Stration.Gen Virus/Wurm |
||
---|---|---|
#0
| ||
17.04.2007, 20:43
...neu hier
Beiträge: 3 |
||
|
||
18.04.2007, 07:54
Member
Beiträge: 694 |
#2
Hi,
bitte prüfen: virustotal: Files bitte prüfen da unbekannt/infiziert sein können Zitat C:\WINDOWS\System32\shfoxpob.exePoste die Logs... Arbeite dann unbedingt noch den Rest von Zitat http://board.protecus.de/t23188.htmab, da es mit Sicherheit zusätzliche Files gibt die nicht im Hijackthis auftauchen... chris |
|
|
||
18.04.2007, 21:37
...neu hier
Themenstarter Beiträge: 3 |
#3
Hi danke für die schnelle Antwort!!!
Hab gestern Abend noch den Tip eines Bekannten bekommen doch auch ALvast noch mal zusätzlich auszuprobieren. Der hat auch tatsächlich um die 18 infizierte Dateien gefunden,die ich dann allesamt in den Container verschoben habe. Als ich dann jedoch Antivir anmachte kamen wieder lauter Meldungen und ich könnte mal wieder den Akku entfernen weil nichts mehr ging! Hab jetzt nochmal einen highjack gemacht, denke es hat sich durch den Scan was verändert: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\MSI\System Control Manager\MGSysCtrl.exe C:\Programme\HHVcdV5Sys\VC5SecS.exe C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe C:\Programme\HHVcdV5Sys\VC5Play.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Virtual CD v5\System\VC5Tray.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\System32\shfoxpob.exe C:\Dokumente und Einstellungen\Antje\Eigene Dateien\WURMTÖTER\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\MSI\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skksd32.exe -s O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skksd32.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [amcdiag] C:\WINDOWS\system32\amcconf.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed029YYNL_ZNxdm414YYDE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3021d2cb3a93159be406/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107082269546 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://studivz.net/photouploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\system32\shfoxpob.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Virustotal: Complete scanning result of "shfoxpob.exe", received in VirusTotal at 04.18.2007, 20:32:22 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.0 04.18.2007 no virus found AntiVir 7.3.1.53 04.18.2007 Worm/Warezov.ND.1 Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.18.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.18.2007 Win32.Warezov.XJ@mm CAT-QuickHeal 9.00 04.18.2007 (Suspicious) - DNAScan ClamAV devel-20070416 04.18.2007 Worm.Stration.ACJ-5 DrWeb 4.33 04.18.2007 Win32.HLLM.Limar eSafe 7.0.15.0 04.18.2007 Win32.Warezov.nd eTrust-Vet 30.7.3576 04.18.2007 no virus found Ewido 4.0 04.18.2007 Worm.Warezov.nd FileAdvisor 1 04.18.2007 No Thread detected Fortinet 2.85.0.0 04.18.2007 suspicious F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.18.2007 Email-Worm.Win32.Warezov.nd Ikarus T3.1.1.5 04.18.2007 Email-Worm.Win32.Warezov.at Kaspersky 4.0.2.24 04.18.2007 Email-Worm.Win32.Warezov.nd McAfee 5012 04.18.2007 New Malware.n Microsoft 1.2405 04.18.2007 no virus found NOD32v2 2202 04.18.2007 Win32/Stration.YQ Norman 5.80.02 04.18.2007 no virus found Panda 9.0.0.4 04.18.2007 Suspicious file Prevx1 V2 04.18.2007 Malware:SysCovert Sophos 4.16.0 04.17.2007 Mal/Packer Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious Symantec 10 04.18.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.18.2007 MalwareScope.Worm.Warezov.6 VirusBuster 4.3.7:9 04.18.2007 no virus found Webwasher-Gateway 6.0.1 04.18.2007 Worm.Warezov.ND.1 Aditional Information File size: 79092 bytes MD5: 27a97a0c2380a731b058f5123316dc2b SHA1: 46eb91536ec739248f0bce169e5227845c046e7a packers: UPACK Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=27a97a0c2380a731b058f5123316dc2b packers: UPack Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=671789497926 Sunbelt info: VIPRE.Suspicious is a generic detection for potential Thread that are deemed suspicious also den skksd hab ich nicht mehr gefunden dafür aber ne neue nette Überraschung,die angeblich heute früh!! erstellt wurde: Complete scanning result of "skkkkkkk.exe", received in VirusTotal at 04.18.2007, 20:44:31 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.0 04.18.2007 no virus found AntiVir 7.3.1.53 04.18.2007 HEUR/Malware Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.18.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.18.2007 no virus found CAT-QuickHeal 9.00 04.18.2007 no virus found ClamAV devel-20070416 04.18.2007 no virus found DrWeb 4.33 04.18.2007 Win32.HLLM.Limar eSafe 7.0.15.0 04.18.2007 suspicious Trojan/Worm eTrust-Vet 30.7.3576 04.18.2007 no virus found Ewido 4.0 04.18.2007 no virus found FileAdvisor 1 04.18.2007 no virus found Fortinet 2.85.0.0 04.18.2007 suspicious F-Prot 4.3.2.48 04.18.2007 W32/Downloader2.BHH F-Secure 6.70.13030.0 04.18.2007 W32/Horst.gen28 Ikarus T3.1.1.5 04.18.2007 no virus found Kaspersky 4.0.2.24 04.18.2007 no virus found McAfee 5012 04.18.2007 no virus found Microsoft 1.2405 04.18.2007 no virus found NOD32v2 2202 04.18.2007 Win32/Stration Norman 5.80.02 04.18.2007 W32/Horst.gen28 Panda 9.0.0.4 04.18.2007 Suspicious file Prevx1 V2 04.18.2007 Win32.Malware.gen Sophos 4.16.0 04.17.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.18.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.18.2007 no virus found VirusBuster 4.3.7:9 04.18.2007 no virus found Webwasher-Gateway 6.0.1 04.18.2007 Heuristic.Malware Aditional Information File size: 35840 bytes MD5: 9d50b32aacf6b0c790346d3a26ea7708 SHA1: 002baf29ba7e3c7e3da7a09bf7b9892a4dcd9581 packers: UPX packers: UPX Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=1c2389909512 amcconf kann ich auch nicht mehr finden.dafür hab ich aber nen andern gesehen,der sehr verdächtig is STATUS: FINISHEDComplete scanning result of "secumsje.exe", received in VirusTotal at 04.18.2007, 21:10:09 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.0 04.18.2007 no virus found AntiVir 7.3.1.53 04.18.2007 WORM/Stration.Gen Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.18.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.18.2007 Win32.Warezov.XJ@mm CAT-QuickHeal 9.00 04.18.2007 no virus found ClamAV devel-20070416 04.18.2007 Worm.Stration.ACJ-3 DrWeb 4.33 04.18.2007 Win32.HLLM.Limar eSafe 7.0.15.0 04.18.2007 no virus found eTrust-Vet 30.7.3576 04.18.2007 no virus found Ewido 4.0 04.18.2007 no virus found FileAdvisor 1 04.18.2007 no virus found Fortinet 2.85.0.0 04.18.2007 no virus found F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.18.2007 Email-Worm.Win32.Warezov.nd Ikarus T3.1.1.5 04.18.2007 no virus found Kaspersky 4.0.2.24 04.18.2007 Email-Worm.Win32.Warezov.nd McAfee 5012 04.18.2007 no virus found Microsoft 1.2405 04.18.2007 no virus found NOD32v2 2202 04.18.2007 Win32/Stration.YQ Norman 5.80.02 04.18.2007 no virus found Panda 9.0.0.4 04.18.2007 W32/Spamta.WA.worm Prevx1 V2 04.18.2007 no virus found Sophos 4.16.0 04.17.2007 W32/Strati-Gen Sunbelt 2.2.907.0 04.14.2007 no virus found Symantec 10 04.18.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.18.2007 no virus found VirusBuster 4.3.7:9 04.18.2007 no virus found Webwasher-Gateway 6.0.1 04.18.2007 Worm.Stration.Gen Aditional Information File size: 16384 bytes MD5: 0df33cf33a806e55da92603e8ebe1109 SHA1: 899f2b59ab175d2731541764caa4b6f591850532 Complete scanning result of "AGRSMMSG.exe", received in VirusTotal at 04.18.2007, 21:24:10 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.0 04.18.2007 no virus found AntiVir 7.3.1.53 04.18.2007 no virus found Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.18.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.18.2007 no virus found CAT-QuickHeal 9.00 04.18.2007 no virus found ClamAV devel-20070416 04.18.2007 no virus found DrWeb 4.33 04.18.2007 no virus found eSafe 7.0.15.0 04.18.2007 no virus found eTrust-Vet 30.7.3576 04.18.2007 no virus found Ewido 4.0 04.18.2007 no virus found FileAdvisor 1 04.18.2007 No Thread detected Fortinet 2.85.0.0 04.18.2007 no virus found F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.18.2007 no virus found Ikarus T3.1.1.5 04.18.2007 no virus found Kaspersky 4.0.2.24 04.18.2007 no virus found McAfee 5012 04.18.2007 no virus found Microsoft 1.2405 04.18.2007 no virus found NOD32v2 2202 04.18.2007 no virus found Norman 5.80.02 04.18.2007 no virus found Panda 9.0.0.4 04.18.2007 no virus found Prevx1 V2 04.18.2007 no virus found Sophos 4.16.0 04.17.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.18.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.18.2007 no virus found VirusBuster 4.3.7:9 04.18.2007 no virus found Webwasher-Gateway 6.0.1 04.18.2007 no virus found Aditional Information File size: 88363 bytes MD5: f7b737e2af9e5c14459c659ecd6c4ed5 SHA1: 3ad5cb1881aa2ae392558cc9dc3c283d02527eaa Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=f7b737e2af9e5c14459c659ecd6c4ed5 also cleanup hat wunderbar funktioniert. Bei Combofix allerdings gibts Probleme.Der l#ässt sich erst gar nicht runterladen,bricht immer mittendrin ab. Datfindbat: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: D051-B4FF Verzeichnis von C:\WINDOWS\system32 18.04.2007 22:31 79.092 shfoxpob.exe 18.04.2007 22:22 2.206 wpa.dbl 18.04.2007 22:22 20.096 MGHwTemp.sys 18.04.2007 08:48 4 shfoxpob.dat 17.04.2007 23:07 3.002 CONFIG.NT 17.04.2007 19:58 24.576 trafracp.dll 17.04.2007 15:51 12.800 Thumbs.db 17.04.2007 01:51 79.092 shfoxpob.exe.ren 17.04.2007 00:53 20.480 msstersv.dll 16.04.2007 22:07 16.384 secumsje.exe 16.04.2007 22:07 98.304 shfoxpob.dll 14.04.2007 09:42 90.112 AvastSS.scr 10.04.2007 13:18 712.832 aswBoot.exe 04.04.2007 10:48 169.096 FNTCACHE.DAT 03.04.2007 22:48 13.511.640 MRT.exe 28.03.2007 07:12 51.538 perfc009.dat 28.03.2007 07:12 386.302 perfh007.dat 28.03.2007 07:12 375.740 perfh009.dat 28.03.2007 07:12 62.364 perfc007.dat 28.03.2007 07:12 884.200 PerfStringBackup.INI 17.03.2007 15:44 293.376 winsrv.dll 09.03.2007 13:51 270.336 xpsp3res.dll 08.03.2007 17:36 281.600 gdi32.dll 08.03.2007 17:36 579.072 user32.dll 08.03.2007 17:36 40.960 mf3216.dll 08.03.2007 17:32 1.843.712 win32k.sys 28.02.2007 18:02 2.182.656 ntoskrnl.exe 28.02.2007 18:02 2.059.904 ntkrnlpa.exe 21.02.2007 14:16 23.392 nscompat.tlb 21.02.2007 14:16 16.832 amcompat.tlb 21.02.2007 14:10 902 InstallUtil.InstallLog 17.02.2007 01:52 122.142 TZLog.log 16.02.2007 10:54 65.536 QuickTimeVR.qtx 16.02.2007 10:54 49.152 QuickTime.qts 15.02.2007 19:01 337.280 WgaTray.exe 15.02.2007 19:01 1.476.992 LegitCheckControl.dll 15.02.2007 19:00 236.928 WgaLogon.dll 05.02.2007 22:18 185.856 upnphost.dll 29.01.2007 10:58 60.416 tzchange.exe 23.01.2007 21:30 546.304 hhctrl.ocx 12.01.2007 10:27 6.054.400 ieframe.dll 12.01.2007 10:27 670.720 mstime.dll 12.01.2007 10:27 51.712 msfeedsbs.dll 12.01.2007 10:27 27.136 jsproxy.dll 12.01.2007 10:27 822.784 wininet.dll 12.01.2007 10:27 3.580.416 mshtml.dll 12.01.2007 10:27 132.608 extmgr.dll 12.01.2007 10:27 232.960 webcheck.dll 12.01.2007 10:27 458.752 msfeeds.dll 12.01.2007 10:27 1.149.952 urlmon.dll 12.01.2007 10:27 477.696 mshtmled.dll Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: D051-B4FF Verzeichnis von C:\DOKUME~1\Antje\LOKALE~1\Temp 18.04.2007 22:22 245.760 ~DFB7E2.tmp 18.04.2007 20:16 16.384 ~DFCCDA.tmp 18.04.2007 