Spy.Win32.VBStat.h - wie entfernen? |
||
---|---|---|
#0
| ||
30.04.2007, 12:11
...neu hier
Beiträge: 6 |
||
|
||
30.04.2007, 12:43
Moderator
Beiträge: 7805 |
||
|
||
30.04.2007, 14:25
...neu hier
Themenstarter Beiträge: 6 |
#3
Hi Ralf,
offenbar wurden die Logs abgeschnitten, die ich hier nochmals ergänze (hoffe, dass diesmal bis zum letzten Log (DatFind - C alles mitgeht. ComboScan - supplementary log: ComboScan v20070306.20 run by Weidlinger on 2007-04-30 at 10:17:37 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz Percentage of Memory in Use: 56% Physical Memory (total/avail): 1022.42 MiB / 442.38 MiB Pagefile Memory (total/avail): 2460.77 MiB / 1957.98 MiB Virtual Memory (total/avail): 2047.88 MiB / 1990.73 MiB C: is Fixed (NTFS) - 85.32 GiB total, 58.88 GiB free. D: is Fixed (NTFS) - 107.42 GiB total, 77.42 GiB free. E: is Fixed (NTFS) - 87.89 GiB total, 69.29 GiB free. F: is Fixed (NTFS) - 45.38 GiB total, 28.07 GiB free. G: is Fixed (FAT32) - 9.32 GiB total, 4.38 GiB free. H: is CDROM (No Media) I: is CDROM (No Media) J: is Removable (No Media) K: is Removable (No Media) L: is Removable (No Media) M: is Fixed (NTFS) - 39.06 GiB total, 16.83 GiB free. N: is Fixed (NTFS) - 48.83 GiB total, 1.13 GiB free. O: is Fixed (NTFS) - 145 GiB total, 6.28 GiB free. -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Kaspersky Anti-Hacker v1.8.0.180 (Kaspersky Lab) AV: Kaspersky Anti-Virus Personal Pro v5.0.376 (Kaspersky Labs) [COLOR=RED]Outdated[/COLOR] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten CLASSPATH=C:\Programme\QuickTime\QTSystem\QTJava.zip CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=WEI03 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Weidlinger LOGONSERVER=\\WEI03 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programme\QuickTime\QTSystem\;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0404 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp TMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp USERDOMAIN=WEI03 USERNAME=Weidlinger USERPROFILE=C:\Dokumente und Einstellungen\Weidlinger windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Weidlinger (admin) Ferdinand Renate Administrator (admin) Gast (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> MsiExec.exe /X{C0B88772-EACC-4F69-9F77-59A4894CF170} --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACD VideoMagic --> MsiExec.exe /X{D68FEDDE-6FCE-4A30-90FF-EA523DB4C8D3} ACDSee 6.0 PowerPack --> MsiExec.exe /I{8E9FFE4C-FC95-4079-86CE-EDFC642DFDC9} Adobe Acrobat 4.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7} Adobe Reader 7.0.9 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002} Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Avery Zweckform DesignPro 2000 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst C-Media Card Reader Driver USB2.0 --> C:\WINDOWS\system32\CmUCRRm.exe C-Media USB2.0 Card Reader --> C:\WINDOWS\CmiUCRUninstall.exe C:\Programme\C-Media USB2.0 Card Reader Canon LBP5000 --> C:\Programme\Canon\PrnUninstall\Canon LBP5000\CNAC4UN.EXE Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Programme\Codec Pack - All In 1\irunin.ini" Creatix V.92 Data Fax Modem --> agrsmdel DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVBPortal HDTVPump Filter and Plugin --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\hdtvpump.inf,DefaultUninstall Geogrid® - Viewer V1.1 --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Geogrid-Viewer\Uninst.isu HEROLD Telefon CD Home --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{04D87603-0F33-4EA8-A1FE-19BFAB3872C0} HijackThis 1.99.1 --> D:\Virus\HiJack\HijackThis.exe /uninstall Hollywood FX 5.5 Additional Effects --> C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX for Studio\5.5\unextralog Hollywood FX Pack 26 - Extra FX --> C:\WINDOWS\unvise32.exe C:\WINDOWS\unextrafx.log Hotfix für Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe" Hotfix für Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe" Hotfix für Windows XP (KB898900) --> "C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe" Hotfix für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Hotfix für Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe" Hotfix für Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe" Hotfix für Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe" Hotfix für Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe" Hotfix für Windows XP (KB913296) --> "C:\WINDOWS\$NtUninstallKB913296$\spuninst\spuninst.exe" Hotfix für Windows XP (KB913538) --> "C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe" Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix für Windows XP (KB914841) --> "C:\WINDOWS\$NtUninstallKB914841$\spuninst\spuninst.exe" Hotfix für Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" HP Fotodruck-Programm --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Programme\Hewlett-Packard\Photo Printing\hpiunPC.dll hp officejet d series - 2 --> C:\WINDOWS\system32\hpocon09.exe /u 1142753889 /d "hp officejet d series" HP Share-to-Web --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l7 J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kaspersky Anti-Hacker --> "C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\uninstall.exe" Kaspersky Anti-Virus Personal Pro --> "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\uninstall.exe" KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD} LightScribe Diagnostic Utility --> MsiExec.exe /X{90C1F682-9F40-42EC-BBE0-D2A1A4987E1B} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x7 UNINSTALL -removeonly Logitech SetPoint --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log MediaShow 3.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall Medion Info Display --> C:\WINDOWS\UnInst32.exe VFDUtil.uni Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B} Microsoft Baseline Security Analyzer 2.0 --> MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Encarta 2006 Enzyklopädie Standard --> MsiExec.exe /I{06100048-3E21-46D6-9A91-D927BA08F41D} Microsoft Foto 2006 Standard Edition --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11 Microsoft Money 99 --> C:\Programme\Microsoft Money\setup\setup.exe Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40407-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint 2003 Template Pack 2 --> MsiExec.exe /I{90AC0407-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint 2003 Template Pack 3 --> MsiExec.exe /I{90AD0407-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9} Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE} Microsoft Outlook-Sicherung für Persönliche Ordner --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5} Microsoft Producer für Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691031} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI ODBC --> C:\WINDOWS\IsUninst.exe -fC:\Programme\ODBC-DAO-RDO\ODBC\Uninst.isu -cC:\Programme\ODBC-DAO-RDO\ODBC\_UNODBC.DLL PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX 5\uninstal.log Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log Pixie registration fix --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}\setup.exe" -l0x9 PowerCinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall PowerDirector --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall proDAD Heroglyph 1.0 --> "C:\Programme\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp progeCAD LT 2006 SP1 --> C:\PROGRA~1\PROGES~1\PROGEC~1\UNWISE.EXE C:\PROGRA~1\PROGES~1\PROGEC~1\install.log ProSaldo E/A 1.5 --> "C:\Programme\ProSaldo EA\unins000.exe" QuickTime --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1031 Railroad Tycoon II - Platinum --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C7E9FB5B-626B-49D9-A99C-7BFA63C222D3}\setup.exe" RealArcade --> C:\Programme\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x7 REMOVE Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly REALVIZ StitcherEZ ACD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2EDC0C39-9F9F-461F-9C43-3D51B58B4C87}\Setup.exe" -l0x7 UNINSTALL RegCure 1.3.0.2 --> C:\Programme\RegCure\uninst.exe RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x7 -removeonly Schachermayer Warenkorb 1.8 --> C:\WINDOWS\st6unst.exe -n "c:\glink\ST6UNST.LOG" SEMC DSS SyncStation Driver --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini Setup-Start von Microsoft Works Suite 2006 --> C:\Programme\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP F:\MS Works Suite 2006\ Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" SmartSound Quicktracks Plugin --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sony Ericsson Image Editor --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\Setup.exe" -l0x9 -l0009 --remove=y Sony Ericsson MMS Home Studio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9462C4AD-D6C4-4365-B4AD-BFE0B1E216C3}\Setup.exe" -l0x7 -l0007 --remove=y Sony Ericsson PC Suite 3.2.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\Setup.exe" -l0x7 Studio 9 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x7 UNINSTALL Studio 9 Content CD/DVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x7 UNINSTALL Studio 9.4 Patch --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x7 UNINSTALL Tropico Demo --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7D9F6ED8-7EBC-4A11-A83E-9F25AF4F2A40}\Setup.exe" TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926} Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB896427) --> "C:\WINDOWS\$NtUninstallKB896427$\spuninst\spuninst.exe" Update für Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe" Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update für Windows XP (KB907265) --> "C:\WINDOWS\$NtUninstallKB907265$\spuninst\spuninst.exe" Update für Windows XP (KB908521) --> "C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe" Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update Service --> "C:\Programme\Sony Ericsson\Update Service\Uninstall Update Service\Uninstall Update Service.exe" videon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7 VP6 VFW Codec --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9 Windows-Desktopsuche --> "C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP-Hotfix - KB319740 --> "C:\WINDOWS\$NtUninstallKB319740$\spuninst\spuninst.exe" Windows XP-Hotfix - KB873339 --> "C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe" Windows XP-Hotfix - KB884883 --> "C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885222 --> "C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885626 --> "C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885835 --> "C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885836 --> "C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe" Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB885894 --> "C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe" Windows XP-Hotfix - KB886677 --> "C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe" Windows XP-Hotfix - KB886716 --> "C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe" Windows XP-Hotfix - KB887472 --> "C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe" Windows XP-Hotfix - KB887742 --> "C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe" Windows XP-Hotfix - KB888113 --> "C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe" Windows XP-Hotfix - KB888302 --> "C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe" Windows XP-Hotfix - KB889016 --> "C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe" Windows XP-Hotfix - KB889673 --> "C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe" Windows XP-Hotfix - KB890831 --> "C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe" Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> "C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe" Windows XP-Hotfix - KB896626 --> "C:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe" WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe WinZip --> "C:\Programme\WinZip9\WINZIP32.EXE" /uninstall WinZip Companion for Outlook --> "C:\Programme\WinZip Companion for Outlook\uninst.exe" WinZip Self-Extractor --> "C:\Programme\WinZip Self-Extractor\wzipse32.exe" -uninstall X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log -- End of ComboScan: finished at 2007-04-30 at 10:18:28 ------------------------ ------------------------------------------------- CeanUp: kein Log-File -------------------------------------------------- ComboFix: "Weidlinger" - 07-04-30 10:52:38 Service Pack 2 ComboFix 07-04-25.4V - Running from: "D:\Virus\ComboFix\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ddayy.dll C:\WINDOWS\system32\ssqpo.dll C:\WINDOWS\system32\pmkji.dll C:\WINDOWS\system32\hbjvlvwg.dll C:\WINDOWS\system32\mprgnbfh.dll C:\WINDOWS\system32\ukhkjtrc.dll C:\WINDOWS\system32\yiqwdcgt.dll C:\WINDOWS\system32\ijkmp.ini C:\WINDOWS\system32\rqrppqn.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\DOWNLO~1.\Quarantine\ppqdb.dat C:\WINDOWS\DOWNLO~1.\Quarantine\ppqsdb.dat C:\WINDOWS\DOWNLO~1.\Quarantine ((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 )))))))))))))))))))))))))))))))))) 2007-04-30 10:09 <DIR> d-------- C:\avenger 2007-04-30 07:03 570,826 ---hs---- C:\WINDOWS\system32\orutv.bak1 2007-04-30 07:03 284,244 --------- C:\WINDOWS\system32\vturo.dll 2007-04-29 23:58 353 ---hs---- C:\WINDOWS\system32\vybeg.ini2 2007-04-29 19:47 <DIR> d-------- C:\Programme\HiJack 2007-04-29 19:32 <DIR> d-------- C:\Programme\RegCure 2007-04-28 07:10 284,244 --a------ C:\WINDOWS\system32\mlljg.dll 2007-04-26 08:33 132,660 --a------ C:\WINDOWS\system32\siklhetb.dll 2007-04-26 00:47 132,660 --a------ C:\WINDOWS\system32\viehlipb.dll 2007-04-26 00:42 132,660 --a------ C:\WINDOWS\system32\fjwfqcam.dll 2007-04-25 23:56 132,660 --a------ C:\WINDOWS\system32\akehlhck.dll 2007-04-25 23:50 132,660 --a------ C:\WINDOWS\system32\iffrvhut.dll 2007-04-25 18:05 132,660 --a------ C:\WINDOWS\system32\inrgitfp.dll 2007-04-23 23:31 353 ---hs---- C:\WINDOWS\system32\qstwa.ini2 2007-04-23 17:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\LightScribe 2007-04-23 17:06 <DIR> d-------- C:\Programme\LightScribe Diagnostic Utility 2007-04-23 16:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe 2007-04-05 23:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech 2007-04-05 23:12 <DIR> d-------- C:\DOKUME~1\WEIDLI~1\ANWEND~1\Logitech 2007-04-05 23:06 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-04-05 23:06 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2007-04-05 23:06 53,248 --a------ C:\WINDOWS\system32\KemXML.dll 2007-04-05 23:06 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys 2007-04-05 23:06 155,648 --a------ C:\WINDOWS\system32\kemutb.dll 2007-04-05 23:06 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS 2007-04-05 23:06 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-04-05 23:06 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-04-05 23:06 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-04-05 23:05 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-04-05 23:05 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2007-04-05 23:05 <DIR> d-------- C:\Programme\Logitech 2007-04-05 23:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech 2007-04-05 22:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-30 00:29 -------- d-------- C:\Programme\microsoft money 2007-04-30 00:21 -------- d-------- C:\Programme\tuneup utilities 2006 2007-04-26 00:46 -------- d-------- C:\Programme\windows live toolbar 2007-04-25 23:55 499532 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-25 23:55 101154 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-19 16:50 -------- d-------- C:\Programme\designpro 2000 2007-04-05 23:06 -------- d--h----- C:\Programme\installshield installation information 2007-03-18 13:33 -------- d-------- C:\Programme\railroad tycoon ii - platinum 2007-03-18 12:08 -------- d-------- C:\Programme\tropico demo 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-04 20:40 8273 --a------ C:\DOKUME~1\WEIDLI~1\ANWEND~1\microsoft excel.jnl (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F85D76C-0569-466F-A488-493E6BD0E955} C:\Programme\Windows Desktop Search\dsWebAllow.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.6.0_01\bin\ssv.dll {CD49E158-9CC2-47AA-8E6D-610E1FA494C2} C:\WINDOWS\system32\vturo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "MsmqIntCert"="regsvr32 /s mqrt.dll" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe" "KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize" "itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\"" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\"" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\siklhetb.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware" "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Reminder"="C:\\Programme\\Microsoft Money\\System\\reminder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "CnOServerLauncher"="CNOServerLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070430-095610-939 O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll backup-20070430-095610-688 O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll backup-20070430-095429-851 O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yiqwdcgt.dll backup-20070430-095429-196 O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll backup-20070430-095429-905 O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\RegCure Program Check.job C:\WINDOWS\tasks\RegCure.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-30 11:02:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-30 11:02:52 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-30 11:02 ---------------------------------------------------------- ComboFix - quarantined: Code 06-07-20 08:05 32 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqdb.dat.vir---------------------------------------------------------- DatFind - system32: Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 2829-A5AE Verzeichnis von C:\WINDOWS\system32 30.04.2007 11:13 571.187 orutv.ini 30.04.2007 11:09 49.204 doctwqxc.dll 30.04.2007 11:09 570.866 orutv.bak1 30.04.2007 11:04 49.204 ysvummtf.dll 30.04.2007 10:59 1.364 btehlkis.ini 30.04.2007 10:58 39.355 nvapps.xml 30.04.2007 10:57 13.646 wpa.dbl 30.04.2007 07:03 284.244 vturo.dll 30.04.2007 00:15 353 vybeg.ini2 29.04.2007 23:52 572.773 vybeg.tmp 29.04.2007 18:18 353 gfhkj.ini 29.04.2007 16:57 353 yycdd.ini 28.04.2007 17:15 353 yccdd.ini 28.04.2007 07:10 284.244 mlljg.dll 27.04.2007 00:54 353 wvvwa.ini 26.04.2007 08:33 132.660 siklhetb.dll 26.04.2007 00:47 344 bpilheiv.ini 26.04.2007 00:47 132.660 viehlipb.dll 26.04.2007 00:42 344 macqfwjf.ini 26.04.2007 00:42 132.660 fjwfqcam.dll 25.04.2007 23:56 344 kchlheka.ini 25.04.2007 23:56 132.660 akehlhck.dll 25.04.2007 23:55 85.856 perfc009.dat 25.04.2007 23:55 470.640 perfh009.dat 25.04.2007 23:55 101.154 perfc007.dat 25.04.2007 23:55 499.532 perfh007.dat 25.04.2007 23:55 1.172.334 PerfStringBackup.INI 25.04.2007 23:50 294 tuhvrffi.ini 25.04.2007 23:50 132.660 iffrvhut.dll 25.04.2007 18:05 1.304 pftigrni.ini 25.04.2007 18:05 132.660 inrgitfp.dll 25.04.2007 12:25 1.512.718 khlvxtta.ini 25.04.2007 00:13 353 prutv.ini 24.04.2007 07:44 353 qstwa.ini2 23.04.2007 23:31 475.672 qstwa.tmp 23.04.2007 20:48 353 ijllm.ini 23.04.2007 15:49 353 cdeeg.ini 10.04.2007 06:45 4.043 jupdate-1.6.0_01-b06.log 04.04.2007 00:33 331.480 FNTCACHE.DAT 03.04.2007 22:48 13.511.640 MRT.exe 02.04.2007 14:21 428.032 swreg.exe 02.04.2007 08:36 546.304 hhctrl.ocx 17.03.2007 15:44 293.376 winsrv.dll 14.03.2007 02:04 69.632 javacpl.cpl 14.03.2007 02:04 139.264 javaws.exe 14.03.2007 00:31 135.168 javaw.exe 14.03.2007 00:31 135.168 java.exe 09.03.2007 13:51 270.336 xpsp3res.dll 08.03.2007 17:36 281.600 gdi32.dll 08.03.2007 17:36 40.960 mf3216.dll 08.03.2007 17:36 579.072 user32.dll 08.03.2007 17:32 1.843.712 win32k.sys 28.02.2007 18:02 2.138.624 ntoskrnl.exe 28.02.2007 18:02 2.018.304 ntkrnlpa.exe 15.02.2007 19:01 337.280 WgaTray.exe 15.02.2007 19:01 1.476.992 LegitCheckControl.dll 15.02.2007 19:00 236.928 WgaLogon.dll 15.02.2007 02:24 118.934 TZLog.log 05.02.2007 22:18 185.856 upnphost.dll 29.01.2007 10:58 60.416 tzchange.exe 12.01.2007 10:27 670.720 mstime.dll 12.01.2007 10:27 27.136 jsproxy.dll 12.01.2007 10:27 232.960 webcheck.dll 12.01.2007 10:27 132.608 extmgr.dll 12.01.2007 10:27 3.580.416 mshtml.dll 12.01.2007 10:27 477.696 mshtmled.dll 12.01.2007 10:27 6.054.400 ieframe.dll 12.01.2007 10:27 1.149.952 urlmon.dll 12.01.2007 10:27 458.752 msfeeds.dll 12.01.2007 10:27 822.784 wininet.dll 12.01.2007 10:27 51.712 msfeedsbs.dll 11.01.2007 08:14 9.132 jupdate-1.5.0_10-b03.log 10.01.2007 18:42 1.040.384 ieframe.dll.mui 08.01.2007 20:04 105.984 url.dll 08.01.2007 20:04 102.400 occache.dll 08.01.2007 20:03 193.024 msrating.dll 08.01.2007 20:02 1.823.744 inetcpl.cpl 08.01.2007 20:02 44.544 iernonce.dll 08.01.2007 20:02 266.752 iertutil.dll 08.01.2007 20:02 384.000 iedkcs32.dll 08.01.2007 20:02 153.088 ieakeng.dll 08.01.2007 20:02 230.400 ieaksie.dll 08.01.2007 20:02 161.792 ieakui.dll 08.01.2007 20:02 383.488 ieapfltr.dll 08.01.2007 20:01 17.408 corpol.dll 08.01.2007 20:00 124.928 advpack.dll 08.01.2007 19:08 56.832 ie4uinit.exe 08.01.2007 19:08 13.824 ieudinit.exe 19.12.2006 23:49 135.168 shsvcs.dll 19.12.2006 23:49 8.494.592 shell32.dll 19.12.2006 20:17 334.336 wiaservc.dll 10.12.2006 08:05 16.832 amcompat.tlb 10.12.2006 08:05 23.392 nscompat.tlb 04.12.2006 16:21 414.720 msscp.dll 01.12.2006 05:20 212.480 swxcacls.exe 29.11.2006 17:21 370.688 swsc.exe 27.11.2006 16:54 539.136 msftedit.dll 27.11.2006 16:54 433.152 riched20.dll 27.11.2006 02:34 49.152 vfind.exe 17.11.2006 19:53 12.288 advpack.dll.mui 17.11.2006 16:14 16.176 spmsg.dll 15.11.2006 23:01 4.276 divxsm.tlb 15.11.2006 23:01 520.192 DivXsm.exe 15.11.2006 23:01 10.863 dsm_ja.qm 15.11.2006 23:01 15.507 dsm_de.qm 15.11.2006 23:01 15.299 dsm_fr.qm 15.11.2006 23:01 3.596.288 qt-dx331.dll 15.11.2006 23:01 183.032 pxmas.dll 15.11.2006 23:01 68.344 pxhpinst.exe 15.11.2006 23:01 379.640 pxwave.dll 15.11.2006 23:01 486.136 pxdrv.dll 15.11.2006 23:01 115.960 pxcpyi64.exe 15.11.2006 23:01 116.984 pxinsi64.exe 15.11.2006 23:01 523.000 px.dll 15.11.2006 23:01 64.248 pxcpya64.exe 15.11.2006 23:01 63.736 pxinsa64.exe 15.11.2006 23:01 39.672 vxblock.dll 15.11.2006 23:01 1.044.480 libdivx.dll 15.11.2006 23:01 200.704 ssldivx.dll 15.11.2006 22:56 73.728 dpl100.dll 15.11.2006 22:56 196.608 dtu100.dll 15.11.2006 22:56 53.248 dpuGUI10.dll 15.11.2006 22:56 593.920 dpuGUI11.dll 15.11.2006 22:56 344.064 dpus11.dll 15.11.2006 22:56 57.344 dpv11.dll 15.11.2006 22:56 294.912 dpu11.dll 15.11.2006 22:56 294.912 dpu10.dll 15.11.2006 22:56 806.912 divx_xx07.dll 15.11.2006 22:56 806.912 divx_xx0c.dll 15.11.2006 22:56 790.528 divx_xx11.dll 15.11.2006 22:56 635.486 DivX.dll 15.11.2006 22:37 704.512 divxdec.ax 15.11.2006 22:36 12.288 DivXWMPExtType.dll 15.11.2006 22:36 118.784 DivXCodecUpdateChecker.exe 15.11.2006 22:36 8.523 dpude.qm 15.11.2006 22:36 3.136 dtu_de.qm 09.11.2006 10:18 8.833 jupdate-1.5.0_09-b03.log 08.11.2006 07:06 679.424 inetcomm.dll 07.11.2006 22:03 156.160 msls31.dll 07.11.2006 22:03 180.736 ieui.dll 07.11.2006 22:03 191.488 iepeers.dll 07.11.2006 22:03 413.696 vbscript.dll 07.11.2006 04:26 71.680 admparse.dll 07.11.2006 04:26 55.296 iesetup.dll 07.11.2006 04:26 92.672 inseng.dll 07.11.2006 04:24 56.483 ieuinit.inf 04.11.2006 15:14 1.245.696 msxml4.dll 03.11.2006 11:02 8.282.112 wmploc.dll 03.11.2006 10:56 99.840 wmpshell.dll 03.11.2006 10:55 275.968 wmerror.dll 03.11.2006 10:54 8.192 asferror.dll 02.11.2006 12:51 43.008 wpdshextres.dll 01.11.2006 21:17 927.504 mfc40u.dll 23.10.2006 17:34 1.497.600 shdocvw.dll 23.10.2006 17:34 474.624 shlwapi.dll 23.10.2006 17:34 1.056.256 danim.dll 23.10.2006 17:34 1.022.976 browseui.dll 23.10.2006 17:34 152.064 cdfview.dll 20.10.2006 03:38 715.776 sxs.dll 18.10.2006 22:58 8.704 wdfmgr.exe 18.10.2006 22:58 8.704 uwdf.exe 18.10.2006 22:47 2.603.008 WpdShext.dll 18.10.2006 22:47 629.760 wpd_ci.dll 18.10.2006 22:47 154.624 wpdmtp.dll 18.10.2006 22:47 356.352 wpdsp.dll 18.10.2006 22:47 4.096 wmsdmod.dll 18.10.2006 22:47 35.840 wpdconns.dll 18.10.2006 22:47 133.632 WPDShServiceObj.dll 18.10.2006 22:47 656.896 WMVXENCD.dll 18.10.2006 22:47 767.488 WMVSENCD.dll 18.10.2006 22:47 2.450.944 SET2B4.tmp 18.10.2006 22:47 4.096 wmsdmoe2.dll 18.10.2006 22:47 4.096 WMVADVD.dll 18.10.2006 22:47 4.096 WMVADVE.DLL 18.10.2006 22:47 2.450.944 wmvcore.dll 18.10.2006 22:47 603.648 WMSPDMOD.dll 18.10.2006 22:47 1.543.680 WMVDECOD.dll 18.10.2006 22:47 63.488 wpdmtpus.dll 18.10.2006 22:47 4.096 wmvdmod.dll 18.10.2006 22:47 4.096 wmvdmoe2.dll 18.10.2006 22:47 1.574.912 WMVENCOD.dll 18.10.2006 22:47 4.096 SET2B6.tmp 18.10.2006 22:47 1.382.912 WMVSDECD.dll 18.10.2006 22:47 1.329.152 WMSPDMOE.dll 18.10.2006 22:47 348.672 wmdrmnet.dll 18.10.2006 22:47 937.984 WMNetMgr.dll 18.10.2006 22:47 10.834.432 wmp.dll 18.10.2006 22:47 242.688 wmpasf.dll 18.10.2006 22:47 314.880 wmpdxm.dll 18.10.2006 22:47 1.661.440 wmpencen.dll 18.10.2006 22:47 157.184 wmidx.dll 18.10.2006 22:47 295.936 wmpeffects.dll 18.10.2006 22:47 204.288 wmpsrcwp.dll 18.10.2006 22:47 130.048 wmpps.dll 18.10.2006 22:47 535.040 wmdrmsdk.dll 18.10.2006 22:47 613.376 wmpmde.dll 18.10.2006 22:47 37.376 wmdmps.dll 18.10.2006 22:47 33.792 wmdmlog.dll 18.10.2006 22:47 222.208 wmasf.dll 18.10.2006 22:47 1.117.696 WMADMOE.dll 18.10.2006 22:47 757.248 WMADMOD.dll 18.10.2006 22:47 284.160 PortableDeviceApi.dll 18.10.2006 22:47 101.888 PortableDeviceClassExtension.dll 18.10.2006 22:47 166.912 PortableDeviceTypes.dll 18.10.2006 22:47 132.096 PortableDeviceWiaCompat.dll 18.10.2006 22:47 199.168 PortableDeviceWMDRM.dll 18.10.2006 22:47 4.096 wdfapi.dll 18.10.2006 22:47 222.208 SET2A8.tmp 18.10.2006 22:47 429.056 wmdrmdev.dll 18.10.2006 22:47 211.456 SET2A5.tmp 18.10.2006 22:47 321.536 mswmdm.dll 18.10.2006 22:47 27.136 mspmsnsv.dll 18.10.2006 22:47 179.712 msnetobj.dll 18.10.2006 22:47 175.616 mspmsp.dll 18.10.2006 22:47 11.264 LAPRXY.dll 18.10.2006 22:47 4.096 MP4SDMOD.dll 18.10.2006 22:47 259.072 MPG4DECD.dll 18.10.2006 22:47 4.096 MPG4DMOD.dll 18.10.2006 22:47 212.992 MFPLAT.dll 18.10.2006 22:47 4.096 MP43DMOD.dll 18.10.2006 22:47 259.072 MP43DECD.dll 18.10.2006 22:47 317.440 MP4SDECD.dll 18.10.2006 22:47 229.376 cewmdm.dll 18.10.2006 22:47 542.720 blackbox.dll 18.10.2006 22:47 991.744 drmv2clt.dll 18.10.2006 22:47 276.992 SET2C1.tmp 18.10.2006 21:05 232.448 l3codecp.acm 18.10.2006 21:03 100.864 logagent.exe 18.10.2006 21:00 249.856 drmupgds.exe 18.10.2006 21:00 17.408 wpdshextautoplay.exe 17.10.2006 13:06 443.904 html.iec 17.10.2006 13:06 78.336 ieencode.dll 17.10.2006 13:05 206.336 WinFXDocObj.exe 17.10.2006 13:05 40.960 licmgr10.dll 17.10.2006 13:00 491.520 jscript.dll 17.10.2006 12:58 12.288 msfeedssync.exe 17.10.2006 12:58 61.952 icardie.dll 17.10.2006 12:58 44.544 pngfilt.dll 17.10.2006 12:58 346.624 dxtmsft.dll 17.10.2006 12:57 36.352 imgutil.dll 17.10.2006 12:57 214.528 dxtrans.dll 17.10.2006 12:56 45.568 mshta.exe 17.10.2006 12:55 66.560 tdc.ocx 17.10.2006 12:28 48.128 mshtmler.dll 17.10.2006 12:19 1.383.424 mshtml.tlb 16.10.2006 18:15 126.976 oledlg.dll 14.10.2006 10:13 981.760 mfc42u.dll 13.10.2006 14:35 64.000 nwapi32.dll 13.10.2006 14:35 65.536 nwwks.dll 13.10.2006 14:35 146.432 nwprovau.dll 02.10.2006 18:58 24.072 uxtuneup.dll 02.10.2006 16:28 312.128 msdelta.dll 28.09.2006 21:13 95.344 WUDFCoinstaller.dll 28.09.2006 19:56 146.432 WudfHost.exe 28.09.2006 19:56 316.416 WUDFx.dll 28.09.2006 19:56 165.376 WudfPlatform.dll 28.09.2006 19:56 55.808 WudfSvc.dll 25.09.2006 18:58 23.856 spupdsvc.exe 23.09.2006 13:12 82.428 IE7Eula.rtf 17.09.2006 02:28 2.277.888 TUKernel.exe 13.09.2006 07:02 1.084.416 msxml3.dll 09.09.2006 10:49 7.085 jupdate-1.5.0_06-b05.log 06.09.2006 00:01 2.451.824 ieapfltr.dat 01.09.2006 08:44 8.798 icrav03.rat 01.09.2006 08:44 1.988 ticrf.rat 25.08.2006 17:46 617.472 comctl32.dll 24.08.2006 14:19 246.814 strmdll.dll 24.08.2006 14:17 500.278 dxmasf.dll 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 17.08.2006 14:41 337.408 netapi32.dll 17.08.2006 14:41 132.096 wkssvc.dll 17.08.2006 14:41 734.208 lsasrv.dll 16.08.2006 13:58 100.352 6to4svc.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:51 121.856 xmllite.dll 05.07.2006 12:55 1.057.792 kernel32.dll 30.06.2006 00:13 53.248 KemXML.dll 30.06.2006 00:13 155.648 kemutb.dll 30.06.2006 00:13 110.592 KemWnd.dll 30.06.2006 00:12 126.976 KemUtil.dll 29.06.2006 09:05 26.112 idndl.dll 29.06.2006 09:05 23.552 normaliz.dll 28.06.2006 18:59 24.576 nlsdl.dll 26.06.2006 19:40 8.192 rasadhlp.dll 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 15:21 176.167 rmoc3260.dll 26.06.2006 15:21 5.632 pndx5032.dll 26.06.2006 15:21 6.656 pndx5016.dll 26.06.2006 15:21 278.528 pncrt.dll 22.06.2006 07:06 1.441.792 query.dll 22.06.2006 07:06 69.120 ciodm.dll 08.06.2006 13:06 45.794 normnfc.nls 08.06.2006 13:06 39.284 normnfd.nls 08.06.2006 13:06 60.294 normnfkd.nls 08.06.2006 13:06 59.342 normidna.nls 08.06.2006 13:06 66.384 normnfkc.nls 01.06.2006 20:47 27.648 jgpl400.dll 01.06.2006 20:47 163.840 jgdw400.dll 19.05.2006 15:09 112.128 dhcpcsvc.dll 19.05.2006 15:09 95.744 iphlpapi.dll 14.05.2006 10:48 181.248 rasmans.dll 10.05.2006 23:09 664 d3d9caps.dat 10.05.2006 19:38 288 $winnt$.inf 10.05.2006 19:33 488 logonui.exe.manifest 10.05.2006 19:33 488 WindowsLogon.manifest 10.05.2006 19:33 749 cdplayer.exe.manifest 10.05.2006 19:33 749 ncpa.cpl.manifest 10.05.2006 19:33 749 wuaucpl.cpl.manifest 10.05.2006 19:33 749 nwc.cpl.manifest 10.05.2006 19:33 749 sapi.cpl.manifest 10.05.2006 19:32 26.264 emptyregdb.dat 11.04.2006 21:09 219.136 uxtheme.dll 11.04.2006 21:09 134.272 HAL.DLL 11.04.2006 21:09 61.440 mmcshext.dll 11.04.2006 21:09 33.792 mmcperf.exe 11.04.2006 21:09 1.916.928 mmcndmgr.dll 11.04.2006 21:09 106.496 mmcfxcommon.dll 11.04.2006 21:09 397.312 mmcex.dll 11.04.2006 21:09 169.984 mmcbase.dll 11.04.2006 21:09 184.320 microsoft.managementconsole.dll 11.04.2006 21:09 1.354.240 mmc.exe 11.04.2006 21:09 148.480 cic.dll 11.04.2006 21:09 28.672 verclsid.exe 11.04.2006 21:08 270.848 oakley.dll 06.04.2006 20:10 245.408 unicows.dll 06.04.2006 20:10 352.401 DivXMedia.ax 31.03.2006 12:40 2.388.176 d3dx9_30.dll 31.03.2006 11:03 307.200 CNOServer.exe 24.03.2006 06:37 49.152 wdigest.dll 18.03.2006 00:31 51.913 PCSuiteP80x.txt 12.03.2006 23:05 3.770 jupdate-1.5.0_04-b05.log 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 91.136 mtxoci.dll 19.02.2006 10:22 8 DE6D0AF3E7.sys 19.02.2006 02:48 13.646 wpa.bak 18.02.2006 23:53 146.650 BuzzingBee.wav 18.02.2006 23:53 940.794 LoopyMusic.wav 18.02.2006 23:36 552 d3d8caps.dat 18.02.2006 23:13 2.951 CONFIG.NT 18.02.2006 23:05 0 h323log.txt 24.01.2006 01:17 621.272 mswstr10.dll 16.01.2006 20:49 838.360 mswdat10.dll 04.01.2006 05:35 68.096 webclnt.dll 04.01.2006 05:35 68.096 webclnt(2).dll 30.12.2005 21:16 77.824 xvid.ax 30.12.2005 21:10 761.856 xvidcore.dll 29.12.2005 04:54 280.064 gdi32(2).dll 19.12.2005 12:57 466.944 capicom.dll 14.12.2005 15:51 86.016 nvmctray.dll 14.12.2005 15:51 1.019.904 nvwimg.dll 14.12.2005 15:51 1.662.976 nvwdmcpl.dll 14.12.2005 15:51 466.944 nvshell.dll 14.12.2005 15:51 1.339.392 nvdspsch.exe 14.12.2005 15:51 442.368 nvappbar.exe 14.12.2005 15:51 16.356 nvdisp.nvu 14.12.2005 15:51 1.519.616 nwiz.exe 14.12.2005 15:51 5.394.432 nvoglnt.dll 14.12.2005 15:51 3.916.416 nv4_disp.dll 14.12.2005 15:51 90.112 nvapi.dll 14.12.2005 15:51 81.920 nvwddi.dll 14.12.2005 15:51 143.427 nvsvc32.exe 14.12.2005 15:51 1.466.368 nview.dll 14.12.2005 15:51 35.328 nvcod.dll 14.12.2005 15:51 7.323.648 nvcpl.dll 14.12.2005 15:51 35.328 nvcodins.dll 14.12.2005 15:51 73.728 nvtuicpl.cpl 08.12.2005 14:56 65.536 QuickTimeVR.qtx 08.12.2005 14:56 49.152 QuickTime.qts 05.12.2005 18:09 2.323.664 d3dx9_28.dll 11.11.2005 05:23 581.632 rpcrt4.dll 09.11.2005 00:26 38.400 moveex.exe 05.11.2005 05:16 606.208 urlmon(2).dll 29.10.2005 01:50 86.016 pintool.exe 29.10.2005 01:50 26.112 bcsprsrc.dll 29.10.2005 01:25 151.552 ifxcardm.dll 29.10.2005 01:25 133.120 axaltocm.dll 28.10.2005 22:54 198.144 _psisdecd.dll 28.10.2005 17:40 96.792 basecsp.dll 21.10.2005 05:40 664.064 wininet(2).dll 21.10.2005 05:40 474.112 shlwapi(2).dll 21.10.2005 00:25 1.094.144 esent(2).dll 21.10.2005 00:25 1.094.144 esent.dll 17.10.2005 23:20 118.272 t2embed.dll 17.10.2005 23:20 80.896 fontsub.dll 12.10.2005 15:44 241.664 CmUCREye.exe 06.10.2005 17:42 241.664 CmUCRRm.exe 06.10.2005 05:08 1.839.616 win32k(2).sys 23.09.2005 08:28 32.768 netfxperf.dll 23.09.2005 08:28 150.016 mscorier.dll 23.09.2005 08:28 74.240 mscories.dll 23.09.2005 08:28 270.848 mscoree.dll 23.09.2005 08:28 83.456 dfshim.dll 23.09.2005 05:06 8.491.520 shell32(2).dll 23.09.2005 00:21 3.076.096 nvdisps.dll 23.09.2005 00:21 73.728 nvcpl.cpl 23.09.2005 00:21 700.416 nvcplui.exe 23.09.2005 00:21 1.171.456 nvcpluir.dll 23.09.2005 00:21 139.264 nvmccss.dll 23.09.2005 00:21 311.296 nvexpbar.dll 23.09.2005 00:21 3.629.056 nvgames.dll 23.09.2005 00:21 385.024 nvmobls.dll 23.09.2005 00:21 180.224 nvudisp.exe 23.09.2005 00:21 2.314.240 nvvitvs.dll 22.09.2005 17:38 180.224 NVUNINST.EXE 21.09.2005 09:53 1.650.688 cdintf250.dll 19.09.2005 17:00 28.737 CNAC4LMK.DLL 19.09.2005 17:00 184.320 CNAC4EMU.DLL 19.09.2005 17:00 98.367 CNAC4SMK.DLL 19.09.2005 17:00 28.672 CNAC4PTU.DLL 19.09.2005 17:00 57.407 CNAC4RPK.EXE 15.09.2005 06:05 185.344 ipsecsvc.dll 12.09.2005 17:32 15.086 CmUCRXD1_dis.ico 12.09.2005 17:32 15.086 CmUCRXD1_en.ico 10.09.2005 03:54 2.067.968 cdosys.dll 01.09.2005 03:44 292.352 winsrv(2).dll 01.09.2005 03:44 19.968 linkinfo.dll 30.08.2005 05:55 1.292.800 quartz.dll 23.08.2005 05:39 124.416 umpnpmgr.dll 23.08.2005 05:39 124.416 umpnpmgr(2).dll 22.08.2005 20:31 197.632 netman(2).dll 22.08.2005 20:31 197.632 netman.dll 04.08.2005 03:47 80.896 firewall.cpl 26.07.2005 06:39 37.888 olecnv32.dll 26.07.2005 06:39 397.824 rpcss(2).dll 26.07.2005 06:39 74.752 olecli32.dll 26.07.2005 06:39 397.824 rpcss.dll 26.07.2005 06:39 101.376 txflog.dll 26.07.2005 06:39 1.285.120 ole32(2).dll 26.07.2005 06:39 1.285.120 ole32.dll 26.07.2005 06:39 66.560 mtxclu(2).dll 26.07.2005 06:39 540.160 comuid.dll 26.07.2005 06:39 243.200 es(2).dll 26.07.2005 06:39 243.200 es.dll 26.07.2005 06:39 1.267.200 comsvcs(2).dll 26.07.2005 06:39 1.267.200 comsvcs.dll 26.07.2005 06:39 97.792 comrepl.dll 26.07.2005 06:39 498.688 clbcatq.dll 26.07.2005 06:39 60.416 colbact.dll 26.07.2005 06:39 60.416 colbact(2).dll 26.07.2005 06:39 498.688 clbcatq(2).dll 26.07.2005 06:39 110.080 clbcatex.dll 26.07.2005 06:39 625.152 catsrvut.dll 26.07.2005 06:39 225.792 catsrv.dll 19.07.2005 04:47 55.808 twext.dll 16.07.2005 01:48 40.960 ChCfg.exe 13.07.2005 11:42 15.086 CmUCRXP_dis.ico 13.07.2005 11:41 15.086 CmUCRXP_en.ico 12.07.2005 19:04 23.304 GWFSPidGen.dll 11.07.2005 12:48 11.502 CmUCRSMS_dis.ico 11.07.2005 12:41 10.910 CmUCRSMS_en.ico 11.07.2005 12:29 11.502 CmUCRXD_dis.ico 11.07.2005 12:28 11.502 CmUCRXD_en.ico 11.07.2005 12:21 11.502 CmUCRSD_dis.ico 11.07.2005 12:20 |
|
|
||
02.05.2007, 22:41
...neu hier
Themenstarter Beiträge: 6 |
#4
Hallo, liebe potecus-Leser!
Habe ein schlechtes Gewissen: Bin ich zu ungeduldig für Eure Hilfe-Antwort, hab' ich 'was vergessen oder habe ich gegen (unbekannte) Regeln verstoßen? Bin für wirkungsvolle Hinweise oder Instruktionen zur Trojaner-Entfernung sehr dankbar. Gruß Fedinand |
|
|
||
03.05.2007, 12:21
Moderator
Beiträge: 7805 |
#5
Nutze bitte vundofix: http://virus-protect.org/artikel/tools/vundofixx.html
und danach poste den Vundofix report und ein neues Combofix log. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
03.05.2007, 22:12
...neu hier
Themenstarter Beiträge: 6 |
#6
Danke, Ralf,
weiter unten hier die gewünschten logs. Hinweis: Seit Vundofix bekomme ich beim Hochfahren die Fehlermeldung RUNDLL: "Fehler beim Laden von C:\WINDOWS\system32\siklhetb.dll Das angegebene Modul wurde nicht gefunden." Kommt auch nach ComboFix immer wieder beim Hochfahren. mfg Ferdinand Vundofix report (vundofix.txt): VundoFix V6.3.21 Checking Java version... Sun Java not detected Scan started at 21:45:15 3.5.2007 Listing files found while scanning.... C:\WINDOWS\system32\akehlhck.dll C:\WINDOWS\system32\bpilheiv.ini C:\WINDOWS\system32\btehlkis.ini C:\WINDOWS\system32\cdtlacim.dll C:\WINDOWS\system32\ckykpdtt.dll C:\WINDOWS\system32\doctwqxc.dll C:\WINDOWS\system32\fjwfqcam.dll C:\WINDOWS\system32\gmyfhfgs.dll C:\WINDOWS\system32\hkblxqbm.dll C:\WINDOWS\system32\iffrvhut.dll C:\WINDOWS\system32\inrgitfp.dll C:\WINDOWS\system32\jarelsws.dll C:\WINDOWS\system32\kchlheka.ini C:\WINDOWS\system32\kmdtdbbg.dll C:\WINDOWS\system32\macqfwjf.ini C:\WINDOWS\system32\mqcxhpod.dll C:\WINDOWS\system32\nbchhlrw.dll C:\WINDOWS\system32\obbclaal.dll C:\WINDOWS\system32\pftigrni.ini C:\WINDOWS\system32\qgyduloo.dll C:\WINDOWS\system32\siklhetb.dll C:\WINDOWS\system32\sojhcpog.dll C:\WINDOWS\system32\tuhvrffi.ini C:\WINDOWS\system32\viehlipb.dll C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\xunhlrim.dll C:\WINDOWS\system32\ykxymghi.dll C:\WINDOWS\system32\ysvummtf.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\akehlhck.dll C:\WINDOWS\system32\akehlhck.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bpilheiv.ini C:\WINDOWS\system32\bpilheiv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\btehlkis.ini C:\WINDOWS\system32\btehlkis.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cdtlacim.dll C:\WINDOWS\system32\cdtlacim.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ckykpdtt.dll C:\WINDOWS\system32\ckykpdtt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\doctwqxc.dll C:\WINDOWS\system32\doctwqxc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fjwfqcam.dll C:\WINDOWS\system32\fjwfqcam.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gmyfhfgs.dll C:\WINDOWS\system32\gmyfhfgs.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hkblxqbm.dll C:\WINDOWS\system32\hkblxqbm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\iffrvhut.dll C:\WINDOWS\system32\iffrvhut.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\inrgitfp.dll C:\WINDOWS\system32\inrgitfp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jarelsws.dll C:\WINDOWS\system32\jarelsws.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kchlheka.ini C:\WINDOWS\system32\kchlheka.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\kmdtdbbg.dll C:\WINDOWS\system32\kmdtdbbg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\macqfwjf.ini C:\WINDOWS\system32\macqfwjf.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mqcxhpod.dll C:\WINDOWS\system32\mqcxhpod.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nbchhlrw.dll C:\WINDOWS\system32\nbchhlrw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\obbclaal.dll C:\WINDOWS\system32\obbclaal.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pftigrni.ini C:\WINDOWS\system32\pftigrni.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qgyduloo.dll C:\WINDOWS\system32\qgyduloo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\siklhetb.dll C:\WINDOWS\system32\siklhetb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\sojhcpog.dll C:\WINDOWS\system32\sojhcpog.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tuhvrffi.ini C:\WINDOWS\system32\tuhvrffi.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\viehlipb.dll C:\WINDOWS\system32\viehlipb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xunhlrim.dll C:\WINDOWS\system32\xunhlrim.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ykxymghi.dll C:\WINDOWS\system32\ykxymghi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ysvummtf.dll C:\WINDOWS\system32\ysvummtf.dll Has been deleted! Performing Repairs to the registry. Done! ----------------------------------------------------------------------- Combofix-log: "Weidlinger" - 07-05-03 21:59:19 Service Pack 2 ComboFix 07-04-25.4V - Running from: "D:\Virus\ComboFix\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 )))))))))))))))))))))))))))))))))) 2007-05-03 21:45 <DIR> d-------- C:\VundoFix Backups 2007-05-03 07:02 572,352 ---hs---- C:\WINDOWS\system32\orutv.ini2 2007-05-01 07:32 570,861 ---hs---- C:\WINDOWS\system32\orutv.bak1 2007-04-30 11:13 668 --a------ C:\datFind.bat 2007-04-30 11:02 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-04-30 10:09 <DIR> d-------- C:\avenger 2007-04-29 23:58 353 ---hs---- C:\WINDOWS\system32\vybeg.ini2 2007-04-29 19:47 <DIR> d-------- C:\Programme\HiJack 2007-04-29 19:32 <DIR> d-------- C:\Programme\RegCure 2007-04-28 07:10 284,244 --a------ C:\WINDOWS\system32\mlljg.dll 2007-04-23 23:31 353 ---hs---- C:\WINDOWS\system32\qstwa.ini2 2007-04-23 17:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\LightScribe 2007-04-23 17:06 <DIR> d-------- C:\Programme\LightScribe Diagnostic Utility 2007-04-23 16:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\LightScribe 2007-04-05 23:13 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Logitech 2007-04-05 23:12 <DIR> d-------- C:\DOKUME~1\WEIDLI~1\ANWEND~1\Logitech 2007-04-05 23:06 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-04-05 23:06 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2007-04-05 23:06 53,248 --a------ C:\WINDOWS\system32\KemXML.dll 2007-04-05 23:06 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys 2007-04-05 23:06 155,648 --a------ C:\WINDOWS\system32\kemutb.dll 2007-04-05 23:06 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS 2007-04-05 23:06 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-04-05 23:06 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-04-05 23:06 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-04-05 23:05 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-04-05 23:05 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2007-04-05 23:05 <DIR> d-------- C:\Programme\Logitech 2007-04-05 23:05 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Logitech 2007-04-05 22:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-30 00:29 -------- d-------- C:\Programme\microsoft money 2007-04-30 00:21 -------- d-------- C:\Programme\tuneup utilities 2006 2007-04-26 00:46 -------- d-------- C:\Programme\windows live toolbar 2007-04-25 23:55 499532 --a------ C:\WINDOWS\system32\perfh007.dat 2007-04-25 23:55 101154 --a------ C:\WINDOWS\system32\perfc007.dat 2007-04-19 16:50 -------- d-------- C:\Programme\designpro 2000 2007-04-05 23:06 -------- d--h----- C:\Programme\installshield installation information 2007-03-18 13:33 -------- d-------- C:\Programme\railroad tycoon ii - platinum 2007-03-18 12:08 -------- d-------- C:\Programme\tropico demo 2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:36 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 22:18 185856 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-04 20:40 8273 --a------ C:\DOKUME~1\WEIDLI~1\ANWEND~1\microsoft excel.jnl (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {08456E74-74AC-405E-BF46-6B950FC264F0} C:\WINDOWS\system32\vturo.dll [x] {2F85D76C-0569-466F-A488-493E6BD0E955} C:\Programme\Windows Desktop Search\dsWebAllow.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "MsmqIntCert"="regsvr32 /s mqrt.dll" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe" "KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize" "itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\"" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\"" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" @="" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\siklhetb.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware" "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Reminder"="C:\\Programme\\Microsoft Money\\System\\reminder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "CnOServerLauncher"="CNOServerLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\RegCure Program Check.job C:\WINDOWS\tasks\RegCure.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-03 22:02:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-03 22:02:45 C:\ComboFix-quarantined-files.txt ... 07-05-03 22:02 C:\ComboFix2.txt ... 07-04-30 11:02 ------------------------------------------------------------------------ ComboFix-quarantined-files.txt: Code 06-07-20 08:05 32 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqdb.dat.vir Dieser Beitrag wurde am 03.05.2007 um 22:29 Uhr von Ferdinand-W editiert.
|
|
|
||
03.05.2007, 22:56
Moderator
Beiträge: 7805 |
#7
Loesche bitte folgende Dateien:
C:\WINDOWS\system32\orutv.ini2 C:\WINDOWS\system32\orutv.bak1 C:\WINDOWS\system32\vybeg.ini2 C:\WINDOWS\system32\mlljg.dll C:\WINDOWS\system32\qstwa.ini2 Danach bitte ein Hijackthis log posten. Falls sich eine der Dateien nicht loeschen laesst, sag bescheid. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
04.05.2007, 08:54
...neu hier
Themenstarter Beiträge: 6 |
#8
Alle vorgenannten Dateien gingen anstandslos direkt zu löschen (ohne Umweg Papierkorb). In \system32 sind noch folgende Dateien:
orutv.ini orutv.tmp vybeg.tmp qstwa.tmp HijackThis hat beim Scannen unterbrochen und eine Fehlermeldung ausgegeben, habe scannen fortgesetzt und kein "fix" gemacht: Logfile of HijackThis v1.99.1 Scan saved at 08:47:33, on 4.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CmUCReye.exe C:\Programme\Microsoft IntelliType Pro\itype.exe C:\Programme\Java\jre1.6.0_01\bin\jusched.exe C:\Programme\Medion Info Display\MdionLCM.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Windows Defender\MSASCui.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Windows Desktop Search\WindowsSearch.exe C:\Programme\Windows Desktop Search\WindowsSearchIndexer.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe D:\Virus\HiJack\1_99_1.exe C:\Programme\Windows Desktop Search\WindowsSearchFilter.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08456E74-74AC-405E-BF46-6B950FC264F0} - C:\WINDOWS\system32\vturo.dll (file missing) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Canon LBP5000 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE O4 - Global Startup: HPAiODevice(hp officejet d series) - 2.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140310168053 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140351610109 O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kunden.ghostcompany.com/autobank/tsweb/msrdp.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: bw+0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Vorerst schaut's mal gut aus, Trojaner hat sich zwischenzeitlich noch nicht gemeldet. Gruß Ferdinand |
|
|
||
04.05.2007, 09:20
Moderator
Beiträge: 7805 |
#9
Du solltest folgende Dinge anhaken und fix checked druecken:
O2 - BHO: (no name) - {08456E74-74AC-405E-BF46-6B950FC264F0} - C:\WINDOWS\system32\vturo.dll (file missing) O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset Starte neu und schaue, ob die EIntraege wirklich verschwunden sind. Sofern du eine gueltige Kasperskylizenz hast, solltest du dir ueberlegen, ob du es nicht aktualisieren solltest. Kontrolliere, ob der Keay auch fuer die Version 6 funktioniert. INfos kannst du u.a. in deren Forum finden: http://forum.kaspersky.com/ __________ MfG Ralf SEO-Spam Hunter |
|
|
||
04.05.2007, 18:23
...neu hier
Themenstarter Beiträge: 6 |
#10
Lieber Ralf,
die beiden Einträge sind verschwunden. Der Trojaner meldet sich nicht mehr und unerwünschte Web-Sites tun sich auch nicht mehr auf. Schon geschafft? Natürlich hätte ich noch eine Unmenge Frage, wie zB was die unendlich vielen Logitech-Einträge im HighjackThis-log sollen, warum im Taskmanager die explorer.exe immer noch laufend Seitenfehler zählt obwohl der Explorer nicht geöffnet ist usw. usw. Die wichtigste Frage ist aber, wie/wo kann man sich solches Wissen aneignen, um derartig verflochtene Probleme herauszufinden und zu beseitigen - jedenfalls bewundernswert. Zu Kaspersky-AV: Meine Lizenz ist leider seit Februar abgelaufen und ich war zu faul um zu verlängern bzw. habe ich seit dem Trojaner keine Kreditkartendaten übers Netz schicken wollen. Werde dies rasch nachholen (hätte hier aber nichts vermieden, da ich mir die exe-Datei selber runtergeladen und aktiviert habe). Sollte alles fertig sein, meinen besten und herzlichen Dank. Auf Eurer Seite sollte es ja auch eine Donation-Möglichkeit geben - so viel und gekonnte Unterstützung verdient Belohnung. Gruß, Ferdinand |
|
|
||
04.05.2007, 18:32
Moderator
Beiträge: 7805 |
#11
Das die explorer.exe laeuft ist normal. Sie sorgt fuer die Dasrstellung von u.a. der Taskleiste. Kill die explorer.exe im Taskmanager und du wirst es merken!
Durch einen Bug in der Logitech Software, sind dort nun einiges an O18 Eintraege. Am besten deinstalliere den ganzen Logitech kram. Tja, wie man das lernen kann, ist eigentlich wie bei allen Dingen. Interesse zeigen,d ueben, ueben ueben und Google nutzen! Achso, eine Donation Moeglichkeit gibt es. Schaue ganz unten auf die Seite bei Werbung/Spenden http://board.protecus.de/media.php __________ MfG Ralf SEO-Spam Hunter |
|
|
||
auch meinen PC hat's vor 5 Tagen erwischt und ich kann diesen Trojaner trotz Eurer vielen Anweisungen nicht los werden. Kaspersky-AV findet und isoliert den Trojaner und Windows-Defender gibt Warnung über die neuen .dll-Dateien, aber trotzdem kommt alles immer wieder und nach einiger Zeit friert I-Explorer, Win-Explorer und dann der ganze PC ein. Auch beim Öffnen von Outlook or Win-Exploer wird der Trojaner aktiv.
Nachstehend meine Log-Files, wie in der Aweisung von Sabina:
1a. HiJackThis-Log
1b. ComboScan (log und supplemetary-log)
2. CleanUp
3. Combofix
4. Datfin.bat (6 logs)
Jedenfalls wurden zwischen diesen Aktionen/Abfragen immer wieder neue .dll-Dateien vom Trojaner produziert.
Danke im voraus für Hilfe.
Logfile of HijackThis v1.99.1
Scan saved at 09:48:26, on 30.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
D:\Virus\HiJack\1_99_1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yiqwdcgt.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP5000 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: HPAiODevice(hp officejet d series) - 2.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140310168053
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140351610109
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kunden.ghostcompany.com/autobank/tsweb/msrdp.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: rqrppqn - C:\WINDOWS\SYSTEM32\rqrppqn.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--------------------------------------------
2. ComboScan-Log:
ComboScan v20070306.20 run by Weidlinger on 2007-04-30 at 10:17:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 5 Restore Point(s) --
104: 2007-04-30 08:17:42 UTC - RP444 - ComboScan Restore Point
103: 2007-04-30 07:55:45 UTC - RP443 - Windows Defender Checkpoint
102: 2007-04-30 05:19:22 UTC - RP442 - Windows Defender Checkpoint
101: 2007-04-29 22:02:27 UTC - RP441 - Windows Defender Checkpoint
100: 2007-04-29 21:05:41 UTC - RP440 - Windows Defender Checkpoint
-- First Restore Point --
1: 2007-01-30 06:56:45 UTC - RP341 - Systemprüfpunkt
Performed disk cleanup.
-- HijackThis (run as Weidlinger.exe) ------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:17:56, on 30.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Windows Desktop Search\WindowsSearchIndexer.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Windows Desktop Search\WindowsSearchFilter.exe
D:\Virus\ComboScan\comboscan.exe
D:\Virus\HiJack\Weidlinger.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AE419761-06FB-439E-A19F-341547F990F2} - C:\WINDOWS\system32\vturo.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\siklhetb.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP5000 Statusfenster.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O4 - Global Startup: HPAiODevice(hp officejet d series) - 2.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140310168053
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140351610109
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://kunden.ghostcompany.com/autobank/tsweb/msrdp.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {523AE2C1-DB13-493D-A864-4FD29E0B5BD1} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: rqrppqn - C:\WINDOWS\SYSTEM32\rqrppqn.dll
O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- HijackThis Fixed Entries (D:\Virus\HiJack\backups\) -------------------------
backup-20070430-095429-196 O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
backup-20070430-095429-851 O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\yiqwdcgt.dll
backup-20070430-095429-905 O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
backup-20070430-095610-688 O2 - BHO: (no name) - {33759A68-CAD7-499A-AFFB-F8E428BD7612} - C:\WINDOWS\system32\vturo.dll
backup-20070430-095610-939 O2 - BHO: (no name) - {66020456-CB22-487F-AC2C-09F6417C55B3} - C:\WINDOWS\system32\rqrppqn.dll
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3R 3xHybrid (3xHybrid service) - C:\WINDOWS\system32\drivers\3xHybrid.sys
2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - C:\WINDOWS\system32\drivers\AegisP.sys
3R AgereSoftModem (Creatix V.92 Data Fax Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3S Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ASAPIW2k - C:\WINDOWS\system32\drivers\asapiW2k.sys
3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3R CMISTOR (CMIUCR.SYS CM220 Card Reader Driver) - C:\WINDOWS\system32\drivers\cmiucr.SYS
3R dot4 (MS IEEE-1284.4 Driver) - C:\WINDOWS\system32\drivers\Dot4.sys
3R Dot4Print (Druckerklassentreiber für IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys
3R Dot4Scan (Scan Class Driver for IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Scan.sys
3R dot4usb (Dot4USB Filter Dot4USB Filter) - C:\WINDOWS\system32\drivers\Dot4usb.sys
3R FTDIBUS (SEMC DSS SyncStation Serial Converter Driver) - C:\WINDOWS\system32\drivers\ftdibus.sys
3R FTLUND (Lundinova Filter Driver) - C:\WINDOWS\system32\drivers\ftlund.sys
3R FTSER2K (SEMC DSS SyncStation Driver) - C:\WINDOWS\system32\drivers\ftser2k.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R hidusb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys
0R Kl1 - C:\WINDOWS\system32\drivers\kl1.sys
1R Klif - C:\WINDOWS\system32\drivers\klif.sys
1R Klmc - C:\WINDOWS\system32\drivers\klmc.sys
0R Klpf - C:\WINDOWS\system32\drivers\Klpf.sys
0R Klpid - C:\WINDOWS\system32\drivers\Klpid.sys
2R LBeepKE - C:\WINDOWS\system32\drivers\LBeepKE.sys
3R LHidKe (Logitech SetPoint HID Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidKE.Sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3R MarvinBus (Pinnacle Marvin Bus) - C:\WINDOWS\system32\drivers\MarvinBus.sys
3R mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE-Filter) - C:\WINDOWS\system32\drivers\mpe.sys
3R MQAC (Message Queuing access control) - C:\WINDOWS\system32\drivers\mqac.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\ndisip.sys
3S NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys
1R PCLEPCI - C:\WINDOWS\system32\drivers\Pclepci.sys
3S pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R RMCAST (Reliable Multicast Protocol driver) - C:\WINDOWS\system32\drivers\rmcast.sys
3S RT2500USB (RT2500 USB Wireless LAN Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys
3R rtl8139 (NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter) - C:\WINDOWS\system32\drivers\RTL8139.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
1R Tcpip6 (Microsoft IPv6-Protokolltreiber) - C:\WINDOWS\system32\drivers\tcpip6.sys
3R tunmp (Microsoft Tun-Miniportadaptertreiber) - C:\WINDOWS\system32\drivers\tunmp.sys
3R usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3R USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys
3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R XUIF (X10 USB Wireless Transceiver) - C:\WINDOWS\system32\drivers\x10ufx2.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2R CyberLink Media Library Service - "C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R IISADMIN (IIS Admin) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R kavsvc - "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"
2R MSFtpsvc (FTP-Publishing) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R MSMQ (Message Queuing) - C:\WINDOWS\system32\mqsvc.exe
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
3S p2pgasvc (Peernetzwerk-Gruppenauthentifizierung) - C:\WINDOWS\system32\svchost.exe -k p2psvc
3S p2pimsvc (Peernetzwerkidentitäts-Manager) - C:\WINDOWS\system32\svchost.exe -k p2psvc
3S p2psvc (Peernetzwerk) - C:\WINDOWS\system32\svchost.exe -k p2psvc
3S PNRPSvc (Peer Name Resolution-Protokoll) - C:\WINDOWS\system32\svchost.exe -k p2psvc
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"
2R SimpTcp (Einfache TCP/IP-Dienste) - C:\WINDOWS\system32\tcpsvcs.exe
2R SMTPSVC (Simple Mail Transfer Protocol (SMTP)) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R UxTuneUp (TuneUp Designerweiterung) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S W3SVC (WWW-Publishing) - C:\WINDOWS\system32\inetsrv\inetinfo.exe
2R WinDefend (Windows Defender) - "C:\Programme\Windows Defender\MsMpEng.exe"
2R WMDM PMSP Service - C:\WINDOWS\system32\MsPMSPSv.exe
3R x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-30 10:08:26 432 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2007-04-30 10:08:24 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-29 19:32:18 366 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-04-07 08:07:05 406 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job<1-KLIC~1.JOB>
-- Files created between 2007-03-30 and 2007-04-30 -----------------------------
2007-04-30 10:09:20 0 d-------- C:\avenger
2007-04-30 09:59:38 49204 --a------ C:\WINDOWS\system32\ukhkjtrc.dll
2007-04-30 09:55:07 49204 --a------ C:\WINDOWS\system32\hbjvlvwg.dll
2007-04-30 07:03:33 570826 ---hs---- C:\WINDOWS\system32\orutv.bak1<ORUTV~1.BAK>
2007-04-30 07:03:24 284244 -----n--- C:\WINDOWS\system32\vturo.dll
2007-04-29 23:58:26 353 ---hs---- C:\WINDOWS\system32\vybeg.ini2<VYBEG~1.INI>
2007-04-29 19:47:26 0 d-------- C:\Programme\HiJack
2007-04-29 19:32:10 0 d-------- C:\Programme\RegCure
2007-04-28 15:10:29 49204 --a------ C:\WINDOWS\system32\yiqwdcgt.dll
2007-04-28 13:10:15 284244 --a------ C:\WINDOWS\system32\ddayy.dll
2007-04-28 10:10:12 284244 --a------ C:\WINDOWS\system32\ssqpo.dll
2007-04-28 07:10:11 284244 --a------ C:\WINDOWS\system32\mlljg.dll
2007-04-26 08:33:19 132660 --a------ C:\WINDOWS\system32\siklhetb.dll
2007-04-26 00:47:37 132660 --a------ C:\WINDOWS\system32\viehlipb.dll
2007-04-26 00:42:33 132660 --a------ C:\WINDOWS\system32\fjwfqcam.dll
2007-04-25 23:56:48 132660 --a------ C:\WINDOWS\system32\akehlhck.dll
2007-04-25 23:50:57 132660 --a------ C:\WINDOWS\system32\iffrvhut.dll
2007-04-25 18:05:16 132660 --a------ C:\WINDOWS\system32\inrgitfp.dll
2007-04-23 23:31:06 353 ---hs---- C:\WINDOWS\system32\qstwa.ini2<QSTWA~1.INI>
2007-04-23 17:17:40 281172 ---hs---- C:\WINDOWS\system32\pmkji.dll
2007-04-23 17:06:21 0 d-------- C:\Programme\LightScribe Diagnostic Utility<LIGHTS~1>
2007-04-23 16:48:34 0 d-------- C:\Programme\Gemeinsame Dateien\LightScribe<LIGHTS~1>
2007-04-22 15:45:24 49204 --a------ C:\WINDOWS\system32\mprgnbfh.dll
2007-04-22 15:36:32 26678 --a------ C:\WINDOWS\system32\rqrppqn.dll
2007-04-05 23:06:27 13568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-04-05 23:06:14 71680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-04-05 23:06:14 56064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-04-05 23:06:09 3712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-04-05 23:06:08 53248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-04-05 23:06:08 110592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-04-05 23:06:08 155648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-04-05 23:06:07 126976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-04-05 23:05:33 27264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-04-05 23:05:33 94208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-04-05 23:05:32 0 d-------- C:\Programme\Logitech
2007-04-05 23:05:31 0 d-------- C:\Programme\Gemeinsame Dateien\Logitech
2007-04-05 22:41:20 21504 --a------ C:\WINDOWS\system32\hidserv.dll
-- Find3M Report ---------------------------------------------------------------
2007-04-30 00:29:24 0 d-------- C:\Programme\Microsoft Money<MICAC0~1>
2007-04-30 00:21:35 0 d-------- C:\Programme\TuneUp Utilities 2006<TUNEUP~1>
2007-04-26 00:46:28 0 d-------- C:\Programme\Windows Live Toolbar<WI81E8~1>
2007-04-25 23:55:59 499532 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-25 23:55:59 101154 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-23 23:03:45 0 d-------- C:\Programme\AdorageI-GfxDatas<ADORAG~2>
2007-04-23 22:32:24 0 d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-04-23 16:48:34 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-04-19 16:50:47 0 d-------- C:\Programme\DesignPro 2000<DESIGN~1>
2007-04-10 06:45:05 0 d-------- C:\Programme\Java
2007-04-05 23:12:56 0 d-------- C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten\Logitech
2007-04-05 23:06:48 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-03-18 13:33:53 0 d-------- C:\Programme\Railroad Tycoon II - Platinum<RAILRO~1>
2007-03-18 12:08:51 0 d-------- C:\Programme\Tropico Demo<TROPIC~1>
2007-03-17 15:44:25 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:36:30 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36:30 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36:30 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32:24 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:18:44 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-04 20:40:31 8273 --a------ C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten\Microsoft Excel.JNL<MICROS~1.JNL>
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"WMPNSCFG"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"KAVPersonal50"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\kav.exe\" /minimize"
"itype"="\"C:\\Programme\\Microsoft IntelliType Pro\\itype.exe\""
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
@=""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\siklhetb.dll\",realset"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Reminder"="C:\\Programme\\Microsoft Money\\System\\reminder.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"Share-to-Web Namespace Daemon"="C:\\Programme\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CnOServerLauncher"="CNOServerLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{66020456-CB22-487F-AC2C-09F6417C55B3}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrppqn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturo
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
-- End of ComboScan: finished at 2007-04-30 at 10:18:28 ------------------------
-----------------------------------------------------
ComboScan Supplementary-log:
ComboScan v20070306.20 run by Weidlinger on 2007-04-30 at 10:17:37
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German
CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1022.42 MiB / 442.38 MiB
Pagefile Memory (total/avail): 2460.77 MiB / 1957.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.73 MiB
C: is Fixed (NTFS) - 85.32 GiB total, 58.88 GiB free.
D: is Fixed (NTFS) - 107.42 GiB total, 77.42 GiB free.
E: is Fixed (NTFS) - 87.89 GiB total, 69.29 GiB free.
F: is Fixed (NTFS) - 45.38 GiB total, 28.07 GiB free.
G: is Fixed (FAT32) - 9.32 GiB total, 4.38 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Fixed (NTFS) - 39.06 GiB total, 16.83 GiB free.
N: is Fixed (NTFS) - 48.83 GiB total, 1.13 GiB free.
O: is Fixed (NTFS) - 145 GiB total, 6.28 GiB free.
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Kaspersky Anti-Hacker v1.8.0.180 (Kaspersky Lab)
AV: Kaspersky Anti-Virus Personal Pro v5.0.376 (Kaspersky Labs) [COLOR=RED]Outdated[/COLOR]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Weidlinger\Anwendungsdaten
CLASSPATH=C:\Programme\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=WEI03
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Weidlinger
LOGONSERVER=\\WEI03
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programme\QuickTime\QTSystem\;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\WEIDLI~1\LOKALE~1\Temp
USERDOMAIN=WEI03
USERNAME=Weidlinger
USERPROFILE=C:\Dokumente und Einstellungen\Weidlinger
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Weidlinger (admin)
Ferdinand
Renate
Administrator (admin)
Gast (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetw