Drive cleaner problem |
||
|---|---|---|
| #0
| ||
|
29.04.2007, 03:37
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
29.04.2007, 08:29
Moderator
Beiträge: 7805 |
#2
Starte im abgesicherten Modus http://www.bsi.bund.de/av/texte/wiederher.htm hake folgende Dinge in Hijackthis an und druecke fix checked.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - E:\WINNT\dxdiag.dll O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - E:\WINNT\system32\msnhlp32.dll O4 - HKLM\..\Run: [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] E:\WINNT\NT\nrcs.exe O4 - HKCU\..\Run: [explore] "C:\WINDOWS\EXPLORE.exe" O21 - SSODL: iebrowser - {BABB7718-6F50-4F7B-A82E-D42F4366EB6C} - E:\WINNT\iebrowser.dll O21 - SSODL: iecontext - {A8EEB1D5-69A5-46ED-BEA0-E91E7FA5B5B1} - E:\WINNT\iecontext.dll O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - E:\WINNT\NT\nrcs.exe (file missing) O23 - Service: Pml Driver HPZ12 - Unknown owner - E:\WINNT\System32\HPZipm12.exe (file missing) O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - E:\WINNT\system32\wgareg.exe (file missing) Starte neu und schaue, ob die Eintraege noch verschwunden sind. Poste dann ein neues Hijackthis log __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.04.2007, 12:50
...neu hier
Themenstarter Beiträge: 4 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 12:39:58, on 29.04.2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINNT\System32\smss.exe E:\WINNT\SYSTEM32\winlogon.exe E:\WINNT\system32\services.exe E:\WINNT\system32\lsass.exe E:\WINNT\System32\Ati2evxx.exe E:\WINNT\system32\svchost.exe E:\WINNT\system32\spoolsv.exe E:\Programme\AntiVirenKit 2004\AVKService.exe E:\Programme\AntiVirenKit 2004\AVKWCtl.exe E:\WINNT\System32\svchost.exe E:\WINNT\system32\MSTask.exe E:\Programme\Analog Devices\SoundMAX\SMAgent.exe E:\WINNT\System32\WBEM\WinMgmt.exe E:\WINNT\system32\svchost.exe E:\WINNT\SYSTEM32\Ati2evxx.exe E:\WINNT\Explorer.EXE E:\Programme\QuickTime\qttask.exe E:\WINNT\system32\internat.exe E:\Programme\Microsoft ActiveSync\WCESCOMM.EXE E:\Programme\Yahoo!\Messenger\ymsgr_tray.exe E:\WINNT\system32\wuauclt.exe E:\WINNT\system32\ntvdm.exe D:\MARTIN\MEINEP~1\HIJACK~1\HJT.COM R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/us/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\martin\meine Programme\sup.zip\sup\SimplyUseProxy.cfg O2 - BHO: (no name) - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - (no file) O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\Programme\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SemanticInsight] E:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BDMCon] "E:\Programme\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "E:\Programme\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll O12 - Plugin for .spop: E:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe O23 - Service: AVK Service (AVKService) - Unknown owner - E:\Programme\AntiVirenKit 2004\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - E:\Programme\AntiVirenKit 2004\AVKWCtl.exe O23 - Service: Boonty Games - BOONTY - E:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - E:\WINNT\NT\nrcs.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - E:\WINNT\system32\wgareg.exe (file missing) bisherige "sichtbare" veränderung: 1)verknüpfungen zu 3 verschiedenen malware anbietern usw, haben sich beim neustart nicht wieder selbständig auf dem desktop installiert 2)ein rotes leuchtendes dreieck auf der rechten seite der taskleiste is bieher nicht wieder aufgetaucht 3)bisher keine malware warnung und kein versuch, die drive cleaner seite aufzurufen  haben wirds schon geschafft? WOW!
|
|
|
|
|
|
|
29.04.2007, 13:17
Moderator
Beiträge: 7805 |
#4
Du musst diese Dinge noch "fixen:
O2 - BHO: (no name) - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - (no file) O2 - BHO: (no name) - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - (no file) O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - E:\WINNT\NT\nrcs.exe (file missing) O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - E:\WINNT\system32\wgareg.exe (file missing) Ein Rootkitscan mit gmer und blacklight waere noch sinnvoll: http://virus-protect.org/artikel/tools/rootkithook.html http://virus-protect.org/artikel/tools/gmer.html datfindbat koennte auch hilfreich sein... Schau bitte auch, ob sich in diesem Ordner noch etwas befindet und wenn ja, was: E:\WINNT\NT __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.04.2007, 18:41
...neu hier
Themenstarter Beiträge: 4 |
#5
gmer:
GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-04-29 18:38:51 Windows 5.0.2195 Service Pack 4 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT \??\E:\WINNT\System32\drivers\HookCentre.sys ZwOpenProcess SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? E:\WINNT\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. .text USBPORT.SYS!DllUnload BFCCE9FA 5 Bytes JMP 82045278 ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 81CB21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 81CB21D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_CREATE 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_CLOSE 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_INTERNAL_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_CLEANUP 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_SYSTEM_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B9870FF-2670-47F2-A88F-DE3803EEC12F} IRP_MJ_PNP 81D76978 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 820B81D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 820B81D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 820B81D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 820B81D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 820B81D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 820441D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 820441D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 820441D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 820441D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 820441D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 820441D8 Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 820441D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 820641D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 820311D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 820311D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 820641D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 820641D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CREATE 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_CLOSE 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_POWER 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_SYSTEM_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_PNP 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_CREATE 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_CLOSE 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_INTERNAL_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_POWER 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_SYSTEM_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a IRP_MJ_PNP 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CREATE 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_CLOSE 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_INTERNAL_DEVICE_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_POWER 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_SYSTEM_CONTROL 820631D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_PNP 820631D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_CREATE 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_CLOSE 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_INTERNAL_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_CLEANUP 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_SYSTEM_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF9CACB1-7FF0-497C-BAFE-C1024A264254} IRP_MJ_PNP 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SYSTEM_CONTROL 81D76978 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_SYSTEM_CONTROL 81D76978 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81D76978 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_CREATE 820441D8 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_CLOSE 820441D8 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 