20:16 16.384 ~DFC624.tmp 18.04.2007 19:51 245.760 ~DF9F69.tmp Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: D051-B4FF Verzeichnis von C:\WINDOWS 18.04.2007 22:22 0 0.log 18.04.2007 22:22 4.254 ModemLog_Agere Systems AC'97 Modem v2141D.txt 18.04.2007 22:22 159 wiadebug.log 18.04.2007 22:22 1.309.446 WindowsUpdate.log 18.04.2007 22:21 50 wiaservc.log 18.04.2007 22:21 2.048 bootstat.dat 18.04.2007 22:20 32.622 SchedLgU.Txt 18.04.2007 08:48 35.840 skkkkkkk.exe 16.04.2007 02:39 93.090 wmsetup.log 15.04.2007 12:41 201.188 setupapi.log 12.04.2007 17:14 54.156 QTFont.qfn 11.04.2007 15:04 131.915 iis6.log 11.04.2007 15:04 282.151 comsetup.log 11.04.2007 15:04 170.349 ntdtcsetup.log 11.04.2007 15:04 45.546 ocmsn.log 11.04.2007 15:04 323.517 tsoc.log 11.04.2007 15:04 1.374 imsins.log 11.04.2007 15:03 14.907 KB931784.log 11.04.2007 15:03 405.140 ocgen.log 11.04.2007 15:03 41.609 msgsocm.log 11.04.2007 15:03 837.417 FaxSetup.log 11.04.2007 15:03 13.172 KB931261.log 11.04.2007 15:03 87.325 updspapi.log 11.04.2007 15:03 12.657 KB930178.log 11.04.2007 15:03 14.292 KB932168.log 07.04.2007 14:19 116 NeroDigital.ini 04.04.2007 10:41 12.374 KB925902.log 30.03.2007 19:13 218.435 setupact.log 17.03.2007 04:05 8.288 KB929399.log 17.03.2007 04:02 12.189 KB929338.log 28.02.2007 12:42 46.022 spupdsvc.log 28.02.2007 12:39 18.055 WgaNotify.log 27.02.2007 21:05 169 RtlRack.ini 21.02.2007 14:50 3.318 wmsetup10.log 21.02.2007 14:17 7.423 KB926239.log 21.02.2007 14:16 5.338 MSCompPackV1.log 21.02.2007 14:16 19.985 wmp11.log 21.02.2007 14:15 599 win.ini 21.02.2007 14:13 28.928 WMFDist11.log 21.02.2007 14:13 316.640 WMSysPr9.prx 21.02.2007 14:11 12.816 Wudf01000Inst.log 17.02.2007 01:52 17.912 KB927779.log 17.02.2007 01:52 14.988 KB927802.log 17.02.2007 01:52 14.671 KB928255.log 17.02.2007 01:52 6.631 KB923723.log 17.02.2007 01:52 11.112 KB924667.log 17.02.2007 01:52 23.579 KB931836.log 17.02.2007 01:51 13.054 KB926436.log 17.02.2007 01:51 9.440 KB928090-IE7.log 17.02.2007 01:51 10.732 KB918118.log 17.02.2007 01:50 10.655 KB928843.log 15.01.2007 22:11 1.409 QTFont.for 11.01.2007 13:05 3.612 KB929969.log Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: D051-B4FF Verzeichnis von C:\WINDOWS\Temp 18.04.2007 22:22 409 WGANotify.settings 18.04.2007 22:22 0 T30DebugLogFile.txt 18.04.2007 22:21 255 WGAErrLog.txt 18.04.2007 19:50 16.384 Perflib_Perfdata_4a0.dat 18.04.2007 18:07 16.384 Perflib_Perfdata_4bc.dat 18.04.2007 00:04 16.384 Perflib_Perfdata_4b0.dat 17.04.2007 23:09 16.384 Perflib_Perfdata_4dc.dat 23.03.2007 10:30 29.035 Alcxau.inf 21.03.2007 11:08 496.923 alcxwdm.cat 21.03.2007 11:08 321.237 Alcxwdm0.cat 08.03.2007 15:02 32.539 Alcxau15.inf 08.03.2007 15:02 33.230 Alcxau16.inf 08.03.2007 15:02 26.696 Alcxau17.inf 08.03.2007 15:02 24.530 Alcxau18.inf 08.03.2007 15:02 28.870 Alcxau19.inf 08.03.2007 15:02 64.121 Alcxau2.inf 08.03.2007 15:02 31.732 Alcxau20.inf 08.03.2007 15:02 29.118 Alcxau21.inf 08.03.2007 15:02 45.692 Alcxau22.inf 08.03.2007 15:02 34.027 Alcxau23.inf 08.03.2007 15:02 64.331 Alcxau0.inf 08.03.2007 15:02 32.537 Alcxau14.inf 08.03.2007 15:02 44.819 Alcxau26.inf 08.03.2007 15:02 35.839 Alcxau27.inf 08.03.2007 15:02 24.596 Alcxau28.inf 08.03.2007 15:02 34.213 Alcxau29.inf 08.03.2007 15:02 31.172 Alcxau3.inf 08.03.2007 15:02 45.816 Alcxau30.inf 08.03.2007 15:02 52.705 Alcxau4.inf 08.03.2007 15:02 30.730 Alcxau5.inf 08.03.2007 15:02 34.217 Alcxau6.inf 08.03.2007 15:02 25.253 Alcxau7.inf 08.03.2007 15:02 33.829 Alcxau8.inf 08.03.2007 15:02 33.717 Alcxau9.inf 08.03.2007 15:02 56.051 Alcxau13.inf 08.03.2007 15:02 61.571 Alcxau12.inf 08.03.2007 15:02 42.509 Alcxau10.inf 08.03.2007 15:02 29.797 Alcxau11.inf 08.03.2007 15:02 34.475 Alcxau25.inf 08.03.2007 15:02 63.623 Alcxau1.inf 08.03.2007 15:02 35.549 Alcxau24.inf 08.03.2007 14:34 4.027.840 alcxwdm.sys Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: D051-B4FF Verzeichnis von C:\WINDOWS\Downloaded Program Files 27.12.2006 19:46 2.557.752 ImageUploader4.ocx 27.12.2006 19:45 377 ImageUploader4.inf Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: D051-B4FF Verzeichnis von C:\ 18.04.2007 22:46 0 sys.txt 18.04.2007 22:46 1.067 down.txt 18.04.2007 22:45 2.805 tmp.txt 18.04.2007 22:44 12.007 system.txt 18.04.2007 22:43 514 systemtemp.txt 18.04.2007 22:39 104.585 system32.txt 18.04.2007 22:21 502.714.368 hiberfil.sys 18.04.2007 22:21 754.974.720 pagefile.sys Dieser Beitrag wurde am 18.04.2007 um 22:48 Uhr von spast editiert.
|
|
|
||
19.04.2007, 07:50
Member
Beiträge: 694 |
#4
Hi,
ganz schön lebendig die Biester... virustotal: Files bitte prüfen da unbekannt, falls diese als Virus/Trojaner erkannt werden, bitte File mit Pfad beim Avengerscrip (Files to delete) ergänzen und die entsprechenden Einträge bei Hijackthis ergänzen! Zitat C:\WINDOWS\System32\msstersv.dllhttp://www.virustotal.com/flash/index_en.html Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen Falls eine Datei erkannt wird bei Avenger mit Pfad (Files to delete) dazunehmen... Also: Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat
scanne mit ewido und poste den scanreport & neues Hijackthis-Log. http://virus-protect.org/onlinescan.html Chris |
|
|
||
19.04.2007, 20:54
...neu hier
Themenstarter Beiträge: 3 |
#5
hier hier der virustotal:
Complete scanning result of "msstersv.dll", received in VirusTotal at 04.19.2007, 20:26:03 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.1 04.19.2007 Win32/Stration.worm.Gen AntiVir 7.3.1.53 04.19.2007 WORM/Stration.Gen Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.19.2007 no virus found AVG 7.5.0.447 04.18.2007 no virus found BitDefender 7.2 04.19.2007 Win32.Warezov.XJ@mm CAT-QuickHeal 9.00 04.19.2007 no virus found ClamAV devel-20070416 04.19.2007 Worm.Stration.ACJ-2 DrWeb 4.33 04.19.2007 Win32.HLLM.Limar eSafe 7.0.15.0 04.19.2007 no virus found eTrust-Vet 30.7.3579 04.19.2007 Win32/Stration!generic Ewido 4.0 04.19.2007 no virus found FileAdvisor 1 04.19.2007 no virus found Fortinet 2.85.0.0 04.19.2007 no virus found F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.19.2007 Email-Worm.Win32.Warezov.nd Ikarus T3.1.1.5 04.19.2007 no virus found Kaspersky 4.0.2.24 04.19.2007 Email-Worm.Win32.Warezov.nd McAfee 5012 04.18.2007 no virus found Microsoft 1.2405 04.19.2007 Trojan:Win32/Stration.F!dll NOD32v2 2205 04.19.2007 Win32/Stration.YQ Norman 5.80.02 04.19.2007 no virus found Panda 9.0.0.4 04.19.2007 W32/Spamta.WA.worm Prevx1 V2 04.19.2007 no virus found Sophos 4.16.0 04.17.2007 W32/Strati-Gen Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.19.2007 no virus found TheHacker 6.1.6.088 04.09.2007 no virus found VBA32 3.11.3 04.19.2007 suspected of MalwareScope.Worm.Warezov.6 (paranoid heuristics) VirusBuster 4.3.7:9 04.19.2007 no virus found Webwasher-Gateway 6.0.1 04.19.2007 Worm.Stration.Gen Aditional Information File size: 20480 bytes MD5: d1bb96ea2bd400ca125fef84b5689bc8 SHA1: 50aa412b675aa1b5cb1f730a822565d27805e81e Complete scanning result of "igfxsrvc.dll", received in VirusTotal at 04.19.2007, 21:00:40 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.19.1 04.19.2007 no virus found AntiVir 7.3.1.53 04.19.2007 no virus found Authentium 4.93.8 04.18.2007 no virus found Avast 4.7.981.0 04.19.2007 no virus found AVG 7.5.0.464 04.19.2007 no virus found BitDefender 7.2 04.19.2007 no virus found CAT-QuickHeal 9.00 04.19.2007 no virus found ClamAV devel-20070416 04.19.2007 no virus found DrWeb 4.33 04.19.2007 no virus found eSafe 7.0.15.0 04.19.2007 no virus found eTrust-Vet 30.7.3579 04.19.2007 no virus found Ewido 4.0 04.19.2007 no virus found FileAdvisor 1 04.19.2007 No threat detected Fortinet 2.85.0.0 04.19.2007 no virus found F-Prot 4.3.2.48 04.18.2007 no virus found F-Secure 6.70.13030.0 04.19.2007 no virus found Ikarus T3.1.1.5 04.19.2007 no virus found Kaspersky 4.0.2.24 04.19.2007 no virus found McAfee 5013 04.19.2007 no virus found Microsoft 1.2405 04.19.2007 no virus found NOD32v2 2205 04.19.2007 no virus found Norman 5.80.02 04.19.2007 no virus found Panda 9.0.0.4 04.19.2007 no virus found Prevx1 V2 04.19.2007 no virus found Sophos 4.16.0 04.17.2007 no virus found Sunbelt 2.2.907.0 04.07.2007 no virus found Symantec 10 04.19.2007 no virus found TheHacker 6.1.6.095 04.15.2007 no virus found VBA32 3.11.3 04.19.2007 no virus found VirusBuster 4.3.7:9 04.19.2007 no virus found Webwasher-Gateway 6.0.1 04.19.2007 no virus found Aditional Information File size: 348160 bytes MD5: a6d2654ef1d678939385ece70435cfa0 SHA1: 645a4215f6b7b1dca8614ff3298cc80328349ce8 Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=a6d2654ef1d678939385ece70435cfa0 Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mtcoyjva ******************* Script file located at: \??\C:\nhebscvo.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\shfoxpob.dll deleted successfully. File C:\WINDOWS\system32\shfoxpob.exe deleted successfully. File C:\WINDOWS\system32\shfoxpob.dll not found! Deletion of file C:\WINDOWS\system32\shfoxpob.dll failed! Could not process line: C:\WINDOWS\system32\shfoxpob.dll Status: 0xc0000034 File C:\WINDOWS\system32\secumsje.exe deleted successfully. File C:\WINDOWS\system32\shfoxpob.exe.ren deleted successfully. File C:\WINDOWS\system32\shfoxpob.dat deleted successfully. File C:\WINDOWS\skkkkkkk.exe deleted successfully. File C:\WINDOWS\System32\msstersv.dll deleted successfully. Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|himem.exe deleted successfully. Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SoundMnEx32 deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\shfoxpob deleted successfully. Completed script processing. ******************* Finished! Terminate. __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Mediaplex Path: C:\Dokumente und Einstellungen\Antje\Cookies\antje@mediaplex[1].txt Risk: Medium Name: Worm.Warezov.nd Path: C:\avenger\backup.zip/avenger/secumsje.exe Risk: High Name: Worm.Warezov.nd Path: C:\avenger\backup.zip/avenger/shfoxpob.dll Risk: High Name: Worm.Warezov.nd Path: C:\avenger\backup.zip/avenger/shfoxpob.exe Risk: High Name: Worm.Warezov.nd Path: C:\avenger\backup.zip/avenger/shfoxpob.exe.ren Risk: High Name: Adware.DriveCleaner Path: C:\Programme\ICQToolbar\tbu7\tbupdate.cab/version.txt Risk: Medium Name: Adware.DriveCleaner Path: C:\Programme\ICQToolbar\tbu7\version.txt Risk: Medium Name: Adware.Websearch Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP548\A0045050.DLL Risk: Medium Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0045273.exe Risk: High Name: Worm.Warezov.ne Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0046271.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0046274.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0046284.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0047285.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048285.exe Risk: High Name: Worm.Warezov.ne Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048292.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048301.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048308.dll Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048324.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048330.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048343.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048353.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048369.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0048385.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0049383.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP559\A0049676.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP560\A0049696.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP560\A0049706.dll Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP560\A0049735.exe Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP560\A0049736.dll Risk: High Name: Worm.Warezov.nd Path: C:\System Volume Information\_restore{B69B3DC0-454F-44D8-9713-E0E336CBDF01}\RP560\A0049737.exe Risk: High Name: Worm.Warezov.nd Path: C:\WINDOWS\system32\trafracp.dll Risk: High Gab danach noch eine Option säubern,hab ich jetzt aber nicht gemacht weil ich mir nicht sicher war. Bei dem ersten highjack bei dem ich bestimmte Dateien fixen sollte hab ich leider nur zwei gefunden. O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skksd32.exe -s O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skksd32.exe O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\system32\shfoxpob.dll waren nicht in der Liste vertreten. Logfile of HijackThis v1.99.1 Scan saved at 22:30:35, on 19.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\HHVcdV5Sys\VC5SecS.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\MSI\System Control Manager\MGSysCtrl.exe C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe C:\Programme\HHVcdV5Sys\VC5Play.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\CleanUp XP\CleanUp.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Virtual CD v5\System\VC5Tray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Antje\Eigene Dateien\WURMTÖTER\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\MSI\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [amcdiag] C:\WINDOWS\system32\amcconf.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CleanUp XP] C:\Programme\CleanUp XP\CleanUp.exe -h O4 - HKLM\..\Run: [wincrt.exe] C:\WINDOWS\wincrt.exe s O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed029YYNL_ZNxdm414YYDE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3021d2cb3a93159be406/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107082269546 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://studivz.net/photouploader/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Dieser Beitrag wurde am 19.04.2007 um 22:34 Uhr von spast editiert.
|
|
|
||
Ich habe mal das Hijackthis-Programm laufen lassen. Leider habe ich nicht so viel Ahnung davon und hoffe, dass man mir hier helfen kann.
P.S.: Tschuldigung wegen des blöden Namens...
Hier das logfile:
Logfile of HijackThis v1.99.1
Scan saved at 20:28:04, on 17.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\MSI\System Control Manager\MGSysCtrl.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\HHVcdV5Sys\VC5Play.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Virtual CD v5\System\VC5Tray.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\shfoxpob.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Dokumente und Einstellungen\Antje\Eigene Dateien\WURMTÖTER\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu7\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\MSI\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [himem.exe] C:\WINDOWS\skksd32.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\skksd32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [amcdiag] C:\WINDOWS\system32\amcconf.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed029YYNL_ZNxdm414YYDE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3021d2cb3a93159be406/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107082269546
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\system32\shfoxpob.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe