21:39 711 xml3.tmp 11.04.2007 21:38 16.384 ~DFE9F2.tmp 11.04.2007 21:38 49.152 ~DFED96.tmp 11.04.2007 21:38 9.587 WCESLog.log 66 Datei(en) 354.790 Bytes 0 Verzeichnis(se), 82.468.990.976 Bytes frei ******************************************************** "Hanke" - 07-04-12 19:23:00 Service Pack 2 ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\Hanke\Desktop\Virus 08.04.07" ((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 )))))))))))))))))))))))))))))))))) 2007-04-11 21:43 <DIR> d-------- C:\WINDOWS\LastGood 2007-04-11 21:39 <DIR> d-------- C:\avenger 2007-04-11 20:43 <DIR> d-------- C:\Programme\Alwil Software 2007-04-10 21:41 <DIR> d-------- C:\SAV32CLI 2007-04-10 18:10 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-09 23:05 <DIR> d-------- C:\Temp\NoNav 2007-04-09 22:08 <DIR> d-------- C:\Programme\Anti Trojan Elite 2007-04-09 21:24 <DIR> d-------- C:\UBCD4Win 2007-04-09 16:54 14 --a------ C:\DOKUME~1\Hanke\getfile.dat 2007-04-09 15:23 <DIR> d-------- C:\Temp\tn3 2007-04-09 15:16 <DIR> d-------- C:\Programme\ClearProg 2007-04-09 13:49 14 --a------ C:\WINDOWS\system32\getfile.dat 2007-04-08 21:30 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys 2007-04-08 21:30 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2007-04-08 21:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software 2007-04-08 20:10 287 --a------ C:\startmwav.bat 2007-04-08 19:47 130,048 --a------ C:\avenger.exe 2007-04-08 17:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-08 17:45 <DIR> d-------- C:\Programme\The Cleaner 2007-04-08 14:57 <DIR> d--h----- C:\WINDOWS\Icons 2007-04-08 14:24 2,472 --a------ C:\clean.bat 2007-04-08 14:21 <DIR> d-------- C:\Programme\ETRemover 2007-04-08 13:32 <DIR> d-------- C:\Programme\L2MRemover 2007-04-08 12:03 14,776,424 --a------ C:\mwav.exe 2007-04-07 22:33 72,320 --a------ C:\WINDOWS\system32\drivers\core.sys 2007-04-07 22:11 <DIR> d-------- C:\Programme\Ultra Video Splitter 2007-04-06 23:11 <DIR> d-------- C:\Programme\Pcsx2 2007-04-06 22:07 <DIR> d-------- C:\Programme\SuperFlexible 2007-04-06 21:50 <DIR> d-------- C:\Programme\Driver-Soft 2007-04-06 21:39 <DIR> d-------- C:\Programme\F„lscherwerkstatt2 2007-04-06 20:18 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-04-06 20:13 2,322,432 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-04-06 20:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2006 2007-04-06 20:03 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\TuneUp Software 2007-04-06 20:02 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software 2007-04-06 19:27 <DIR> d-------- C:\wifitemp 2007-04-06 19:27 <DIR> d-------- C:\Programme\WiFi Hopper 2007-04-06 17:58 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\WinRAR (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-11 20:57 -------- d-------- C:\Programme\isobuster 2007-04-10 21:51 -------- d-------- C:\Programme\curerom 2007-04-09 23:05 -------- d-------- C:\Programme\Gemeinsame Dateien\symantec shared 2007-04-09 23:02 -------- d-------- C:\Programme\symantec 2007-04-09 17:23 76624 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-09 17:23 419580 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-09 17:07 -------- d--h----- C:\Programme\installshield installation information 2007-04-08 18:02 0 --a------ C:\CONFIG.SYS 2007-04-08 18:02 0 --------- C:\AUTOEXEC.BAT 2007-04-07 23:19 -------- d-------- C:\Programme\enditall 2007-04-07 20:10 -------- d-------- C:\Programme\emule 2007-04-06 22:02 -------- d-------- C:\Programme\yahoo! 2007-04-06 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard 2007-04-06 17:16 -------- d-------- C:\Programme\tvgenial (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\"" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" "ccleaner"="\"C:\\Programme\\CCleaner\\ccleaner.exe\" /AUTO" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AHQInit"="C:\\Programme\\Creative\\SBLive\\Program\\AHQInit.exe" "Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE" "Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" "Norman ZANDA"="C:\\VIRUSfighter\\Bin\\ZLH.EXE /LOAD /SPLASH" "Anti Trojan Elite"="C:\\Programme\\Anti Trojan Elite\\TJEnder.exe :NO" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active] "Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "GrooveMonitor"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\"" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KHALMNPR" "hkey"="HKLM" "command"="KHALMNPR.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Updreg" "hkey"="HKLM" "command"="C:\\WINDOWS\\Updreg.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"=dword:00000000 "NoDispCPL"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 "NoSetTaskbar"=dword:00000000 "NoSaveSettings"=dword:00000000 "LWA"=dword:00000000 "LWB"=dword:00000000 "LWC"=dword:00000000 "LWD"=dword:00000000 "LWE"=dword:00000000 "LWF"=dword:00000000 "LWG"=dword:00000000 "LWH"=dword:00000000 "LWI"=dword:00000000 "LWJ"=dword:00000000 "LWK"=dword:00000000 "LWL"=dword:00000000 "LWM"=dword:00000000 "LWN"=dword:00000000 "LWO"=dword:00000000 "LWP"=dword:00000000 "LWQ"=dword:00000000 "LWR"=dword:00000000 "LWS"=dword:00000000 "LWT"=dword:00000000 "LWU"=dword:00000000 "LWV"=dword:00000000 "LWW"=dword:00000000 "LWX"=dword:00000000 "LWY"=dword:00000000 "LWZ"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\{3242CA89-4672-4A7E-BECB-FFA9FDE3255C}_DELL_Hanke.job C:\WINDOWS\tasks\{C6C24FA5-3561-4C14-9AA4-D7B381E2996D}_DELL_Hanke.job C:\WINDOWS\tasks\{D8A061BE-740D-4418-B9B3-B734B6A0B9C2}_DELL_Hanke.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-12 19:26:57 C:\ComboFix-quarantined-files.txt ... 07-04-12 19:26 C:\ComboFix2.txt ... 07-04-09 14:54 C:\ComboFix3.txt ... 07-04-08 19:31 ******************************************************* Danke für Deine Bemühungen Gruß Jürgen Dieser Beitrag wurde am 12.04.2007 um 19:41 Uhr von Juergen1511 editiert.
|
|
|
||
12.04.2007, 19:52
Ehrenmitglied
Beiträge: 29434 |
#4
Zitat Beim starten des Explorers ging dann schon wieder das Fenster mit dem Broadcaster auferklaere mir das bitte genauer - ich verstehe nicht, was du meinst __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.04.2007, 20:11
...neu hier
Themenstarter Beiträge: 6 |
#5
Ich habe den Explorer gestartet um den Bitdefender online zu starten. Und immer wenn ich den Explorer oder Firefox öffne, öffnet sich kurz darauf ein weiteres Fenster mit der Site Broadcaster.com und später dann auch Winantivirus oder Drivecleaner oder andere Werbebanner
Noch ein paar URL´s die sich öffnen: b.casalemedia.com searchportal.information.com pcsecurityshield.com adversing.cpxinteractive.com Dieser Beitrag wurde am 12.04.2007 um 20:28 Uhr von Juergen1511 editiert.
|
|
|
||
12.04.2007, 22:31
Ehrenmitglied
Beiträge: 29434 |
#6
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint
Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.04.2007, 07:06
...neu hier
Themenstarter Beiträge: 6 |
#7
Guten Morgen Sabina,
hier die Listings... Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Desktop 12.04.2007 21:23 <DIR> . 12.04.2007 21:23 <DIR> .. 12.04.2007 21:23 608 NOD32 Scanner.lnk 1 Datei(en) 608 Bytes 2 Verzeichnis(se), 82.981.531.648 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Desktop 13.04.2007 07:01 <DIR> . 13.04.2007 07:01 <DIR> .. 09.04.2007 21:10 445 (D) an Maxi.lnk 09.04.2007 19:47 58.880 Antisasser-EN.exe 08.04.2007 15:05 104 Arbeitsplatz.lnk 25.02.2006 23:28 130.048 avenger.exe 10.04.2007 17:45 <DIR> clean 09.04.2007 18:49 673 cleaner.exe.lnk 09.04.2007 15:16 671 ClearProg.lnk 08.04.2007 15:02 281 DATEN1 (F).lnk 08.04.2007 15:02 281 DATEN2 (G).lnk 04.04.2007 18:05 <DIR> Diverse Dokumente 31.03.2007 18:45 <DIR> Diverse Programme 07.04.2007 16:53 <DIR> Diverse Websites 08.04.2007 15:08 578 Eigene Bilder.lnk 10.04.2007 21:00 303 Eigene Dokumente.lnk 08.04.2007 15:07 520 Eigene Musik (F).lnk 08.04.2007 15:07 365 Eigene Musik (G).lnk 12.04.2007 20:28 103 Isass.exe.txt 08.04.2007 15:09 208 Kfz.lnk 31.03.2007 21:58 <DIR> Kopierprogramme 13.04.2007 07:01 1.133 listen.bat 10.03.2007 20:26 <DIR> Medienprogramme 08.04.2007 15:08 619 My Completed Downloads.lnk 12.04.2007 19:22 <DIR> neue Downloads 09.04.2007 22:48 <DIR> NoNav 11.04.2007 21:35 66 Online Virenscanner.URL 12.04.2007 20:19 61 Popups von DriveCleaner.URL 09.04.2007 15:29 95 Protecus.URL 14.04.2004 13:28 <DIR> SAVCORP_90 31.03.2007 18:47 <DIR> Sonstiges 11.03.2007 22:10 <DIR> Spiele 08.04.2007 16:17 <DIR> Systemprogramme 08.04.2007 15:03 124 Systemsteuerung.lnk 08.04.2007 15:09 692 Torrents.lnk 09.04.2007 19:33 610 UnHookExec.inf 12.04.2007 21:06 217.692 Upgrade Advisor-Taskliste.mht 12.04.2007 22:08 <DIR> Virus 08.04.07 12.04.2007 20:57 1.961 Windows Vista Upgrade Advisor.lnk 09.04.2007 19:50 2.715.928 WindowsXP-KB835732-x86-DEU.EXE 12.04.2007 21:43 <DIR> WinPFind 08.04.2007 15:02 298 WinXP (C).lnk 08.04.2007 15:09 581 Word Dokumente.lnk 27 Datei(en) 3.133.320 Bytes 16 Verzeichnis(se), 82.981.527.552 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Windows\System32\Com 21.10.2005 03:02 <DIR> . 21.10.2005 03:02 <DIR> .. 26.07.2005 06:39 195.072 comadmin.dll 18.08.2001 14:00 61.440 comempty.dat 18.08.2001 14:00 77.348 comexp.msc 04.08.2004 01:57 9.728 comrepl.exe 18.08.2001 14:00 5.120 comrereg.exe 18.08.2001 14:00 19.456 mtsadmin.tlb 6 Datei(en) 368.164 Bytes 2 Verzeichnis(se), 82.981.527.552 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Windows\system32\config 11.04.2007 21:19 <DIR> . 11.04.2007 21:19 <DIR> .. 05.04.2007 21:04 524.288 ACEEvent.evt 11.04.2007 20:44 65.536 Antiviru.evt 11.04.2007 21:29 65.536 Antivirus.Evt 12.04.2007 22:19 524.288 AppEvent.Evt 12.04.2007 22:19 524.288 default 22.01.2005 17:26 94.208 default.sav 01.06.2006 12:27 65.536 Internet.evt 08.04.2007 14:49 65.536 ODiag.evt 12.04.2007 22:19 131.072 OSession.evt 14.11.2006 08:07 <DIR> RCCBakup 12.04.2007 22:19 262.144 SAM 22.01.2005 16:27 65.536 SecEvent.Evt 12.04.2007 22:19 262.144 SECURITY 12.04.2007 22:19 45.350.912 software 22.01.2005 17:26 634.880 software.sav 12.04.2007 22:19 524.288 SysEvent.Evt 12.04.2007 22:20 6.553.600 system 22.01.2005 17:26 397.312 system.sav 10.04.2007 18:10 <DIR> systemprofile 22.01.2005 17:26 262.144 userdiff 18 Datei(en) 56.373.248 Bytes 4 Verzeichnis(se), 82.981.523.456 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\system32 Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\Downloaded Program Files 07.12.2004 16:07 32 bdcore.dll 01.03.2005 14:08 118.784 bdupd.dll 11.07.2006 09:41 345.656 ewidoOnlineScan.dll 01.03.2005 14:08 53.248 ipsupd.dll 08.08.2006 11:45 576 kavwebscan.inf 09.03.2005 15:42 6.742 lang.ini 11.12.2006 17:44 367 LegitCheckControl.inf 07.12.2004 16:07 32 libfn.dll 18.02.2005 16:22 126 live.ini 20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd 01.06.2006 02:57 1.331 oscan8.inf 01.06.2006 02:54 471.040 oscan8.ocx 31.05.2006 04:15 10 oscan81.ocx_x 09.03.2005 15:43 6.828 scanoptions.tsi 14 Datei(en) 1.005.934 Bytes 0 Verzeichnis(se), 82.981.523.456 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Programme\Common Files 25.03.2007 09:34 <DIR> . 25.03.2007 09:34 <DIR> .. 11.04.2005 17:22 <DIR> Microsoft Shared 25.03.2007 09:34 <DIR> Motorola Shared 0 Datei(en) 0 Bytes 4 Verzeichnis(se), 82.981.523.456 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\Hanke 12.04.2007 22:07 <DIR> . 12.04.2007 22:07 <DIR> .. 01.11.2005 12:54 35 .antileechdir 17.02.2007 21:20 3.863 .jmf-resource 11.04.2007 12:29 0 00B735D8_kds.xml 23.10.2006 20:41 7.195 1161629371-oem0.inf 23.10.2006 20:42 14.310 1161629371-oem0.PNF 23.10.2006 20:41 5.877 1161629371-oem1.inf 23.10.2006 20:42 12.836 1161629371-oem1.PNF 23.10.2006 20:41 5.891 1161629371-oem2.inf 23.10.2006 20:42 12.562 1161629371-oem2.PNF 23.10.2006 20:49 7.195 1161630562-oem0.inf 23.10.2006 20:49 14.310 1161630562-oem0.PNF 23.10.2006 20:49 5.877 1161630563-oem1.inf 23.10.2006 20:49 12.836 1161630563-oem1.PNF 23.10.2006 20:49 5.891 1161630564-oem2.inf 23.10.2006 20:49 12.562 1161630564-oem2.PNF 23.10.2006 21:09 7.195 1161632373-oem0.inf 23.10.2006 21:09 14.310 1161632373-oem0.PNF 23.10.2006 21:09 5.877 1161632373-oem1.inf 23.10.2006 21:09 12.836 1161632373-oem1.PNF 23.10.2006 21:09 5.891 1161632374-oem2.inf 23.10.2006 21:09 12.562 1161632374-oem2.PNF 08.04.2007 12:18 <DIR> Anwendungsdaten 12.02.2005 18:27 <DIR> Application Data 06.04.2007 15:52 189 default.pls 13.04.2007 07:01 <DIR> Desktop 09.11.2006 20:30 3 dxva_sig.txt 25.10.2005 20:44 <DIR> Eigene Dateien 21.04.2006 18:37 <DIR> Favoriten 11.04.2007 18:31 14 getfile.dat 20.10.2006 13:37 <DIR> harmony 01.11.2005 19:23 10.311 jap.conf 22.10.2002 06:57 1.334 License.lic 20.10.2006 13:52 <DIR> Logitech 25.03.2005 14:46 100 LuResult.txt 23.10.2006 21:39 97.829 Motorola_Driver_Log.txt 07.01.2006 13:22 <DIR> out 06.04.2007 17:56 <DIR> Startmen 23.10.2006 21:39 7.195 USBMOT2000.INF 23.10.2006 21:39 5.891 USBMOT2000XP.INF 23.10.2006 21:39 22.768 usbsermpt.sys 23.10.2006 21:39 24.192 usbsermptxp.sys 23.10.2006 21:39 5.877 USB_CMCS_2000.INF 25.01.2005 22:40 <DIR> WINDOWS 11.04.2007 18:31 3.137 x_dtrace_log 34 Datei(en) 358.751 Bytes 12 Verzeichnis(se), 82.981.519.360 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\ Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Lokale Einstellungen\Temporary Internet Files\Content.IE5 13.04.2007 06:58 114.688 index.dat 1 Datei(en) 114.688 Bytes 0 Verzeichnis(se), 82.981.519.360 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Lokale Einstellungen\Temp 13.04.2007 06:57 <DIR> . 13.04.2007 06:57 <DIR> .. 13.04.2007 05:52 <DIR> ewido_quarantine 12.04.2007 22:35 <DIR> ewido_signatures 13.04.2007 06:57 <DIR> KAV Updater update files 12.04.2007 22:07 49.152 ~DF24B.tmp 1 Datei(en) 49.152 Bytes 5 Verzeichnis(se), 82.981.519.360 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\WINDOWS\Temp 12.04.2007 22:40 <DIR> . 12.04.2007 22:40 <DIR> .. 12.04.2007 22:40 796 MpCmdRun.log 12.04.2007 22:20 255 WGAErrLog.txt 12.04.2007 22:21 409 WGANotify.settings 3 Datei(en) 1.460 Bytes 2 Verzeichnis(se), 82.981.519.360 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Temp 12.04.2007 22:07 <DIR> . 12.04.2007 22:07 <DIR> .. 12.04.2007 22:07 <DIR> tn3 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 82.981.519.360 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Programme 12.04.2007 20:57 <DIR> . 12.04.2007 20:57 <DIR> .. 29.01.2005 21:58 <DIR> ACD Systems 26.09.2005 20:02 <DIR> ACE Mega CoDecS Pack 01.05.2006 12:37 <DIR> Adobe 29.09.2005 20:02 <DIR> Ahead 26.04.2005 19:14 <DIR> Alcohol Soft 11.04.2007 20:43 <DIR> Alwil Software 08.09.2005 20:51 <DIR> AM-DeadLink 09.04.2007 22:29 <DIR> Anti Trojan Elite 12.04.2005 16:57 <DIR> Arcor 01.04.2007 16:09 <DIR> Arcor Fotoservice 05.02.2007 22:16 <DIR> ATI Technologies 17.03.2007 13:21 <DIR> Auction Sentry Deluxe 19.03.2006 22:13 <DIR> Audio 180 % 07.08.2006 18:09 <DIR> AvantGo Connect 26.09.2006 17:53 <DIR> Avisynth 31.03.2007 22:21 <DIR> AviSynth 2.5 03.09.2006 19:55 <DIR> BayWatcher Pro 26.07.2005 17:31 <DIR> Blaze Media Pro 18.02.2006 18:31 <DIR> Borland 02.07.2006 12:09 <DIR> Canon 02.10.2006 20:36 <DIR> CCleaner 22.01.2005 19:40 <DIR> CDRWIN3 08.04.2007 15:36 <DIR> CleanUp! 09.04.2007 15:16 <DIR> ClearProg 19.02.2006 16:12 <DIR> CloneDVD 04.10.2005 18:51 <DIR> Common 25.03.2007 09:34 <DIR> Common Files 09.08.2005 20:23 <DIR> CompChecker 18.08.2005 20:08 <DIR> coolpro2 22.01.2005 20:00 <DIR> Copernic 2001 Pro 18.08.2006 16:50 <DIR> Corel 01.05.2006 12:37 <DIR> Creative 10.04.2007 21:51 <DIR> CureROM 08.03.2007 19:08 <DIR> D-Tools 08.03.2007 18:22 <DIR> DAEMON Tools 10.03.2007 14:21 <DIR> DAP 06.08.2006 23:50 <DIR> DaViDeo2006Fotos 14.04.2006 11:01 <DIR> Dbox2 Bootmanager 06.06.2006 10:06 <DIR> DivX 06.04.2007 21:50 <DIR> Driver-Soft 19.02.2006 13:25 <DIR> DVD Decrypter 10.03.2007 20:14 <DIR> DVD Shrink 08.08.2006 21:11 <DIR> DVDFab Platinum 25.06.2006 16:56 <DIR> EdenCity 07.04.2007 23:19 <DIR> EndItAll 31.03.2007 23:12 <DIR> eRightSoft 12.04.2007 22:02 <DIR> ESET 08.04.2007 14:21 <DIR> ETRemover 17.12.2005 00:24 <DIR> ewido 15.11.2006 19:57 <DIR> FileSync 20.03.2007 21:50 <DIR> FireTrust 09.12.2006 14:39 <DIR> FLVPlayer 18.03.2007 20:50 <DIR> fp.leecher 06.04.2007 21:39 <DIR> F„lscherwerkstatt2 09.03.2007 22:23 <DIR> Gamesload Spiele 09.04.2007 13:41 <DIR> Gemeinsame Dateien 26.09.2005 19:23 <DIR> Google 25.10.2005 16:44 <DIR> Hewlett-Packard 10.03.2007 14:21 <DIR> Hide IP Platinum 13.04.2006 16:58 <DIR> IBM 20.09.2006 21:38 <DIR> ICQLite 08.08.2006 17:36 <DIR> ImTOO 18.02.2007 12:18 <DIR> Internet Explorer 11.04.2007 20:57 <DIR> IsoBuster 04.03.2007 12:47 <DIR> Java 02.10.2006 10:55 <DIR> Just Sudoku PE 18.03.2007 20:13 <DIR> Kisi 08.04.2007 13:32 <DIR> L2MRemover 03.10.2006 09:14 <DIR> Lavasoft 27.06.2006 21:39 <DIR> LcdStudio 13.08.2005 00:58 <DIR> Leadtek 01.02.2006 23:29 <DIR> LeechFTP 23.10.2006 20:46 <DIR> Logitech 29.01.2005 22:43 <DIR> Macromedia 10.03.2007 14:21 <DIR> MagicISO 09.08.2006 20:14 <DIR> MC2 26.09.2005 19:33 <DIR> MEDION 12.02.2005 08:48 <DIR> Messenger 09.03.2007 22:30 <DIR> Microsoft ActiveSync 10.05.2006 21:33 <DIR> Microsoft AntiSpyware 08.07.2006 12:23 <DIR> Microsoft AutoRoute 22.01.2005 16:38 <DIR> microsoft frontpage 22.01.2005 17:55 <DIR> Microsoft IntelliPoint 4.1 15.12.2006 21:48 <DIR> Microsoft Office 12.01.2007 20:53 <DIR> Microsoft Office2003 04.10.2005 17:31 <DIR> Microsoft Visual Studio 15.12.2006 21:37 <DIR> Microsoft Visual Studio 8 12.04.2007 20:57 <DIR> Microsoft Windows Vista Upgrade Advisor 03.03.2007 13:12 <DIR> Microsoft Works 22.01.2005 22:05 <DIR> Microsoft.NET 25.05.2006 12:51 <DIR> MorePics 25.03.2007 09:34 <DIR> Motorola 22.01.2005 17:24 <DIR> Movie Maker 12.04.2007 21:31 <DIR> Mozilla Firefox 03.03.2007 13:11 <DIR> MSBuild 22.01.2005 16:34 <DIR> MSN Gaming Zone 16.11.2006 07:57 <DIR> MSXML 4.0 10.03.2007 14:21 <DIR> Music_Manager 29.09.2005 19:14 <DIR> Nero 08.04.2007 09:25 <DIR> NetMeeting 12.12.2006 17:42 <DIR> OnlineControl 11.03.2007 16:19 <DIR> OO Software 16.12.2006 12:05 <DIR> Outlook Express 09.11.2006 18:11 <DIR> outlookDuplicates 09.04.2007 18:39 <DIR> Pcsx2 10.02.2007 23:56 <DIR> PowerISO 30.01.2005 13:47 <DIR> PowerQuest 10.12.2005 14:29 <DIR> QuickTime 26.07.2005 20:21 <DIR> Radeon Omega Drivers 19.02.2005 16:39 <DIR> Real 24.09.2006 21:31 <DIR> ReClock 10.03.2007 15:59 <DIR> RegCleaner 10.03.2007 18:03 <DIR> RipIt4Me 30.04.2006 22:20 <DIR> ScanSoft 05.01.2007 21:23 <DIR> SDP Multimedia 06.03.2007 19:49 <DIR> SFT Loader 01.03.2007 21:06 <DIR> Siber Systems 21.08.2006 20:58 <DIR> Sierra 31.03.2007 21:45 <DIR> SlySoft 08.04.2007 10:18 <DIR> Spybot - Search & Destroy 19.11.2006 21:07 <DIR> Stardock 12.09.2006 18:08 <DIR> Sunbelt Software 06.04.2007 22:07 <DIR> SuperFlexible 02.07.2006 12:48 <DIR> Support Tools 09.04.2007 23:02 <DIR> Symantec 07.04.2006 21:11 <DIR> TechSmith 02.07.2006 12:16 <DIR> Telekom 22.01.2005 23:29 <DIR> TGTSoft 12.04.2007 22:06 <DIR> The Cleaner 02.10.2005 19:45 <DIR> TMPGEnc Plus-2.610.49.157 31.03.2007 17:49 <DIR> TomTom Media Center 26.09.2006 17:53 <DIR> Tsunami-Filter-Pack 06.04.2007 20:18 <DIR> TuneUp Utilities 2006 06.04.2007 17:16 <DIR> TVgenial 24.09.2006 15:58 <DIR> Tweak-XP Pro 31.10.2006 18:24 <DIR> Tweak-XP Pro 4 07.04.2007 22:13 <DIR> Ultra Video Splitter 26.09.2005 19:35 <DIR> UnrealTournament 12.11.2006 11:47 <DIR> UselessCreations 26.03.2005 21:34 <DIR> VAG-COM 27.03.2005 18:57 <DIR> VideoLAN 26.09.2006 17:53 <DIR> VirtualDub 07.06.2005 18:50 <DIR> VirtualDub-1.5.4-P4 23.02.2006 17:29 <DIR> vso 24.01.2007 23:31 <DIR> Weight Watchers 06.04.2007 21:37 <DIR> WiFi Hopper 27.06.2006 21:32 <DIR> Winamp 07.12.2006 19:06 <DIR> Windows Defender 15.12.2006 22:33 <DIR> Windows Desktop Search 11.01.2007 21:05 <DIR> Windows Media Connect 2 11.01.2007 21:05 <DIR> windows media player 22.01.2005 17:22 <DIR> Windows NT 07.04.2007 00:02 <DIR> WinRAR 02.01.2007 18:49 <DIR> ws_ftp 22.01.2005 16:38 <DIR> xerox 03.10.2006 10:01 <DIR> XPcleanV7 06.04.2007 22:02 <DIR> Yahoo! 0 Datei(en) 0 Bytes 162 Verzeichnis(se), 82.981.507.072 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Lokale Einstellungen\Anwendungsdaten 29.01.2005 22:39 <DIR> ACDPhotoEditor 29.01.2005 22:00 <DIR> ACDSee 29.01.2005 22:37 <DIR> Adobe 11.01.2007 20:33 <DIR> Ahead 20.09.2006 21:49 <DIR> AOL 06.01.2006 18:28 <DIR> Apple Computer 05.04.2007 19:21 <DIR> ApplicationHistory 13.12.2005 16:53 <DIR> ATI 06.04.2007 21:42 248.320 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 22.01.2005 21:46 138 fusioncache.dat 10.03.2007 14:40 87.288 GDIPFONTCACHEV1.DAT 29.01.2005 21:53 <DIR> Google 23.01.2005 12:03 <DIR> Help 22.01.2005 23:02 <DIR> Identities 27.06.2006 20:16 <DIR> Logitech 06.04.2007 20:09 <DIR> Microsoft 15.12.2006 21:35 <DIR> Microsoft Help 12.04.2007 20:52 <DIR> MigWiz 24.09.2006 17:20 <DIR> Mozilla 12.01.2007 20:47 <DIR> PCHealth 06.04.2007 19:54 <DIR> Stardock 12.09.2006 18:13 <DIR> Sunbelt Software 22.01.2005 21:58 <DIR> Symantec 30.04.2005 18:29 <DIR> Ubisoft 07.06.2005 18:37 <DIR> WMTools Downloaded Files 06.04.2007 22:02 <DIR> Yahoo 3 Datei(en) 335.746 Bytes 23 Verzeichnis(se), 82.981.511.168 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\Hanke\Anwendungsdaten 08.04.2007 12:18 <DIR> . 08.04.2007 12:18 <DIR> .. 13.04.2006 22:15 2.528 $_hpcst$.hpc 08.04.2006 20:50 <DIR> .CannaPower 20.09.2006 21:50 <DIR> acccore 29.01.2005 22:00 <DIR> ACD Systems 12.02.2006 14:29 <DIR> Adobe 26.01.2007 09:19 <DIR> AdobeUM 27.01.2007 12:26 <DIR> Ahead 08.09.2005 21:14 <DIR> aignes 10.12.2005 14:36 <DIR> Apple Computer 03.02.2007 16:24 <DIR> ArcSoft 13.12.2005 16:53 <DIR> ATI 26.07.2005 20:34 <DIR> atitray 11.04.2007 20:44 <DIR> Azureus 03.09.2006 19:58 <DIR> BayWatcher Pro 22.01.2005 21:05 <DIR> CDZilla 18.08.2006 16:40 <DIR> Corel 04.11.2006 18:45 <DIR> DVD Shrink 06.09.2006 21:23 <DIR> Elaborate Bytes 04.11.2006 18:13 120 FixVTS.ini 18.08.2005 07:49 <DIR> Google 23.01.2005 12:03 <DIR> Help 25.10.2005 16:51 <DIR> Hewlett-Packard 20.09.2006 20:35 <DIR> ICQLite 22.01.2005 16:43 <DIR> Identities 30.01.2005 16:15 <DIR> IsolatedStorage 25.05.2006 16:39 <DIR> KFZ-Fahrtenbuch 2 02.07.2006 12:29 <DIR> KFZ-Fahrtenbuch 2 Backup 03.10.2006 09:14 <DIR> Lavasoft 27.06.2006 20:59 <DIR> Logitech 29.01.2005 22:53 <DIR> Macromedia 08.10.2005 11:01 <DIR> MAGIX 06.04.2007 07:56 <DIR> MailWasherPro 24.09.2006 17:20 <DIR> Mozilla 27.01.2007 12:10 <DIR> Nero 25.10.2005 16:43 <DIR> Ordner HP Share-to-Web 21.04.2006 20:23 <DIR> RapidGet 16.10.2005 11:05 <DIR> Real 13.11.2006 18:34 <DIR> Registry Booster 10.03.2007 19:02 <DIR> RipIt4Me 30.04.2006 22:24 <DIR> ScanSoft 26.11.2006 18:11 <DIR> SlySoft 19.11.2006 22:12 <DIR> Sprite PC Agent 19.11.2006 22:12 <DIR> Sprite Setup Wizard 04.03.2007 20:03 <DIR> Sprite Software 31.01.2005 20:46 <DIR> Sun 29.01.2005 22:27 <DIR> Symantec 06.04.2007 20:03 <DIR> TuneUp Software 19.08.2006 22:43 <DIR> VSO_HWE 02.03.2006 21:30 <DIR> WholeSecurity 06.04.2007 17:58 <DIR> WinRAR 21.04.2006 17:14 <DIR> WNR 2 Datei(en) 2.648 Bytes 51 Verzeichnis(se), 82.981.507.072 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 29.01.2005 21:58 <DIR> ACD Systems 24.01.2007 19:03 <DIR> Adobe 29.01.2005 22:12 <DIR> Adobe Systems 20.09.2006 21:49 <DIR> AOL 10.12.2005 14:26 <DIR> Apple Computer 23.01.2005 10:44 <DIR> Corel 19.02.2006 16:38 <DIR> DVD Shrink 31.03.2006 18:13 <DIR> element5 30.04.2006 22:25 <DIR> InstallShield 08.10.2006 19:20 <DIR> Logitech 04.10.2005 18:51 <DIR> MAGIX 12.04.2007 20:58 <DIR> Microsoft Corporation 10.04.2007 20:16 <DIR> Microsoft Help 10.03.2007 01:15 <DIR> Nero 02.07.2005 13:30 <DIR> NFS Underground 12.11.2006 21:02 <DIR> Office Genuine Advantage 30.01.2005 13:49 <DIR> PowerQuest 13.03.2007 18:06 963 QTSBandwidthCache 23.01.2005 10:50 <DIR> QuickTime 03.03.2007 22:12 <DIR> RoboForm 30.04.2006 22:21 <DIR> ScanSoft 03.09.2006 15:56 <DIR> SecTaskMan 10.03.2007 16:47 <DIR> SlySoft 03.09.2006 18:40 <DIR> Spybot - Search & Destroy 29.01.2005 22:27 <DIR> Symantec 07.04.2006 21:12 <DIR> TechSmith 10.03.2007 14:56 <DIR> Test Drive Unlimited 04.03.2007 17:19 <DIR> TomTom 10.03.2007 21:22 <DIR> Trymedia 08.04.2007 15:00 <DIR> TuneUp Software 20.09.2006 21:49 <DIR> Viewpoint 22.01.2006 11:59 <DIR> Windows Genuine Advantage 20.09.2006 22:21 <DIR> Yahoo! 1 Datei(en) 963 Bytes 32 Verzeichnis(se), 82.981.502.976 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Programme\Gemeinsame Dateien 09.04.2007 13:41 <DIR> . 09.04.2007 13:41 <DIR> .. 29.01.2005 21:58 <DIR> ACD Systems 17.04.2006 16:57 <DIR> Adobe 29.01.2005 22:11 <DIR> Adobe Systems Shared 10.03.2007 01:49 <DIR> Ahead 09.03.2007 22:21 <DIR> AOL 20.09.2006 21:49 <DIR> aolshare 23.01.2005 10:41 <DIR> Corel 03.03.2007 13:09 <DIR> DESIGNER 22.01.2005 16:35 <DIR> Dienste 02.07.2005 13:30 <DIR> DirectX 03.10.2005 18:24 <DIR> envsoft 25.10.2005 16:42 <DIR> Hewlett-Packard 30.04.2005 17:57 <DIR> InstallShield 31.01.2005 20:42 <DIR> Java 27.06.2006 20:24 <DIR> Logitech 04.10.2005 18:47 <DIR> MAGIX Shared 03.03.2007 13:11 <DIR> Microsoft Shared 22.01.2005 16:35 <DIR> MSSoap 20.09.2006 21:49 <DIR> Nullsoft 12.01.2007 20:53 <DIR> ODBC 08.04.2007 21:30 <DIR> Panda Software 17.04.2006 16:57 <DIR> Real 30.04.2006 22:21 <DIR> Scansoft Shared 09.04.2007 13:42 <DIR> Softwin 22.01.2005 16:28 <DIR> SpeechEngines 30.10.2006 23:20 <DIR> Spielberg DMS 21.11.2006 21:02 <DIR> Stardock 09.04.2007 23:05 <DIR> Symantec Shared 16.12.2006 12:05 <DIR> System 06.04.2007 20:02 <DIR> Wise Installation Wizard 0 Datei(en) 0 Bytes 32 Verzeichnis(se), 82.981.502.976 Bytes frei Datentr„ger in Laufwerk C: ist WinXP Volumeseriennummer: 2C44-6A19 Verzeichnis von C:\Windows\tasks 06.04.2007 20:03 396 1-Klick-Wartung.job 1 Datei(en) 396 Bytes 0 Verzeichnis(se), 82.981.502.976 Bytes frei |
|
|
||
13.04.2007, 10:36
Ehrenmitglied
Beiträge: 29434 |
#8
Juergen1511
Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ________ was hat es damit auf sich ??? C:\Dokumente und Einstellungen\Hanke\Desktop\ 12.04.2007 20:28 103 Isass.exe.txt - hast du die exe umbenannt oder... ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.04.2007, 12:42
...neu hier
Themenstarter Beiträge: 6 |
#9
Hallo Sabina,
diese Datei ist nur eine Erklärung über den Sasser. Ich hatte die Lsass.exe mit der Isass.exe verwechselt. ist mir dann aber auch aufgefallen, das es nicht der Sasser ist. Ich habe diese Textdatei jetzt gelöscht. Verwirrt eh nur. Ich habe jetzt den Avenger ausgeführt und die Dateien, die Du angegeben hast gelöscht. Ist es eigentlich egal, ob ich im abgesicherten oder normalen Modus arbeite, wenn ich die Scans durchführe oder etwas lösche??? Ich arbeite jetzt nämlich lieber im abgesicherten Modus, weil sich dann nicht ständig diese Browserfenster öffnen. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lcodxece ******************* Script file located at: \??\C:\WINDOWS\system32\setnulvx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\Hanke\Desktop\Online Virenscanner.URL deleted successfully. File C:\Dokumente und Einstellungen\Hanke\Desktop\Popups von DriveCleaner.URL deleted successfully. File C:\Dokumente und Einstellungen\Hanke\Desktop\Protecus.URL deleted successfully. File C:\Dokumente und Einstellungen\Hanke\.antileechdir deleted successfully. Folder C:\Temp\tn3 deleted successfully. Completed script processing. ******************* Finished! Terminate. Gruß Jürgen |
|
|
||
13.04.2007, 13:20
Ehrenmitglied
Beiträge: 29434 |
#10
Nun wuerde mich interessieren, ob noch popups kommen
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.04.2007, 19:21
...neu hier
Themenstarter Beiträge: 6 |
#11
Hi Sabina,
ich hatte mich eigentlich schon fast damit abgefunden, den Rechner neu aufzusetzen, aber so wie es aussieht hast Du es geschafft! Ich probiere es jetzt schon ca. 15 min aus und es erscheint kein zusätzliches Browserfenster. Könntest Du mir jetzt nur noch kurz einen Tip geben, wer der Übeltäter war? Es kann doch dann eigentlich nur "tn3" oder ".antileechdir" gewesen sein, oder? Auf jeden Fall schon mal herzlichen Dank für die Hilfe!!! Gruß Jürgen PS: Falls sich die Popups doch noch mal zeigen sollten, werde ich mich wieder melden. |
|
|
||
15.04.2007, 15:27
Ehrenmitglied
Beiträge: 29434 |
#12
Schuld hatten die url
Popups von DriveCleaner.URL ..... fein, dass ich helfen konnte Gruss __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.05.2007, 10:06
Member
Beiträge: 17 |
#13
Hallo Sabrina,
ich habe auch dasselbe Problem mit Drive Cleaner 2006. Zusätzlich gehen bei mir seit einigen Tagen auch noch irgendwelche Pornoseiten als Pop Ups auf, obwohl ich noch nie welche besucht habe...*kopfkratz* Könntest Du mir auch helfen? Bin aber leider auch nicht gerade ein PC-Crack ;-) ... Liebe Grüsse Heike Hier mein Logfile: Logfile of HijackThis v1.99.1 Scan saved at 09:53:42, on 20.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOINTGR.EXE C:\Programme\PC Tools Firewall Plus\PCTFW.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe C:\Programme\Logitech\QuickCam10\QuickCam10.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\FRITZ!\IWatch.exe C:\Programme\UltimateZip 2.7\uzqkst.exe C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Windows Live Toolbar\msn_sl.exe C:\Dokumente und Einstellungen\Martin Ströbele\Eigene Dateien\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3b117fbc-0420-44af-8e14-af70dc3e69a9} - C:\WINDOWS\system32\blacori.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp4.tmp.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [wlconfig] C:\Programme\WLAN Monitor\wlconfig.exe -autostart O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe O4 - HKLM\..\Run: [PCTools FW] C:\Programme\PC Tools Firewall Plus\PCTFW.exe /s O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\tuvust.dll",realset O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:deu O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?5e737ea4fefa47e8b9cdddf6e6bbd6d2 O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?5e737ea4fefa47e8b9cdddf6e6bbd6d2 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{723AB3B7-E5DB-4867-950A-9BD614A545EA}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol: bw+0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: blacori - C:\WINDOWS\SYSTEM32\blacori.dll O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programme\Sygate\SPF\Smc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe |
|
|
||
20.05.2007, 10:13
Member
Beiträge: 3716 |
#14
hi, benenne die hijackthis.exe in hjt.com um, dies ist nötig, da sich schon malware vor der .exe verstecken kann! bitte achte darauf, dass die endung .exe weck ist scanne und poste dann erneut ein log!
lad combofix führe es nach anleitung aus: http://virus-protect.org/artikel/tools/combofix.html lad filelist.zip, entpacke auf dem desktop, klicke filelist.bat dann wird sich dein editor öffnen kopiere von jedem verzeichniss die jeweils letzten 2 monate! http://members.linzag.net/680262/filelist.zip |
|
|
||
20.05.2007, 10:39
Member
Beiträge: 17 |
#15
Hallo Virenfinder,
hier noch mal das geänderte Log. Wenn der Clean up abgeschlossen ist (war wohl nötig ;-) ), versuch ich mich am Rest. Danke für die schnelle Antwort. Logfile of HijackThis v1.99.1 Scan saved at 10:38:06, on 20.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOINTGR.EXE C:\Programme\PC Tools Firewall Plus\PCTFW.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe C:\Programme\Logitech\QuickCam10\QuickCam10.exe C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\FRITZ!\IWatch.exe C:\Programme\UltimateZip 2.7\uzqkst.exe C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\CleanUp!\cleanup.exe C:\Dokumente und Einstellungen\Martin Ströbele\Eigene Dateien\hjt.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3b117fbc-0420-44af-8e14-af70dc3e69a9} - C:\WINDOWS\system32\blacori.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A24B57F8-505D-4fc5-9960-740E304D1ABA} - C:\WINDOWS\system32\tmp4.tmp.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [wlconfig] C:\Programme\WLAN Monitor\wlconfig.exe -autostart O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe O4 - HKLM\..\Run: [PCTools FW] C:\Programme\PC Tools Firewall Plus\PCTFW.exe /s O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\urpnnl.dll",realset O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LogitechSetup] G:\Setup\Setup.exe /start /restart /l:deu O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?5e737ea4fefa47e8b9cdddf6e6bbd6d2 O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?5e737ea4fefa47e8b9cdddf6e6bbd6d2 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{723AB3B7-E5DB-4867-950A-9BD614A545EA}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol: bw+0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: haufereader - (no CLSID) - (no file) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {120B1031-93A0-4582-A37A-6E5A6F4BC0C5} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: blacori - C:\WINDOWS\SYSTEM32\blacori.dll O23 - Service: AccSys WiFi Server (AccWLSvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\AccWLSvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Programme\Sygate\SPF\Smc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe Hier das Combofix-File: "C:\WINDOWS\system32\tmp1.tmp.dll" "C:\WINDOWS\system32\tmp4.tmp.dll" "C:\WINDOWS\system32\vbuzip10.dll" "C:\install.log" "C:\WINDOWS\system32\lsasss.exe" C:\WINDOWS\system32\esentprf.ini C:\WINDOWS\system32\PerfStringBackup.INI und hier die File-Lists der letzten 2 Monate: ----- Root ----------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\ 2007-05-20 12:40 43 filelist.txt 2007-05-20 11:44 64 ComboFix.txt.bat 2007-05-20 08:20 510 s25g 2007-05-20 08:19 536,399,872 hiberfil.sys 2007-05-20 08:19 805,306,368 pagefile.sys 2007-05-19 20:12 510 s3s8 2007-05-19 13:28 510 s3qs 2007-05-18 21:28 510 s1bc 2007-05-18 14:04 510 s2jo 2007-05-18 07:20 510 s3sk 2007-05-17 21:49 268 sqmdata03.sqm 2007-05-17 21:49 244 sqmnoopt02.sqm 2007-05-17 17:48 510 s3u4 2007-05-16 20:29 510 s180 2007-05-16 13:35 510 s3r4 2007-05-15 15:30 510 s3s0 2007-05-14 18:30 510 s21c 2007-05-13 21:00 510 s2f4 2007-05-13 11:07 510 s260 2007-05-12 23:36 510 s38g 2007-05-12 13:45 510 s3sg 2007-05-12 12:41 510 s3so 2007-05-12 09:52 510 svg 2007-05-11 21:08 510 sf0 2007-05-11 18:05 268 sqmdata01.sqm 2007-05-11 18:05 136 sqmnoopt01.sqm 2007-05-11 18:05 148 sqmdata02.sqm 2007-05-11 14:21 510 s3to 2007-05-10 13:41 510 sv4 2007-05-09 17:56 510 s3rc 2007-05-09 14:14 510 s2mc 2007-05-08 20:15 510 s2s0 2007-05-08 13:00 510 s14k 2007-05-07 22:00 510 s40 2007-05-07 19:51 268 sqmdata00.sqm 2007-05-07 19:51 244 sqmnoopt00.sqm 2007-04-28 17:15 232 sqmdata19.sqm 2007-04-28 17:15 244 sqmnoopt19.sqm 2007-04-04 18:13 232 sqmdata18.sqm 2007-04-04 18:13 244 sqmnoopt18.sqm 2007-04-04 17:19 232 sqmdata17.sqm 2007-04-04 17:19 244 sqmnoopt17.sqm 2007-04-04 13:42 232 sqmdata16.sqm 2007-04-04 13:42 244 sqmnoopt16.sqm 2007-04-03 19:57 232 sqmdata15.sqm 2007-04-03 19:57 244 sqmnoopt15.sqm 2007-04-02 19:45 232 sqmdata14.sqm 2007-04-02 19:45 244 sqmnoopt14.sqm 2007-04-02 12:04 232 sqmdata13.sqm 2007-04-02 12:04 244 sqmnoopt13.sqm 2007-04-02 09:02 232 sqmdata12.sqm 2007-04-02 09:02 244 sqmnoopt12.sqm 2007-03-30 14:49 232 sqmdata11.sqm 2007-03-30 14:49 244 sqmnoopt11.sqm 2007-03-29 16:31 232 sqmdata10.sqm 2007-03-29 16:31 244 sqmnoopt10.sqm 2007-03-28 19:04 232 sqmdata09.sqm 2007-03-28 19:04 244 sqmnoopt09.sqm 2007-03-28 15:13 232 sqmdata08.sqm 2007-03-28 15:13 244 sqmnoopt08.sqm 2007-03-27 18:00 232 sqmdata07.sqm 2007-03-27 18:00 244 sqmnoopt07.sqm 2007-03-27 14:22 232 sqmdata06.sqm 2007-03-27 14:22 244 sqmnoopt06.sqm 2007-03-25 20:06 232 sqmdata05.sqm 2007-03-25 20:06 244 sqmnoopt05.sqm 2007-03-25 14:20 244 sqmnoopt04.sqm 2007-03-25 14:20 232 sqmdata04.sqm 2007-03-25 14:14 244 sqmnoopt03.sqm 2007-02-23 11:48 3,881 pippilst.txt 2006-12-31 14:35 15 mandant.ini 2005-10-03 16:23 16 mxfilerelatedcache.mxc2 2005-06-05 15:47 1,366 wlan.ini 2005-05-14 17:00 211 boot.ini 2005-05-14 16:52 47,564 NTDETECT.COM 2005-05-14 16:52 251,184 ntldr 2005-03-30 11:55 4,000,824 cab.exe 2005-03-22 12:22 94,208 pcconfig.exe 2005-03-11 22:01 90,456 chaos.dmp ----- Windows -------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\WINDOWS 2007-05-20 11:44 1,396,332 lnnpru.ini 2007-05-20 09:55 106,476 urpnnl.dll 2007-05-20 08:25 395,879 WindowsUpdate.log 2007-05-20 08:20 1,398,253 tsuvut.ini 2007-05-20 08:19 0 0.log 2007-05-20 08:19 159 wiadebug.log 2007-05-20 08:19 50 wiaservc.log 2007-05-20 08:19 2,048 bootstat.dat 2007-05-19 21:19 32,564 SchedLgU.Txt 2007-05-18 21:30 106,528 tuvust.dll 2007-05-18 21:28 761,471 dehkmp.ini 2007-05-18 07:57 208,365 setupact.log 2007-05-16 20:28 803,755 xwxadd.ini 2007-05-12 14:22 19,485 wmsetup.log 2007-05-12 12:45 100 QTW.INI 2007-05-12 12:45 100 QTW.QTW 2007-05-12 12:45 988 win.ini 2007-05-12 12:45 254 system.ini 2007-05-12 12:45 254 SYSINI.QTW 2007-05-12 12:45 988 WININI.QTW 2007-05-08 22:27 54,156 QTFont.qfn 2007-05-07 18:27 1,049,420 setupapi.log 2007-05-05 13:01 3,318 tm.ini 2007-05-03 17:57 118,784 bwUnin-7.2.0.157-8876480SL.exe 2007-05-03 17:46 29,664 iis6.log 2007-05-03 17:46 74,722 comsetup.log 2007-05-03 17:46 44,572 ntdtcsetup.log 2007-05-03 17:46 8,064 ocmsn.log 2007-05-03 17:46 1,355 imsins.log 2007-05-03 17:46 81,700 tsoc.log 2007-05-03 17:46 6,923 KB893803v2.log 2007-05-03 17:46 95,468 ocgen.log 2007-05-03 17:46 9,993 msgsocm.log 2007-05-03 17:46 189,548 FaxSetup.log 2007-05-03 17:45 2,440 avmcoins.log 2007-04-29 14:46 1,409 QTFont.for 2007-03-23 20:08 37,193 SiSUSBrg.exe 2007-03-23 20:08 37,193 SOINTGR.EXE 2007-03-11 22:59 10,872 DPINST.LOG ----- System --- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\WINDOWS\system (keine Einträge in den letzten 2 Monaten) ----- System 32 (Achtung: Zeitfenster beachten!) --- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\WINDOWS\system32 2007-05-11 14:20 2,184 wpa.dbl 2007-05-04 20:42 21,895 blacori.dll 2007-05-03 18:10 3,343 lvcoinst.log 2007-04-28 12:22 181,832 FNTCACHE.DAT 2007-03-25 14:16 386,010 perfh009.dat 2007-03-25 14:16 56,364 perfc009.dat 2007-03-25 14:16 398,334 perfh007.dat 2007-03-25 14:16 68,096 perfc007.dat 2007-03-23 20:08 37,193 NeroCheck.exe ----- Prefetch ------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\WINDOWS\Prefetch 2007-05-20 12:40 11,380 FIND.EXE-0EC32F1E.pf 2007-05-20 12:40 14,624 CMD.EXE-087B4001.pf 2007-05-20 12:31 18,248 MSN_SL.EXE-3A7EBB4D.pf 2007-05-20 12:31 10,132 MSNTBUP.EXE-0FE4C519.pf 2007-05-20 12:30 15,560 NOTEPAD.EXE-336351A9.pf 2007-05-20 12:29 16,886 WINHLP32.EXE-2C18E975.pf 2007-05-20 12:28 26,174 UZIP.EXE-055A1D6A.pf 2007-05-20 12:20 16,920 HPZENG04.EXE-129A6FF3.pf 2007-05-20 12:20 9,264 RUNDLL32.EXE-268BFF96.pf 2007-05-20 12:19 19,060 WORDPAD.EXE-1EFCC5C1.pf 2007-05-20 12:17 67,576 SOFFICE.EXE-24A13B67.pf 2007-05-20 12:10 101,328 IEXPLORE.EXE-2CA9778D.pf 2007-05-20 12:10 21,750 IMAPI.EXE-0BF740A4.pf 2007-05-20 12:09 38,840 EXPLORER.EXE-082F38A9.pf 2007-05-20 12:09 11,470 ATTRIB.EXE-39EAFB02.pf 2007-05-20 12:09 8,508 NIRCMD.CFEXE-19FF4781.pf 2007-05-20 12:08 24,108 CATCHME.CFEXE-0F2A0789.pf 2007-05-20 12:08 7,292 SWXCACLS.CFEXE-365F7973.pf 2007-05-20 12:08 7,812 SWSC.CFEXE-3B4FE4FE.pf 2007-05-20 12:08 6,326 DUMPHIVE.CFEXE-2ED3B134.pf 2007-05-20 12:07 5,170 SED.CFEXE-268D7E58.pf 2007-05-20 12:07 5,754 VFIND.CFEXE-2033727F.pf 2007-05-20 12:07 11,690 FINDSTR.EXE-0CA6274B.pf 2007-05-20 12:07 4,624 MTEE.CFEXE-1E067BC7.pf 2007-05-20 12:07 10,886 SWREG.CFEXE-2BF4FFCD.pf 2007-05-20 11:45 6,158 HANDLE.CFEXE-13427ED2.pf 2007-05-20 11:45 6,066 CHCP.COM-18156052.pf 2007-05-20 11:44 13,394 REGT.CFEXE-15DB5DAE.pf 2007-05-20 11:44 19,920 SETPATH.CFEXE-034E3D26.pf 2007-05-20 11:44 10,020 SWREG.EXE-3560BE42.pf 2007-05-20 11:44 10,152 NIRCMD.EXE-3A4C8334.pf 2007-05-20 11:44 46,278 COMBOFIX[1].EXE-0818BFC0.pf 2007-05-20 10:37 14,378 HJT.COM-031DE892.pf 2007-05-20 10:11 12,356 CLEANUP.EXE-3438663A.pf 2007-05-20 10:11 13,674 CLEANUP452[1].EXE-27D5E53E.pf 2007-05-20 09:55 14,690 TMP5.TMP.EXE-2E187880.pf 2007-05-20 09:53 12,224 HIJACKTHIS.EXE-1BD4B6A3.pf 2007-05-20 09:51 13,130 RUNDLL32.EXE-2588CC2D.pf 2007-05-20 09:51 5,452 TMP4.TMP.EXE-2DA20CE7.pf 2007-05-20 09:39 77,204 ACRORD32.EXE-153330F0.pf 2007-05-20 09:12 16,188 TMP1.TMP.EXE-2C3ECA1C.pf 2007-05-20 08:24 32,948 HPGS2WNF.EXE-3A8D0447.pf 2007-05-20 08:21 20,492 LULNCHR.EXE-02DDED3A.pf 2007-05-20 08:21 11,172 LOGITECHUPDATE.EXE-2ED2F3DB.pf 2007-05-20 08:20 34,280 WUAUCLT.EXE-399A8E72.pf 2007-05-20 08:20 13,440 RJUPDATECHECKER.EXE-22C56375.pf 2007-05-20 08:20 22,148 UPDATE.EXE-039B1B16.pf 2007-05-20 08:20 37,208 RINGJACK.EXE-1C41BD9A.pf 2007-05-20 08:20 75,486 WLLOGINPROXY.EXE-33926225.pf 2007-05-20 08:20 940,108 NTOSBOOT-B00DFAAD.pf 2007-05-19 21:19 19,784 LOGONUI.EXE-0AF22957.pf 2007-05-19 20:12 27,942 WMIPRVSE.EXE-28F301A9.pf 2007-05-18 21:33 65,958 ACRORD32INFO.EXE-19D979CC.pf 2007-05-18 21:30 13,732 TMP2.TMP.EXE-2CB535B5.pf 2007-05-18 21:29 13,242 RUNDLL32.EXE-45916D63.pf 2007-05-18 14:00 18,520 TASKMGR.EXE-20256C55.pf 2007-05-18 08:36 36,322 DFRGNTFS.EXE-269967DF.pf 2007-05-18 08:36 17,212 DEFRAG.EXE-273F131E.pf 2007-05-18 08:36 401,696 Layout.ini 2007-05-18 07:57 64,690 CLEANMGR.EXE-1F86EA8E.pf 2007-05-18 07:20 19,688 HPOFXM07.EXE-0422D669.pf 2007-05-18 07:20 25,730 HPOSTS07.EXE-35F931B2.pf 2007-05-17 21:49 36,208 MSNMSGR.EXE-091111D0.pf 2007-05-17 20:32 96,112 HELPSVC.EXE-2878DDA2.pf 2007-05-17 18:28 10,994 TMP13.TMP.EXE-05BE35F0.pf 2007-05-17 18:14 25,048 ADOBEUPDATER.EXE-370FC314.pf 2007-05-17 18:01 81,508 COMPONENTLAUNCHER.EXE-10A25719.pf 2007-05-17 17:57 33,876 MAGIXVIEWER.EXE-02B8427D.pf 2007-05-16 22:53 50,594 DRWTSN32.EXE-2B4B52AC.pf 2007-05-16 20:29 13,502 HPOFLT07.EXE-1297F2EB.pf 2007-05-16 13:50 13,652 RUNDLL32.EXE-4CA841A4.pf 2007-05-15 15:32 10,412 RUNDLL32.EXE-4BEAA4F9.pf 2007-05-13 21:01 21,032 COCIMANAGER.EXE-2D6000D8.pf 2007-05-12 23:36 66,942 SKYPEPM.EXE-03F1BFBD.pf 2007-05-12 23:36 72,474 SKYPE.EXE-21F19BC8.pf 2007-05-12 14:21 34,874 SETUP_WM.EXE-19AC5A9B.pf 2007-05-12 14:16 55,872 WMPLAYER.EXE-0996933C.pf 2007-05-12 14:16 7,188 REALPLAY.EXE-39F79CBD.pf 2007-05-12 13:19 9,290 RUNDLL32.EXE-451FC2C0.pf 2007-05-12 12:42 22,688 NTVDM.EXE-1A10A423.pf 2007-05-12 11:13 59,198 IEDW.EXE-2D047874.pf 2007-05-11 23:43 10,502 TMP75.TMP.EXE-19E6364F.pf 2007-05-11 23:37 14,526 TMP74.TMP.EXE-196FCAB6.pf 2007-05-11 18:43 10,570 RUNDLL32.EXE-28753F77.pf 2007-05-11 14:30 12,998 RUNDLL32.EXE-21D37164.pf 2007-05-08 22:30 36,510 WINRIP.EXE-01F1C82A.pf 2007-05-08 22:28 23,584 QTTASK.EXE-2D7EEF34.pf 2007-05-07 22:00 13,542 AU_.EXE-2B16C79B.pf 2007-05-07 21:59 6,686 INSTALLER_SHUTDOWN.EXE-208DC757.pf 2007-05-07 21:59 5,784 VEROSEE_SHUTDOWN.EXE-0A16B4CD.pf 2007-05-07 21:59 13,914 VEROSEEUNINSTALL.EXE-00BA0865.pf 2007-05-07 18:56 90,988 JAVAW.EXE-1DA9F6E6.pf 2007-05-07 18:45 62,562 WMPLAYER.EXE-0996933A.pf 2007-05-07 18:12 11,376 REG.EXE-0D2A95F7.pf 2007-05-06 23:38 77,356 STARMONEY.EXE-08E875F9.pf 2007-05-06 23:38 24,056 STARTSTARMONEY.EXE-0BFE7ADE.pf 96 Datei(en) 3,830,882 Bytes 0 Verzeichnis(se), 4,388,413,440 Bytes frei ----- Tasks ---------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\WINDOWS\tasks 2007-05-20 12:31 266 Auf Updates fr Windows Live Toolbar prfen.job 2007-05-20 08:19 6 SA.DAT ----- Windows/Temp ----------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\WINDOWS\Temp 2007-05-03 17:58 179 LDMSetupLog.txt 2007-05-03 17:55 21,747 LgDSetup.txt 2007-05-03 17:55 164,646 InstAEC.log 2007-05-03 17:55 173,912 InstMV.log 2007-05-03 17:54 203,876 LVEnum.log 2007-05-03 17:53 86 qcdrvsetup.log 2007-04-04 18:09 4 abc123.pid ----- Temp ----------------------------- Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 0C6F-2D65 Verzeichnis von C:\DOKUME~1\MARTIN~1\LOKALE~1\Temp 2007-05-20 11:43 33,535 WcesView.log 2007-05-20 09:55 466,944 tmp5.tmp.exe 2007-05-20 09:51 50,356 tmp4.tmp.exe 2007-05-20 09:12 40,960 tmp1.tmp.exe 2007-05-20 09:08 44,472 java_install_reg.log 2007-05-20 08:19 42,274 LVCOMSX.LOG 2007-05-20 08:19 4 abc123.pid 2007-05-19 21:00 1,409 Z@S55.tmp 2007-05-19 21:00 11,932 Z@R54.tmp 2007-05-19 21:00 1,409 Z@S53.tmp 2007-05-19 21:00 5,356 Z@R52.tmp 2007-05-19 21:00 1,409 Z@S51.tmp 2007-05-19 21:00 30,544 Z@R50.tmp 2007-05-19 21:00 1,409 Z@S4F.tmp 2007-05-19 21:00 36,724 Z@R4E.tmp 2007-05-19 21:00 4,400 Z@R4C.tmp 2007-05-19 21:00 1,409 Z@S4D.tmp 2007-05-19 21:00 21,448 Z@R4A.tmp 2007-05-19 21:00 1,409 Z@S4B.tmp 2007-05-19 21:00 19,616 Z@R48.tmp 2007-05-19 21:00 1,409 Z@S49.tmp 2007-05-19 21:00 1,409 Z@S47.tmp 2007-05-19 21:00 11,932 Z@R46.tmp 2007-05-19 21:00 5,356 Z@R44.tmp 2007-05-19 21:00 1,409 Z@S45.tmp 2007-05-19 21:00 1,409 Z@S43.tmp 2007-05-19 21:00 30,544 Z@R42.tmp 2007-05-19 21:00 36,724 Z@R40.tmp 2007-05-19 21:00 1,409 Z@S41.tmp 2007-05-19 21:00 1,409 Z@S3F.tmp 2007-05-19 21:00 4,400 Z@R3E.tmp 2007-05-19 21:00 21,448 Z@R3C.tmp 2007-05-19 21:00 1,409 Z@S3D.tmp 2007-05-19 21:00 19,616 Z@R3A.tmp 2007-05-19 21:00 1,409 Z@S3B.tmp 2007-05-19 21:00 5,120 Z@R38.tmp 2007-05-19 21:00 1,409 Z@S39.tmp 2007-05-19 21:00 1,409 Z@S37.tmp 2007-05-19 21:00 7,632 Z@R36.tmp 2007-05-19 21:00 1,409 Z@S35.tmp 2007-05-19 21:00 9,588 Z@R34.tmp 2007-05-19 21:00 9,396 Z@R32.tmp 2007-05-19 21:00 1,409 Z@S33.tmp 2007-05-19 21:00 4,400 Z@R30.tmp 2007-05-19 21:00 1,409 Z@S31.tmp 2007-05-19 21:00 1,409 Z@S2F.tmp 2007-05-19 21:00 22,376 Z@R2E.tmp 2007-05-19 21:00 1,409 Z@S2D.tmp 2007-05-19 21:00 19,596 Z@R2C.tmp 2007-05-19 21:00 1,409 Z@S2B.tmp 2007-05-19 21:00 5,120 Z@R2A.tmp 2007-05-19 21:00 1,409 Z@S29.tmp 2007-05-19 21:00 7,632 Z@R28.tmp 2007-05-19 21:00 1,409 Z@S27.tmp 2007-05-19 21:00 9,588 Z@R26.tmp 2007-05-19 21:00 1,409 Z@S25.tmp 2007-05-19 21:00 9,396 Z@R24.tmp 2007-05-19 21:00 4,400 Z@R22.tmp 2007-05-19 21:00 1,409 Z@S23.tmp 2007-05-19 21:00 1,409 Z@S21.tmp 2007-05-19 21:00 22,376 Z@R20.tmp 2007-05-19 21:00 1,409 Z@S1F.tmp 2007-05-19 21:00 19,596 Z@R1E.tmp 2007-05-19 21:00 1,409 Z@S1D.tmp 2007-05-19 21:00 1,409 Z@S1B.tmp 2007-05-19 21:00 11,932 Z@R1C.tmp 2007-05-19 21:00 5,356 Z@R1A.tmp 2007-05-19 21:00 1,409 Z@S19.tmp 2007-05-19 21:00 30,544 Z@R18.tmp 2007-05-19 21:00 36,724 Z@R16.tmp 2007-05-19 21:00 1,409 Z@S17.tmp 2007-05-19 21:00 4,400 Z@R14.tmp 2007-05-19 21:00 1,409 Z@S15.tmp 2007-05-19 21:00 1,409 Z@S13.tmp 2007-05-19 21:00 21,448 Z@R12.tmp 2007-05-19 21:00 19,616 Z@R10.tmp 2007-05-19 21:00 1,409 Z@S11.tmp 2007-05-19 20:55 1,409 Z@SF.tmp 2007-05-19 20:55 5,116 Z@RE.tmp 2007-05-19 20:55 1,409 Z@SD.tmp 2007-05-19 20:55 7,628 Z@RC.tmp 2007-05-19 20:55 9,584 Z@RA.tmp 2007-05-19 20:55 1,409 Z@SB.tmp 2007-05-19 20:55 1,409 Z@S9.tmp 2007-05-19 20:55 9,392 Z@R8.tmp 2007-05-19 20:55 1,409 Z@S7.tmp 2007-05-19 20:55 4,396 Z@R6.tmp 2007-05-19 20:55 1,409 Z@S5.tmp 2007-05-19 20:55 22,372 Z@R4.tmp 2007-05-19 20:55 1,409 Z@S3.tmp 2007-05-19 20:55 19,592 Z@R2.tmp 2007-05-18 21:30 233,071 tmp2.tmp.exe 2007-05-17 18:28 40,960 tmp13.tmp.exe 2007-05-16 13:50 38,126 tmp1.tmp.dll 2007-05-15 14:59 125 C31F31E6.TMP 2007-05-11 23:43 40,960 tmp75.tmp.exe 2007-05-11 23:37 109,387 tmp74.tmp.exe 2007-05-07 18:23 516 DelUS.bat 2007-05-07 18:11 676 currentversion.txt 2007-05-06 11:08 16,384 ~DFA8E8.tmp 2007-05-03 20:41 1,995 VideoSnap.xml 2007-05-03 20:41 2,533 Theodora.xml 2007-05-03 20:41 11,579 VLogTools.xml 2007-05-03 20:41 14,138 EditTools.xml 2007-05-03 17:58 930 logierr.log 2007-05-03 17:57 80,226 BWInstall.log 2007-05-03 17:57 2,633 logitech-ldm-postinst-action.log 2007-05-03 17:57 24,613 IadHide5.dll 2007-05-03 17:57 30,899 BWDump.log 2007-05-03 17:57 720 logitech-ldm-preinst-action.log 2007-05-03 17:55 2,964 Update.txt 2007-05-03 17:54 41,259 DelDev.txt 2007-05-03 17:53 732 CamWizard.txt 2007-05-03 17:53 1,906,506 qc10install.log 2007-05-03 17:53 21,087 ModelFileHandler.log 2007-05-03 17:49 12,164 Bootstrap_log.txt 2007-04-07 14:23 43,968 Z@R1.tmp 2007-04-02 19:47 15,452 httpd-error.log 2007-04-02 19:47 464 sess_assruh4r00t553m8528klt4dn0 2007-04-02 19:44 428 sess_vjb39ci2g7k7f1hfglp03131f6 2007-04-02 19:44 428 sess_euul047vjetqdb1igselkrdhs1 2007-04-02 19:44 6 httpd.pid 2007-04-02 11:35 474 sess_ln2huh91lob3r4lieiqebi8f72 2007-04-02 11:31 428 sess_8al6v9lgcn5siftvslm744p283 2007-04-02 11:31 428 sess_qgjmuk1qirr6i0r2ojcbgvk9i4 2007-03-26 20:49 428 sess_ruidakbdehph0n80dkd241ikn0 2007-03-26 20:49 428 sess_jvjqndrs7gki1b1cd5jouvnk67 2007-03-26 20:49 428 sess_enr0nttk4a1g0s8qa6alp2g413 2007-03-26 20:43 428 sess_chje22vhoqv5of2hl6jt60ukh4 2007-03-26 20:43 429 sess_2fgdp7t2ethnnk417813c0qg55 2007-03-26 20:43 456 sess_5s6m7eotclvmkcjn9qpi26ihl5 2007-03-26 20:41 428 sess_cup1ditafn1ig1gl5jcej1v8j2 2007-03-26 20:41 456 sess_o0q8l8780c01d8h9gqrspnucu5 2007-03-26 20:40 456 sess_bkohjpndnjjk8gtgjij6853ml7 2007-03-26 20:39 456 sess_2p4bi21cvl5gpc4oufn5dd79v5 2007-03-26 20:38 428 sess_gljt8j1aaji0mocq9u9ol5hnk0 2007-03-26 20:38 428 sess_dilujtgffvgt1sud7140njdj66 2007-03-26 20:38 428 sess_qoks6pff1ujs2v4of8gnthqm92 2007-03-23 19:59 1,233 TWAIN.LOG 2007-03-23 19:59 5 Twain001.Mtx 2007-03-23 19:59 156 Twunk001.MTX 2007-03-23 19:51 408 WCESCOMM.LOG 2007-03-23 19:50 258,816 jusched.log 2007-03-23 15:16 16,384 ~DF4B06.tmp 2007-03-21 17:13 16,384 ~DF2586.tmp 2007-03-20 13:57 16,384 ~DF88FA.tmp 2007-03-19 21:25 16,384 ~DF3FE4.tmp 2007-03-19 16:21 16,384 ~DF7DCF.tmp 2007-03-18 18:23 16,384 ~DF476F.tmp 2007-03-18 13:04 16,384 ~DF7B8A.tmp 2007-03-13 09:34 16,384 ~DF5B61.tmp 2007-03-12 23:27 16,384 ~DF4FF0.tmp 2007-03-11 23:00 49 calog.txt 2007-03-11 23:00 4,490,712 WindowsUpdateAgent20-x86.exe 2007-03-11 23:00 7,280 wuredist.cab 2007-03-11 13:40 16,384 ~DF4E0C.tmp 2007-03-10 19:16 28,648 AAX23.tmp 2007-03-10 19:14 28,648 AAX1E.tmp 2007-03-10 17:26 16,384 ~DFF6E2.tmp 2007-03-10 10:49 16,384 ~DF20EC.tmp uff...und damit kann man etwas anfangen??? Ich danke Dir jedenfalls schon vorab für Deine Hilfe. Liebe Grüsse Heike Dieser Beitrag wurde am 20.05.2007 um 12:44 Uhr von milkalover editiert.
|
|
|
||
Nachdem ich ein verseuchtes Installationsprogramm gestartet hatte, fuhr der Rechner nach ca 2 Minuten mit der Meldung runter, das das System heruntergefahren
wird und ich 60s Zeit habe alles zu sichern. Nachdem ich im abgesicherten Modus gestartet hatte und sofort über den Taskmanager den Prozess "Userinit"
gestoppt hatte, blieb der Rechner an. Ich ließ Ewido, Counterspy, Spybot, Bit Defender und Symantec Antivirus mehrmals laufen und habe alles gelöscht, was zu finden war.
Jetzt habe ich nur noch den Fehler, den ich schon von vielen gelesen habe. Ich benutze Firefox. Sobald der Browser gestartet ist, öffnen sich ständig verschiedene Popups.
Mal von "DriveCleaner" mit Weiterleitung zum Sicherheits Forum oder von WinAntiVirus 2006 oder einfach irgendwelche Werbefenster. Oft ist es auch als erstes die
Seite "Broadcaster.com" oder noch was anderes.
Ich habe auch schon alle Listings und Startdateien überprüft, aber mit meinem laienhaften Wissen komme ich einfach nicht weiter.
Ich hoffe, Ihr könnt mir helfen!
_________________________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 14:38:54, on 09.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programme\Logitech\G-series Software\LGDCore.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\The Cleaner\tca.exe
C:\Programme\The Cleaner\tcm.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AHQInit] C:\Programme\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Programme\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programme\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec AntiVirus\Rtvscan.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
__________________________________________________________________________________________________________________________________________
"Hanke" - 07-04-09 14:46:33 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Dokumente und Einstellungen\Hanke\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com
((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))
2007-04-09 14:32 <DIR> d-------- C:\Temp\tn3
2007-04-09 13:49 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-04-08 21:30 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-04-08 21:30 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-04-08 21:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panda Software
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-04-08 21:02 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-04-08 20:56 153,600 --a------ C:\WINDOWS\R.COM
2007-04-08 20:56 140,800 --a------ C:\WINDOWS\system32\T.COM
2007-04-08 20:56 <DIR> d-------- C:\bases
2007-04-08 20:26 <DIR> d-------- C:\avenger
2007-04-08 20:10 287 --a------ C:\startmwav.bat
2007-04-08 19:47 130,048 --a------ C:\avenger.exe
2007-04-08 17:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-08 17:45 <DIR> d-------- C:\Programme\The Cleaner
2007-04-08 17:43 <DIR> d-------- C:\Programme\RogueRemover
2007-04-08 16:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-08 14:57 <DIR> d--h----- C:\WINDOWS\Icons
2007-04-08 14:24 2,472 --a------ C:\clean.bat
2007-04-08 14:21 <DIR> d-------- C:\Programme\ETRemover
2007-04-08 13:32 <DIR> d-------- C:\Programme\L2MRemover
2007-04-08 12:03 14,776,424 --a------ C:\mwav.exe
2007-04-07 22:33 72,320 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-04-07 22:11 <DIR> d-------- C:\Programme\Ultra Video Splitter
2007-04-06 23:11 <DIR> d-------- C:\Programme\Pcsx2
2007-04-06 22:07 <DIR> d-------- C:\Programme\SuperFlexible
2007-04-06 21:50 <DIR> d-------- C:\Programme\Driver-Soft
2007-04-06 21:39 <DIR> d-------- C:\Programme\F„lscherwerkstatt2
2007-04-06 20:18 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-04-06 20:13 2,322,432 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-04-06 20:03 <DIR> d-------- C:\Programme\TuneUp Utilities 2006
2007-04-06 20:03 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\TuneUp Software
2007-04-06 20:02 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software
2007-04-06 19:27 <DIR> d-------- C:\wifitemp
2007-04-06 19:27 <DIR> d-------- C:\Programme\WiFi Hopper
2007-04-06 17:58 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\WinRAR
2007-04-01 16:09 <DIR> d-------- C:\Programme\Arcor Fotoservice
2007-03-31 23:12 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-03-31 23:12 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-03-31 23:12 <DIR> d-------- C:\Programme\eRightSoft
2007-03-31 22:21 <DIR> d-------- C:\Programme\AviSynth 2.5
2007-03-31 19:43 2,321,280 --a------ C:\WINDOWS\system32\kernel1.exe
2007-03-31 19:05 <DIR> d-------- C:\WINDOWS\Wallpapers
2007-03-25 09:34 <DIR> d-------- C:\Programme\Motorola
2007-03-22 07:47 <DIR> d-------- C:\Programme\TomTom Media Center
2007-03-20 21:50 <DIR> d-------- C:\Programme\FireTrust
2007-03-20 21:50 <DIR> d-------- C:\DOKUME~1\Hanke\ANWEND~1\MailWasherPro
2007-03-18 15:43 58 --ah----- C:\WINDOWS\system32\SWCTL.DLL
2007-03-18 15:43 <DIR> d-------- C:\WINDOWS\system32\tmr
2007-03-18 15:43 <DIR> d-------- C:\WINDOWS\system32\bin
2007-03-18 15:43 <DIR> d-------- C:\Programme\Kisi
2007-03-17 18:33 532,480 --a------ C:\WINDOWS\system32\Audi R8 Screensaver.scr
2007-03-17 18:33 <DIR> d-------- C:\WINDOWS\system32\Audi R8 Screensaver dir
2007-03-16 00:42 77,000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-03-11 21:25 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-03-11 16:19 <DIR> d-------- C:\Programme\OO Software
2007-03-10 21:22 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
2007-03-10 20:14 <DIR> d-------- C:\Programme\DVD Shrink
2007-03-10 16:47 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SlySoft
2007-03-10 15:47 <DIR> d-------- C:\Programme\RegCleaner
2007-03-10 01:15 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-09 13:39 -------- d-------- C:\Programme\symantec antivirus
2007-04-08 18:02 0 --a------ C:\CONFIG.SYS
2007-04-08 18:02 0 --------- C:\AUTOEXEC.BAT
2007-04-07 23:19 -------- d-------- C:\Programme\enditall
2007-04-07 22:18 -------- d-------- C:\Programme\isobuster
2007-04-07 20:10 -------- d-------- C:\Programme\emule
2007-04-06 22:02 -------- d-------- C:\Programme\yahoo!
2007-04-06 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard
2007-04-06 17:16 -------- d-------- C:\Programme\tvgenial
2007-04-06 15:03 76014 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-06 15:03 418970 --a------ C:\WINDOWS\system32\perfh007.dat
2007-03-31 21:45 -------- d-------- C:\Programme\slysoft
2007-03-25 09:34 -------- d-------- C:\Programme\common files
2007-03-18 20:50 -------- d-------- C:\Programme\fp.leecher
2007-03-17 13:21 -------- d-------- C:\Programme\auction sentry deluxe
2007-03-12 22:49 2828 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-03-11 11:30 133 ---hs---- C:\DOKUME~1\Hanke\ANWEND~1\.zreglib
2007-03-10 19:02 -------- d-------- C:\DOKUME~1\Hanke\ANWEND~1\ripit4me
2007-03-10 18:03 -------- d-------- C:\Programme\ripit4me
2007-03-10 15:39 -------- d-------- C:\Programme\curerom
2007-03-10 15:29 -------- d--h----- C:\Programme\installshield installation information
2007-03-10 14:21 -------- d-------- C:\Programme\music_manager
2007-03-10 14:21 -------- d-------- C:\Programme\magiciso
2007-03-10 14:21 -------- d-------- C:\Programme\hide ip platinum
2007-03-10 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\symantec shared
2007-03-10 14:21 -------- d-------- C:\Programme\dap
2007-03-09 22:30 -------- d-------- C:\Programme\microsoft activesync
2007-03-09 22:23 -------- d-------- C:\Programme\gamesload spiele
2007-03-08 19:34 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-03-08 19:34 -------- dr-h----- C:\DOKUME~1\Hanke\ANWEND~1\securom
2007-03-08 19:08 -------- d-------- C:\Programme\d-tools
2007-03-08 18:22 -------- d-------- C:\Programme\daemon tools
2007-03-08 18:01 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 19:49 -------- d-------- C:\Programme\sft loader
2007-03-04 20:03 -------- d-------- C:\DOKUME~1\Hanke\ANWEND~1\sprite software
2007-03-04 12:47 -------- d-------- C:\Programme\java
2007-03-03 13:12 -------- d-------- C:\Programme\microsoft works
2007-03-03 13:11 -------- d-------- C:\Programme\msbuild
2007-03-01 21:06 -------- d-------- C:\Programme\siber systems
2007-03-01 01:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 22:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-16 02:56 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-02-10 23:56 -------- d-------- C:\Programme\poweriso
2007-02-05 21:05 606848 --a------ C:\WINDOWS\flashax.exe
2007-02-05 21:05 12288 --a------ C:\WINDOWS\impborl.dll
2007-01-12 23:47 707344 --a------ C:\WINDOWS\system32\oodag.exe
2007-01-12 23:39 121616 --a------ C:\WINDOWS\system32\oodbs.exe
2007-01-12 23:21 667936 --a------ C:\WINDOWS\system32\wodhttp.dll
2007-01-12 23:21 17168 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-01-12 23:21 17168 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-01-12 23:21 11536 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-01-12 19:52 16656 --a------ C:\WINDOWS\system32\ootmapi.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"CCleaner"="\"C:\\Programme\\CCleaner\\CCleaner.exe\" /AUTO"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\Wcescomm.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AHQInit"="C:\\Programme\\Creative\\SBLive\\Program\\AHQInit.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"!AVG Anti-Spyware"="\"C:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"tcactive"="C:\\Programme\\The Cleaner\\tca.exe"
"tcmonitor"="C:\\Programme\\The Cleaner\\tcm.exe"
"BDMCon"="\"C:\\Programme\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Programme\\Softwin\\BitDefender8\\bdnagent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"CloneCDTray"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"GrooveMonitor"="\"C:\\Programme\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SSBkgdUpdate"="C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\""
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="KHALMNPR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransparentIcons]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=dword:00000000
"NoDispCPL"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoRun"=dword:00000000
"NoFind"=dword:00000000
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PAVPRSRV
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SHLDDRV
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\{3242CA89-4672-4A7E-BECB-FFA9FDE3255C}_DELL_Hanke.job
C:\WINDOWS\tasks\{C6C24FA5-3561-4C14-9AA4-D7B381E2996D}_DELL_Hanke.job
C:\WINDOWS\tasks\{D8A061BE-740D-4418-B9B3-B734B6A0B9C2}_DELL_Hanke.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-09 14:54:14
C:\ComboFix-quarantined-files.txt ... 07-04-09 14:54
C:\ComboFix2.txt ... 07-04-08 19:31
C:\ComboFix3.txt ... 07-04-08 15:58
_________________________________________________________________________________________________________________________________________
C:\ComboFix-quarantined-files.txt
Code
___________________________________________________________________________________________________________________________________________Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19
Verzeichnis von C:\WINDOWS\system32
09.04.2007 14:31 2.148 wpa.dbl
09.04.2007 13:49 2.957 x_dtrace_log
09.04.2007 13:49 14 getfile.dat
09.04.2007 13:35 15.714 OODBS.lor
06.04.2007 20:13 2.322.432 TUKernel.exe
06.04.2007 15:03 403.968 perfh009.dat
06.04.2007 15:03 63.188 perfc009.dat
06.04.2007 15:03 418.970 perfh007.dat
06.04.2007 15:03 76.014 perfc007.dat
06.04.2007 15:03 974.848 PerfStringBackup.INI
04.04.2007 06:58 301.232 FNTCACHE.DAT
31.03.2007 19:43 2.321.280 kernel1.exe
31.03.2007 19:43 2.321.280 KERNEL.TMP
18.03.2007 15:52 58 SWCTL.DLL
17.03.2007 18:49 14.622 muzika.xm
17.03.2007 18:33 532.480 Audi R8 Screensaver.scr
15.03.2007 18:19 1.476.992 LegitCheckControl.dll
15.03.2007 18:17 337.280 WgaTray.exe
15.03.2007 18:16 236.928 WgaLogon.dll
12.03.2007 22:49 2.828 KGyGaAvL.sys
08.03.2007 19:34 108.144 CmdLineExt.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:32 1.843.712 win32k.sys
07.03.2007 22:36 12.619.736 MRT.exe
04.03.2007 12:47 9.857 jupdate-1.5.0_11-b03.log
01.03.2007 01:05 86.016 ElbyCDIO.dll
21.02.2007 12:47 31.232 msfDX.dll
18.02.2007 12:20 226.678 TZLog.log
29.01.2007 10:58 60.416 tzchange.exe
25.01.2007 14:52 617.472 urlmon.dll
23.01.2007 21:30 546.304 hhctrl.ocx
12.01.2007 23:47 707.344 oodag.exe
12.01.2007 23:39 121.616 oodbs.exe
12.01.2007 23:21 11.536 oodbsrs.dll
12.01.2007 23:21 704.800 wodHttp.ocx
12.01.2007 23:21 17.168 oodagrs.dll
12.01.2007 23:21 667.936 wodHttp.dll
12.01.2007 23:21 17.168 oodagmg.dll
12.01.2007 19:52 16.656 ootmapi.dll
11.01.2007 21:38 16.832 amcompat.tlb
11.01.2007 21:38 23.392 nscompat.tlb
05.01.2007 22:03 9.132 jupdate-1.5.0_10-b03.log
04.01.2007 15:41 664.576 wininet.dll
04.01.2007 15:41 474.624 shlwapi.dll
04.01.2007 15:41 1.494.528 shdocvw.dll
04.01.2007 15:41 39.424 pngfilt.dll
04.01.2007 15:41 532.480 mstime.dll
04.01.2007 15:40 146.432 msrating.dll
04.01.2007 15:40 448.512 mshtmled.dll
04.01.2007 15:40 3.077.632 mshtml.dll
04.01.2007 15:40 16.384 jsproxy.dll
04.01.2007 15:40 96.768 inseng.dll
04.01.2007 15:40 251.392 iepeers.dll
04.01.2007 15:40 1.056.256 danim.dll
04.01.2007 15:40 205.312 dxtrans.dll
04.01.2007 15:40 357.888 dxtmsft.dll
04.01.2007 15:40 55.808 extmgr.dll
04.01.2007 15:40 152.064 cdfview.dll
04.01.2007 15:40 1.023.488 browseui.dll
04.01.2007 13:52 123.392 xpsp3res.dll
2649 Datei(en) 531.629.232 Bytes
0 Verzeichnis(se), 86.661.050.368 Bytes frei
__________________________________________________________________________________________________________________________
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19
Verzeichnis von C:\DOKUME~1\Hanke\LOKALE~1\Temp
09.04.2007 14:33 286 WCESLog.log
09.04.2007 14:32 49.152 ~DFD4CF.tmp
2 Datei(en) 49.438 Bytes
0 Verzeichnis(se), 86.661.050.368 Bytes frei
_____________________________________________________________________________________________________________________________
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19
Verzeichnis von C:\WINDOWS
29.01.2077 07:32 467 Faces.prf
09.04.2007 13:42 2.020 win.ini
09.04.2007 13:39 0 0.log
09.04.2007 13:37 159 wiadebug.log
09.04.2007 13:36 50 wiaservc.log
09.04.2007 13:35 2.048 bootstat.dat
09.04.2007 13:34 23.819 WindowsUpdate.log
08.04.2007 20:43 1.180.354 ntbtlog.txt
08.04.2007 19:42 13.855 setupapi.log
08.04.2007 14:51 0 Sti_Trace.log
08.04.2007 12:14 8.873.577 REGBK00.ZIP
06.04.2007 22:42 210 GSdx9 sse2.INI
06.04.2007 21:42 230 NeroDigital.ini
06.04.2007 11:10 54.156 QTFont.qfn
31.03.2007 18:52 3.932.214 ACD Hintergrund.bmp
17.03.2007 23:57 1.409 QTFont.for
15.03.2007 23:34 1.374 imsins.BAK
14.03.2007 20:45 9.292 super.chm
12.03.2007 20:38 45.530 FontData.fdb
10.03.2007 14:47 32.614 SchedLgU.Txt
05.02.2007 21:05 606.848 flashax.exe
05.02.2007 21:05 12.288 impborl.dll
24.01.2007 23:33 35 A6W.INI
24.01.2007 23:32 30.598 Run32A60.mch
24.01.2007 23:32 1.548 ODBC.INI
05.01.2007 22:27 2.462 system.ini
05.01.2007 22:01 3.763 mozver.dat
204 Datei(en) 56.132.906 Bytes
0 Verzeichnis(se), 86.661.033.984 Bytes frei
__________________________________________________________________________________________________________________________
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19
Verzeichnis von C:\WINDOWS\temp
09.04.2007 14:32 409 WGANotify.settings
09.04.2007 14:31 255 WGAErrLog.txt
2 Datei(en) 664 Bytes
0 Verzeichnis(se), 86.661.038.080 Bytes frei
_______________________________________________________________________________________________________________________
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19
Verzeichnis von C:\WINDOWS\Downloaded Program Files
11.12.2006 17:44 367 LegitCheckControl.inf
22.01.2005 16:37 65 desktop.ini
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
3 Datei(en) 1.594 Bytes
0 Verzeichnis(se), 86.661.033.984 Bytes frei
_____________________________________________________________________________________________________________________________________
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 2C44-6A19
Verzeichnis von C:\
09.04.2007 14:43 0 sys.txt
09.04.2007 14:43 418 down.txt
09.04.2007 14:42 326 tmp.txt
09.04.2007 14:41 10.575 system.txt
09.04.2007 14:41 333 systemtemp.txt
09.04.2007 14:40 129.839 system32.txt
09.04.2007 13:27 582 found.txt
09.04.2007 08:45 0 23990098.$$$
08.04.2007 20:24 2.490 avenger.txt
08.04.2007 19:31 16.368 ComboFix.txt
08.04.2007 19:31 144 ComboFix-quarantined-files.txt
08.04.2007 18:02 0 AUTOEXEC.BAT
08.04.2007 18:02 0 CONFIG.SYS
08.04.2007 15:58 18.275 ComboFix2.txt
08.04.2007 14:24 2.472 clean.bat
08.04.2007 12:05 14.776.424 mwav.exe
06.04.2007 20:13 389 boot.ini
10.03.2007 20:57 43 MENU.CFG
28 Datei(en) 15.368.801 Bytes
0 Verzeichnis(se), 86.661.029.888 Bytes frei
_________________________________________________________________________________________________________________________