820441D8 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820441D8 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_POWER 820441D8 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 820441D8 Device \Driver\usbehci \Device\USBFDO-0 IRP_MJ_PNP 820441D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81D57978 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81D57978 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 820641D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 820641D8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_READ 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 820B61D8 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 820B61D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81C551D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81C551D8 ---- EOF - GMER 1.0.12 ---- Logfile of HijackThis v1.99.1 Scan saved at 18:47:23, on 29.04.2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINNT\System32\smss.exe E:\WINNT\SYSTEM32\winlogon.exe E:\WINNT\system32\services.exe E:\WINNT\system32\lsass.exe E:\WINNT\System32\Ati2evxx.exe E:\WINNT\system32\svchost.exe E:\WINNT\system32\spoolsv.exe E:\Programme\AntiVirenKit 2004\AVKService.exe E:\Programme\AntiVirenKit 2004\AVKWCtl.exe E:\WINNT\System32\svchost.exe E:\WINNT\system32\MSTask.exe E:\Programme\Analog Devices\SoundMAX\SMAgent.exe E:\WINNT\System32\WBEM\WinMgmt.exe E:\WINNT\system32\svchost.exe E:\WINNT\SYSTEM32\Ati2evxx.exe E:\WINNT\Explorer.EXE E:\Programme\QuickTime\qttask.exe E:\WINNT\system32\internat.exe E:\Programme\Microsoft ActiveSync\WCESCOMM.EXE E:\WINNT\system32\wuauclt.exe E:\Programme\ArcorOnline\Arcor.exe E:\Programme\internet explorer\iexplore.exe E:\Dokumente und Einstellungen\Martin Hahn\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLMZO1EF\msgr8de[1].exe E:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\nsl3.tmp\msgr8de.2007.04.11.01.exe E:\DOKUME~1\MARTIN~1\LOKALE~1\Temp\GLB4.tmp E:\WINNT\system32\ntvdm.exe D:\MARTIN\MEINEP~1\HIJACK~1\HJT.COM R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/us/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\Programme\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SemanticInsight] E:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BDMCon] "E:\Programme\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "E:\Programme\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ypagerps2] cmd.exe /C del "E:\Programme\Yahoo!\Messenger\ypagerps2.DLL" O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll O12 - Plugin for .spop: E:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{6B9870FF-2670-47F2-A88F-DE3803EEC12F}: NameServer = 195.50.140.250 195.50.140.114 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe O23 - Service: AVK Service (AVKService) - Unknown owner - E:\Programme\AntiVirenKit 2004\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - E:\Programme\AntiVirenKit 2004\AVKWCtl.exe O23 - Service: Boonty Games - BOONTY - E:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - E:\WINNT\NT\nrcs.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - E:\WINNT\system32\wgareg.exe (file missing) *************** *************** *************** 1) O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - E:\WINNT\NT\nrcs.exe (file missing) O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - E:\WINNT\system32\wgareg.exe hab ich 3 mal gelöscht - waren immer wieder da.... 2) blacklight fand nichts 3) datfindbat koennte auch hilfreich sein... Schau bitte auch, ob sich in diesem Ordner noch etwas befindet und wenn ja, was: E:\WINNT\NT ???????? ka was ich da tun soll? also wenn ich im explorer in dem ordner nachsehe, ist der leer (E:\WINNNT\NT) Dieser Beitrag wurde am 29.04.2007 um 19:08 Uhr von smuggele editiert.
|
|
|
|
|
|
|
29.04.2007, 19:08
Moderator
Beiträge: 7805 |
#6
Schaue bitte, ob du diese "O23" Eintraege unter Systemsteuerung -> Verwaltung -> Computerverwaltung -> Dienste und Anwendungen -> Dienste findest. Klicke diese Dann mit der Rechten Maustaste an, waehle eigenschaften und waehjle als starttyp deaktiviert.
Loesche den Ordner E:\WINNT\NT (genaue schreibweise beachten) __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.04.2007, 19:20
...neu hier
Themenstarter Beiträge: 4 |
#7
E:\WINNT\NT --> gelöscht
Windows Genuine Advantage Registration Service Windows Vista/NT Runtime Compatibility Service beidemale starttyp deaktiviert; nu die beiden löschen? öhm...seh grad - in hijackthis tauchen die nimmer auf... :/ Dieser Beitrag wurde am 29.04.2007 um 19:25 Uhr von smuggele editiert.
|
|
|
|
|
|
|
29.04.2007, 20:35
Ehrenmitglied
 Beiträge: 6028 |
#8
@Martin
Lade mal CounterSpy http://www.sunbelt-software.com/Home-Home-Office/CounterSpy/Download/ Deutsche Anleitung http://www.hijackthis-forum.de/showthread.php?t=14738 __________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ComboFix 07-04-25.4V - Running from: "E:\Dokumente und Einstellungen\Martin Hahn\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
E:\WINNT\764.exe
E:\setup.exe
((((((((((((((((((((((((((((((( Files Created from 2000-01-07 to 20.04.2007 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2014.07.05 13:24 74384 --a------ E:\WINNT\system32\drivers\SCSIPORT.SYS
2014.04.05 07:59 136880 --------- E:\WINNT\system32\drivers\fltmgr.sys
2012.12.02 00:14 7424 --a------ E:\WINNT\system32\drivers\mskssrv.sys
2012.12.02 00:14 5504 --a------ E:\WINNT\system32\drivers\mstee.sys
2012.12.02 00:14 5248 --a------ E:\WINNT\system32\drivers\mspclock.sys
2012.12.02 00:14 4096 --a------ E:\WINNT\system32\drivers\swenum.sys
2012.12.02 00:14 130304 --a------ E:\WINNT\system32\drivers\ks.sys
2012.10.99 15:57 68912 --a------ E:\WINNT\system32\drivers\USBAUDIO.sys
2012.02.01 21:02 6688 --a------ E:\WINNT\system32\drivers\TDSLProt.sys
2012.02.01 21:02 47616 --a------ E:\WINNT\system32\drivers\TDSLAdap.sys
2011.08.04 23:42 67344 --a------ E:\WINNT\system32\drivers\ipnat.sys
2010.09.02 02:45 43386 -ra------ E:\WINNT\system32\drivers\bcm4sbe5.sys
2010.05.05 10:20 513424 --a------ E:\WINNT\system32\drivers\ntfs.sys
2009.07.04 04:27 48512 --a------ E:\WINNT\system32\drivers\stream.sys
2009.07.04 02:58 83968 --a------ E:\WINNT\system32\drivers\nabtsfec.sys
2009.07.04 02:58 56832 --a------ E:\WINNT\system32\drivers\msdv.sys
2009.07.04 02:58 18688 --a------ E:\WINNT\system32\drivers\wstcodec.sys
2009.07.04 02:58 16384 --a------ E:\WINNT\system32\drivers\ccdecode.sys
2009.07.04 02:58 15104 --a------ E:\WINNT\system32\drivers\mpe.sys
2009.07.04 02:58 14976 --a------ E:\WINNT\system32\drivers\streamip.sys
2009.07.04 02:58 11392 --a------ E:\WINNT\system32\drivers\bdasup.sys
2009.07.04 02:58 10880 --a------ E:\WINNT\system32\drivers\slip.sys
2009.07.04 02:58 10112 --a------ E:\WINNT\system32\drivers\ndisip.sys
2008.11.02 10:50 70238 --a------ E:\WINNT\system32\drivers\LMouFlt2.Sys
2008.11.02 10:50 59630 --------- E:\WINNT\system32\drivers\LSERMOU2.SYS
2008.11.02 10:50 52238 --a------ E:\WINNT\system32\drivers\L8042pr2.Sys
2008.11.02 10:50 41420 --------- E:\WINNT\system32\drivers\Lhidusb.sys
2008.11.02 10:50 23838 --------- E:\WINNT\system32\drivers\LHIDFLT2.SYS
2008.11.02 10:50 14156 --------- E:\WINNT\system32\drivers\LCCFLTR.SYS
2008.04.05 12:51 63248 --a------ E:\WINNT\system32\drivers\cdfs.sys
2008.04.05 12:51 175632 --a------ E:\WINNT\system32\drivers\netbt.sys
2006.12.04 14:07 104064 --a------ E:\WINNT\system32\drivers\wceusbsh.sys
2006.09.04 07:06 161072 --a------ E:\WINNT\system32\drivers\nwrdr.sys
2006.09.02 14:40 549368 --a------ E:\WINNT\system32\drivers\smwdm.sys
2006.09.02 02:00 3744 --a------ E:\WINNT\system32\drivers\smsens.sys
2004.08.03 12:48 20333 --a------ E:\WINNT\system32\drivers\wspppoe.sys
2004.01.00 22:20 86016 --a------ E:\WINNT\unvise32qt.exe
2003.06.05 07:36 117584 --a------ E:\WINNT\system32\drivers\ftdisk.sys
2002.12.04 14:07 89328 --a------ E:\WINNT\system32\drivers\mup.sys
2002.12.04 14:07 63280 --a------ E:\WINNT\system32\drivers\udfs.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} E:\WINNT\dxdiag.dll
{EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} E:\WINNT\system32\msnhlp32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"Microsoft (R) Windows Vista/NT Runtime Compatibility Service"="E:\\WINNT\\NT\\nrcs.exe"
"Arcor Online"=""
"SemanticInsight"="E:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"Tweak UI 1.33 deutsch"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"QuickTime Task"="\"E:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"APVXDWIN"="\"E:\\Programme\\Panda Software\\Panda Antivirus 2007\\APVXDWIN.EXE\" /s"
"BDMCon"="\"E:\\Programme\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"E:\\Programme\\Softwin\\BitDefender8\\bdnagent.exe\""
"AltnetPointsManager"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"Yahoo! Pager"="\"E:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"H/PC Connection Agent"="\"E:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"MsnMsgr"="\"E:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="E:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"explore"="\"C:\\WINDOWS\\EXPLORE.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"iebrowser"="{BABB7718-6F50-4F7B-A82E-D42F4366EB6C}"
"iecontext"="{A8EEB1D5-69A5-46ED-BEA0-E91E7FA5B5B1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AltnetPointsManager"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-28 20:52:34
Windows 5.0.2195 Service Pack 4 FAT
scanning hidden processes ...
cmd.exe [1488]
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0
********************************************************************
Completion time: Sa 28.04.2007 20:55:46
E:\ComboFix-quarantined-files.txt ... 28.04.07 20:55
*****************************************************
Logfile of HijackThis v1.99.1
Scan saved at 04:35:12, on 29.04.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\System32\Ati2evxx.exe
E:\WINNT\system32\svchost.exe
E:\Programme\Panda Software\Panda Antivirus 2007\pavsrv50.exe
E:\Programme\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
E:\WINNT\system32\spoolsv.exe
E:\Programme\AntiVirenKit 2004\AVKService.exe
E:\Programme\AntiVirenKit 2004\AVKWCtl.exe
E:\WINNT\System32\svchost.exe
E:\Programme\Panda Software\Panda Antivirus 2007\PsCtrls.exe
E:\Programme\Panda Software\Panda Antivirus 2007\PsImSvc.exe
E:\WINNT\system32\MSTask.exe
E:\Programme\Analog Devices\SoundMAX\SMAgent.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\Explorer.EXE
E:\Programme\QuickTime\qttask.exe
E:\WINNT\system32\internat.exe
E:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programme\ArcorOnline\Arcor.exe
E:\WINNT\system32\NOTEPAD.EXE
E:\Programme\internet explorer\iexplore.exe
E:\Programme\Yahoo!\Messenger\YahooMessenger.exe
E:\Programme\Internet Explorer\iexplore.exe
E:\WINNT\system32\ntvdm.exe
D:\MARTIN\MEINEP~1\HIJACK~1\HJT.COM
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/us/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://D:\martin\meine Programme\sup.zip\sup\SimplyUseProxy.cfg
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - E:\WINNT\dxdiag.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - E:\WINNT\system32\msnhlp32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\Programme\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] E:\WINNT\NT\nrcs.exe
O4 - HKLM\..\Run: [SemanticInsight] E:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Tweak UI 1.33 deutsch] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "E:\Programme\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [BDMCon] "E:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "E:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [explore] "C:\WINDOWS\EXPLORE.exe"
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll
O12 - Plugin for .spop: E:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B9870FF-2670-47F2-A88F-DE3803EEC12F}: NameServer = 195.50.140.250 195.50.140.114
O20 - Winlogon Notify: avldr - E:\WINNT\SYSTEM32\avldr.dll
O21 - SSODL: iebrowser - {BABB7718-6F50-4F7B-A82E-D42F4366EB6C} - E:\WINNT\iebrowser.dll
O21 - SSODL: iecontext - {A8EEB1D5-69A5-46ED-BEA0-E91E7FA5B5B1} - E:\WINNT\iecontext.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINNT\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - E:\Programme\AntiVirenKit 2004\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - E:\Programme\AntiVirenKit 2004\AVKWCtl.exe
O23 - Service: Boonty Games - BOONTY - E:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - E:\WINNT\NT\nrcs.exe (file missing)
O23 - Service: Panda Software Controller - Panda Software International - E:\Programme\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - E:\Programme\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - E:\WINNT\System32\HPZipm12.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - E:\Programme\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - E:\WINNT\system32\wgareg.exe (file missing)
***************************
***************************
hoffe habe alles richtig gemacht???
greetings