Virus Burst!! Wie kann ich den löschen??Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
12.05.2007, 14:49
...neu hier
Beiträge: 5 |
||
 
|
|
|
|
12.05.2007, 16:12
Moderator
Beiträge: 7805 |
#2
Nutze zur Reinigung diese Anleitung: http://siri.geekstogo.com/SmitfraudFix_De.php
Danach pruefe diese Datei C:\WINDOWS\runservice.exe bitte bei Jotti oder VT und sag was gefunden wird __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
12.05.2007, 18:53
...neu hier
Themenstarter Beiträge: 5 |
#3
Hallo.
danke für die schnelle Antwort. War nur mal schnell weg. Hier der Rapport nachsmifraudfix : SmitFraudFix v2.181 Scan done at 15:03:39,84, 12.05.2007 Run from E:\Download-Dateien\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous" [HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="C:\WINDOWS\system32\kgkdbsk.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32] @="C:\WINDOWS\system32\kgkdbsk.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\kgkdbsk.dll -> Hoax.Win32.Renos.gen.l C:\WINDOWS\system32\kgkdbsk.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\DOKUME~1\KILLER~1\FAVORI~1\Online Security Test.url Deleted C:\Programme\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Die Runservice.exe prüfe ich grad auf VT - kann aber noch 50 min dauern Jotti geht grad nicht. Danke dir. ch weiß nicht, ob das weiter hilft. bei Dr. Web kam ich zu diesem Ergebnis: Last Hot-AddOn 12.05.2007 18:25:09 Runservice.exe no virus detected das blinkende Zeichen in der Taskleiste ist auch weg... Dieser Beitrag wurde am 12.05.2007 um 19:02 Uhr von milkywilkywa editiert.
|
|
|
|
|
|
|
12.05.2007, 19:20
Moderator
Beiträge: 7805 |
#4
Ist wohl auch egal. Scheint laut wintotal das zu sein http://www.elicense.com/
Poste bitte zum Abschluss noch ein Combofix report: http://virus-protect.org/artikel/tools/combofix.html __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
12.05.2007, 19:29
...neu hier
Themenstarter Beiträge: 5 |
#5
was ist dieses elicense???
hier der Report: "Killermaus" - 2007-05-12 19:26:16 Service Pack 2 ComboFix 07-05.08.3.V - Running from: "E:\Download-Dateien\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 )))))))))))))))))))))))))))))))))) 2007-05-12 15:20 <DIR> d-------- C:\Programme\Roguescanfix 2007-05-12 15:18 <DIR> d-------- C:\VundoFix Backups 2007-05-12 14:55 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-05-12 14:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-05-12 14:55 4,102 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-12 14:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-05-12 13:53 <DIR> d--h----- C:\WINDOWS\PIF 2007-05-12 13:25 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy 2007-05-11 02:19 <DIR> d-------- C:\Programme\a-squared Anti-Malware 2007-05-10 00:06 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2007-05-07 21:32 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-05-05 16:06 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-05-03 19:57 48,640 --a------ C:\WINDOWS\mmfs.dll 2007-05-03 19:57 2,560 --a------ C:\WINDOWS\Runservice.exe 2007-05-03 19:57 1,433 --ahs---- C:\WINDOWS\system32\mmf.sys 2007-05-01 23:03 <DIR> d-------- C:\DOKUME~1\KILLER~1\ANWEND~1\ICQ 2007-05-01 23:02 <DIR> d-------- C:\Programme\ICQToolbar 2007-05-01 15:38 <DIR> d-------- C:\Programme\Neuer Ordner 2007-04-13 16:26 <DIR> d-------- C:\Programme\CoolBits2 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-12 16:55:18 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-05-12 11:41:52 76,014 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-05-12 11:41:52 418,970 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-05-10 22:30:58 -------- d-----w C:\Programme\Gemeinsame Dateien\Concord 2007-05-07 19:36:33 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-05-05 19:40:30 -------- d-----w C:\DOKUME~1\KILLER~1\ANWEND~1\Vso 2007-05-05 14:05:51 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-05-02 21:34:47 -------- d-----w C:\DOKUME~1\KILLER~1\ANWEND~1\Canon 2007-05-01 13:52:16 -------- d-----w C:\Programme\Symantec 2007-05-01 13:52:14 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-01 13:52:14 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-04-07 10:10:34 -------- d-----w C:\Programme\letstrade 2007-04-07 10:10:34 -------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service 2007-04-07 10:10:31 -------- d-----w C:\Programme\Gemeinsame Dateien\DataDesign 2007-04-07 10:10:27 632,320 ----a-w C:\WINDOWS\fpuninst.exe 2007-04-05 15:38:49 -------- d-----w C:\DOKUME~1\KILLER~1\ANWEND~1\Media Player Classic 2007-04-05 15:28:39 -------- d-----w C:\DOKUME~1\KILLER~1\ANWEND~1\Apple Computer 2007-04-05 15:28:25 -------- d-----w C:\Programme\iPod 2007-04-05 15:28:07 -------- d-----w C:\Programme\QuickTime 2007-04-05 15:20:59 -------- d-----w C:\Programme\Gemeinsame Dateien\Hypnotizer 2007-04-01 10:56:19 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat 2007-03-18 15:57:04 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-03-18 15:57:04 -------- d--h--r C:\DOKUME~1\KILLER~1\ANWEND~1\SecuROM 2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:18:44 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{055FD26D-3A88-4e15-963D-DC8493744B1D}"="C:\PROGRA~1\ICQTOO~1\toolbaru.dll" "{1E8A6170-7264-4D0F-BEAE-D42A53123C75}"="C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll" "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" "{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Programme\Windows Live Toolbar\msntb.dll" "{E5A1691B-D188-4419-AD02-90002030B8EE}"="E:\Internet\FlashFXP\IEFlash.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "T-DSL SpeedMgr"="\"E:\\Programme\\T-DSL SpeedManager\\SpeedMgr.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "nwiz"="nwiz.exe /install" @="" "Launch LGDCore"="\"E:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE" "Launch LCDMon"="\"E:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\"" "ALDI_SUED_FotoSuite_Download"="\"E:\\Programme\\ALDI Sued Foto Service\\ALDI_Foto_Service\\FotoSuite.exe\" /autorun" "iTunesHelper"="\"E:\\Programme\\iTunes\\iTunesHelper.exe\"" "CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"E:\\Programme\\Norton Internet Security\\osCheck.exe\"" "Symantec PIF AlertEng"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "SpybotSD TeaTimer"="E:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "Steam"="\"E:\\Programme\\Steam\\Steam.exe\" -silent" "ICQ"="\"E:\\Programme\\ICQ6\\ICQ.exe\" silent" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VC7Player"="C:\\Programme\\HHVcdV7Sys\\VC7Play.exe" "razer"="E:\\Programme\\Razer\\razerhid.exe" "nwiz"="nwiz.exe /install" "SunJavaUpdateSched"="C:\\Programme\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "AGEIA PhysX SysTray"="C:\\Programme\\AGEIA Technologies\\TrayIcon.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "VC8Player"="E:\\Brennen\\VirtualCD8\\System\\VC8Play.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M] Shell\AutoRun\command M:\setup.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00b29a98-e8ca-11da-a8c3-001109280c55}] Shell\AutoRun\command M:\autorun.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\Auf Updates fr Windows Live Toolbar prfen.job C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Killermaus.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-12 19:28:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-12 19:28:34 C:\ComboFix-quarantined-files.txt ... 2007-05-12 19:28 |
|
|
|
|
|
|
12.05.2007, 19:41
Moderator
Beiträge: 7805 |
#6
Keine Ahnung was das ist. Laut wintotal http://www.wintotal.de/Spyware/index.php?Filter=R ist es das:
Runservice.exe Programme (C:\Windows, C:\WINNT) Licctrl Software (License Manager Service), ViaTechs eLicense System, Lizenz-System-Verband für Software und Games , Info wird wohl mit einem Spiel o.ae. installiert. __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
12.05.2007, 19:50
...neu hier
Themenstarter Beiträge: 5 |
#7
Also virenfrei???
Hier nun auch endlich das Protokoll von VT VirusTotal VirusTotal is a free file analisys service that works using several antivirus engines. Select file : Distribute SSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send. Menu: * News Hot news in the virus/antivirus sector. * Estadisticas Statistics of VirusTotal procesing. * Virustotal More info about Virustotal. STATUS: FINISHED Complete scanning result of "Runservice.exe", received in VirusTotal at 05.12.2007, 18:50:59 (CET). Antivirus Version Update Result AhnLab-V3 2007.5.10.0 05.11.2007 no virus found AntiVir 7.4.0.15 05.12.2007 no virus found Authentium 4.93.8 05.12.2007 no virus found Avast 4.7.997.0 05.11.2007 no virus found AVG 7.5.0.467 05.11.2007 no virus found BitDefender 7.2 05.12.2007 no virus found CAT-QuickHeal 9.00 05.12.2007 no virus found ClamAV devel-20070416 05.12.2007 no virus found DrWeb 4.33 05.12.2007 no virus found eSafe 7.0.15.0 05.10.2007 no virus found eTrust-Vet 30.7.3628 05.11.2007 no virus found Ewido 4.0 05.12.2007 no virus found FileAdvisor 1 05.12.2007 no virus found Fortinet 2.85.0.0 05.12.2007 no virus found F-Prot 4.3.2.48 05.12.2007 no virus found F-Secure 6.70.13030.0 05.11.2007 no virus found Ikarus T3.1.1.7 05.12.2007 no virus found Kaspersky 4.0.2.24 05.12.2007 no virus found McAfee 5029 05.11.2007 no virus found Microsoft 1.2503 05.12.2007 no virus found NOD32v2 2262 05.12.2007 no virus found Norman 5.80.02 05.11.2007 no virus found Panda 9.0.0.4 05.12.2007 no virus found Prevx1 V2 05.12.2007 no virus found Sophos 4.17.0 05.11.2007 no virus found Sunbelt 2.2.907.0 05.12.2007 no virus found Symantec 10 05.12.2007 no virus found TheHacker 6.1.6.114 05.12.2007 no virus found VBA32 3.12.0 05.11.2007 no virus found VirusBuster 4.3.7:9 05.11.2007 no virus found Webwasher-Gateway 6.0.1 05.12.2007 no virus found Aditional Information File size: 2560 bytes MD5: 29fab5363138f6e322f4cd780ed9d337 SHA1: a8b494d736c665b463b71c44ca99f248fd938d6d |
|
|
|
|
|
|
12.05.2007, 19:52
Moderator
Beiträge: 7805 |
||
|
|
|
|
|
12.05.2007, 20:16
...neu hier
Themenstarter Beiträge: 5 |
#9
Perfekt - Danke!!!
Wirklich super schnelle Hilfe :-) |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe unten in der Taskleiste dieses blinkende Fragezeichen.
Hab schon ein bisschen gesurft und drauf gekommen, dass es der Burst Virus ist.
Könnte mir Neuling bitte jemand helfen, damit ich den los bekommen???
Hier das Hijackthis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 14:42:10, on 12.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\runservice.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
E:\SOPHOS\Sophos Anti-Virus\SAVAdminService.exe
E:\SOPHOS\AutoUpdate\ALsvc.exe
E:\Brennen\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HHVcdV7Sys\VC7SecS.exe
E:\Brennen\VirtualCD8\System\VC8SecS.exe
C:\WINDOWS\system32\RunDll32.exe
E:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\Programme\T-DSL SpeedManager\TSMSvc.exe
E:\Programme\Logitech\G-series Software\LGDCore.exe
E:\Programme\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\rundll32.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
E:\Programme\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
E:\Programme\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
E:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe
E:\Programme\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programme\MSN Messenger\msnmsgr.exe
E:\Programme\Spybot - Search & Destroy\TeaTimer.exe
E:\SOPHOS\AutoUpdate\ALMon.exe
E:\Programme\SEC\MagicTune3.6\GammaTray.exe
E:\Programme\SEC\MagicTune3.6\MagicTune.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
E:\SOPHOS\Sophos Anti-Virus\SAVMain.exe
E:\Download-Dateien\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.razerzone.com/diamondbackdriver.html
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Programme\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\Internet\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "E:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "E:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "E:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = E:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = E:\SOPHOS\AutoUpdate\ALMon.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune 3.6.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\Internet\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Internet\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Internet\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECCD4522-27EE-4139-AB04-C7E3D97368E5}: NameServer = 217.237.148.102 217.237.151.115
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - E:\SOPHOS\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - E:\SOPHOS\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - E:\SOPHOS\AutoUpdate\ALsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Brennen\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - E:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - E:\Tools\WinStylerThemeSvc.exe (file missing)
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - E:\Brennen\VirtualCD8\System\VC8SecS.exe
DAAAAANKE!!!