System verseucht mit Smitfraud-C.toolbar888, Viren, etc.

#0
15.06.2007, 14:49
Member

Beiträge: 16
#1 Hallo,
Ich brauche mal wieder Hilfe. Seit ein paar Tagen weisst mich Norton Antivirus 2006 immer wieder auf Bedrohungen hin, die auch sofort blockiert werden. Bei einem vollständigen Scan fand Norton 8 Bedrohungen, die auch sofort repariert werden sein sollen. Doch nach einem Neustart hatte ich sehr schnell wieder dieselben Warnungen.
Spybot S&D findet "Smitfraud-C.toolbara888".

Mir scheint, mein System ist völlig verseucht, ich poste einfach mal die Logs:

Combfix:


ComboFix 07-06-13.3 - C:\Downloads\ComboFix.exe
"Jan Kriebel" - 2007-06-15 14:27:22 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winwim32.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))


2007-06-15 14:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-14 20:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-13 22:08 57,344 --a------ C:\DOKUME~1\ALLUSE~1\ANWEND~1\gtuncnqj.exe
2007-06-13 19:08 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\WinSplit
2007-06-13 16:36 <DIR> d-------- C:\Programme\Rapidown
2007-06-06 21:57 49,536 --a------ C:\WINDOWS\system32\drivers\aastj30w.sys
2007-06-06 14:33 <DIR> d-------- C:\Programme\Ray Adams
2007-06-03 12:20 <DIR> d-------- C:\Programme\Photodex Presenter
2007-06-03 12:20 <DIR> d-------- C:\Programme\Photodex
2007-06-03 12:20 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\Netscape
2007-06-03 12:17 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\Photodex
2007-06-02 22:08 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-06-02 22:04 <DIR> d-------- C:\Programme\OO Software
2007-06-01 17:49 <DIR> d-------- C:\Programme\Sierra
2007-05-29 21:12 <DIR> d-------- C:\DOKUME~1\JANKRI~1\ANWEND~1\Command & Conquer 3 Tiberium Wars
2007-05-29 19:17 <DIR> d-------- C:\Programme\Valve
2007-05-25 13:20 <DIR> d-------- C:\Programme\FLVPlayer
2007-05-25 13:17 <DIR> d-------- C:\DOKUME~1\JANKRI~1\dwhelper
2007-05-19 22:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-19 15:51 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-19 15:51 67,584 --a------ C:\WINDOWS\ScUnin.exe
2007-05-19 15:51 11,213 --a------ C:\WINDOWS\scunin.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 21:08:25 -------- d-----w C:\Programme\Trillian
2007-06-14 21:08:13 -------- d-----w C:\Programme\Symantec
2007-06-14 20:51:18 -------- d-----w C:\Programme\iTunes
2007-06-14 20:49:54 -------- d-----w C:\Programme\Google
2007-06-14 20:47:19 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-06-14 20:13:50 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Symantec
2007-06-14 19:21:49 -------- d-----w C:\Programme\Messenger
2007-06-14 12:28:44 -------- d-----w C:\Programme\Tweak-XP Pro 4
2007-06-14 05:05:23 -------- d-----w C:\Programme\Norton AntiVirus
2007-06-13 19:36:19 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-13 19:34:31 -------- d-----w C:\Programme\CyberLink
2007-06-13 18:05:43 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\OpenOffice.org2
2007-06-12 13:33:28 -------- d-----w C:\Programme\Gothic III
2007-06-06 11:09:55 -------- d-----w C:\Programme\iPod
2007-06-06 11:02:03 -------- d-----w C:\Programme\QuickTime
2007-06-01 15:56:27 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-01 12:30:57 -------- d-----w C:\Programme\World of Warcraft
2007-05-31 17:37:03 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Hamachi
2007-05-31 16:25:13 -------- d-----w C:\Programme\Winamp
2007-05-31 15:27:53 -------- d-----w C:\Programme\EA GAMES
2007-05-29 16:56:38 -------- d-----w C:\Programme\Electronic Arts
2007-05-29 16:52:23 -------- d-----w C:\Programme\Jade Empire
2007-05-27 22:42:41 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Xfire
2007-05-27 22:39:42 -------- d-s---w C:\Programme\Xfire
2007-05-27 16:27:28 -------- d-----w C:\Programme\UI Central
2007-05-27 13:06:06 -------- d-----w C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2007-05-26 21:02:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-26 20:04:22 -------- d-----w C:\Programme\Paint.NET
2007-05-26 15:40:55 -------- d-----w C:\Programme\Rockstar Games
2007-05-20 11:54:10 -------- d-----w C:\Programme\Starcraft
2007-05-19 17:31:39 -------- d-----w C:\Programme\Ubisoft
2007-05-19 17:22:36 -------- d-----w C:\Programme\Ulead Systems
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 12:05:51 -------- d-----w C:\Programme\WoW Model Viewer
2007-05-13 13:42:20 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\Skype
2007-05-11 12:14:36 -------- d-----w C:\Programme\Worms 4 Mayhem
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:07:38 206,344 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:07:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:07:22 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:07:20 16,904 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:19:26 38,160 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-05-10 10:53:28 -------- d-----w C:\Programme\Microsoft CAPICOM 2.1.0.2
2007-05-06 17:12:12 -------- d-----w C:\Programme\Guitar Pro 5
2007-04-26 17:54:22 -------- d-----w C:\Programme\TV-Browser
2007-04-26 17:52:40 -------- d-----w C:\Programme\TVgenial
2007-04-26 13:51:09 -------- d-----w C:\DOKUME~1\JANKRI~1\ANWEND~1\MusicIP
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-19 14:31:24 -------- d-----w C:\Programme\Mozilla Thunderbird
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-15 18:14:09 -------- d-----w C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2007-04-15 09:12:22 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-06 14:11:32 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-02 14:27:45 15,555 ----a-w C:\WINDOWS\mozver.dat
2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-25 10:01:37 74,996 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 10:01:37 415,470 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2006-10-10 14:14:19 56 --sh--r C:\WINDOWS\system32\4A18A6001F.sys
2006-10-10 14:14:19 11,690 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Programme\Norton AntiVirus\NavShExt.dll [2007-06-07 14:44]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar4.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-21 19:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="C:\Programme\Nero\Nero 7\InCD\InCD.exe" []
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-02-22 12:11]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"LanguageShortcut"="C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"gtuncnqj.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe" [2007-06-13 22:08]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:57]
"Steam"="" []
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 19:24]
"AtiTrayTools"="C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 11:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\GEMEIN~1\Stardock\MCPCore.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen für Microsoft Works-Kalender.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk
backup=C:\WINDOWS\pss\Erinnerungen für Microsoft Works-Kalender.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package Menu.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Jan Kriebel^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
path=C:\Dokumente und Einstellungen\Jan Kriebel\Startmenü\Programme\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Jan Kriebel^Startmenü^Programme^Autostart^Trillian.lnk]
path=C:\Dokumente und Einstellungen\Jan Kriebel\Startmenü\Programme\Autostart\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
C:\Programme\Anti-Blaxx 1.18\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Programme\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL]
C:\Programme\Audio Deck\EnMixCPL.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeedBuster]
"C:\Programme\Alnera\FeedBuster\FeedBuster.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\valve\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe


Contents of the 'Scheduled Tasks' folder
2007-06-06 10:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-08 19:49:48 C:\WINDOWS\tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Jan Kriebel.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 14:32:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-15 14:36:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-15 14:35
C:\ComboFix2.txt ... 2006-12-05 17:14

--- E O F ---

---------------------------------------------------------------
Außerdem wurde noch eine Datei namens Combofix-quarantine erstellt. Das hier stand darin:

Code

2007-06-13 22:04      22016    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\winwim32.dll.vir
2007-06-15 14:29      352    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Auflistung der Ordnerpfade
Volumenummer: 98F9-620B
C:\QOOBOX
\---Quarantine
    +---C
    |   \---WINDOWS
    |       \---system32
    |               winwim32.dll.vir
    |              
    \---Registry_backups
            services_nm.reg.cf
            
---------------------------------------------------------------------

HijackThis:


Logfile of HijackThis v1.99.1
Scan saved at 14:40:25, on 15.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: ATI Tray Tools.lnk = C:\Programme\Radeon Omega Drivers\v3.8.330\2KXP_INF\SwpDrv\DelRad.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTestClient) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXProj_20060127.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175589687906
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: bw+0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

----------------------------------------------------------

Datfind.bat:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 98F9-620B

Verzeichnis von C:\WINDOWS\system32

15.06.2007 14:31 33.202 oodbs.lor
14.06.2007 22:03 2.550 Uninstall.ico
14.06.2007 22:03 1.406 Help.ico
14.06.2007 22:03 30.590 pavas.ico
14.06.2007 20:25 0 asfiles.txt
13.06.2007 14:07 12.598 wpa.dbl
06.06.2007 08:38 15.747.032 MRT.exe
01.06.2007 17:56 43.520 CmdLineExt03.dll
27.05.2007 11:30 263.264 FNTCACHE.DAT
26.05.2007 23:02 108.144 CmdLineExt.dll
19.05.2007 22:08 86.016 ElbyCDIO.dll
16.05.2007 17:11 683.520 inetcomm.dll
11.05.2007 02:09 1.050.120 oodag.exe
11.05.2007 02:08 2.512.392 oodtray.exe
11.05.2007 02:08 194.056 oodbs.exe
11.05.2007 02:07 206.344 oodtrrs.dll
11.05.2007 02:07 15.880 oodagrs.dll
11.05.2007 02:07 10.248 oodbsrs.dll
11.05.2007 02:07 16.904 oodagmg.dll
10.05.2007 23:18 15.368 ootmapi.dll
08.05.2007 10:59 3.583.488 mshtml.dll
27.04.2007 09:42 65.536 QuickTimeVR.qtx
27.04.2007 09:42 49.152 QuickTime.qts
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 822.784 wininet.dll
25.04.2007 09:42 232.960 webcheck.dll
25.04.2007 09:42 1.152.000 urlmon.dll
25.04.2007 09:42 105.984 url.dll
25.04.2007 09:42 102.400 occache.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 1.824.768 inetcpl.cpl
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 132.608 extmgr.dll
25.04.2007 09:41 153.088 ieakeng.dll
25.04.2007 09:41 124.928 advpack.dll
25.04.2007 09:41 230.400 ieaksie.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
18.04.2007 18:13 2.854.400 SET11.tmp
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 17:53 1.058.304 kernel32.dll
15.04.2007 11:12 108.544 pxcpyi64.exe
06.04.2007 16:11 48.776 S32EVNT1.DLL
02.04.2007 14:21 428.032 swreg.exe
28.03.2007 18:51 538.256 SymNeti.dll
28.03.2007 18:51 161.424 SymRedir.dll
25.03.2007 12:01 401.064 perfh009.dat
25.03.2007 12:01 62.344 perfc009.dat
25.03.2007 12:01 415.470 perfh007.dat
25.03.2007 12:01 74.996 perfc007.dat
25.03.2007 12:01 966.250 PerfStringBackup.INI
17.03.2007 15:44 293.376 winsrv.dll
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:32 1.843.712 win32k.sys
08.03.2007 14:31 45 initdebug.nfo
08.03.2007 01:51 39.672 vxblock.dll
08.03.2007 01:51 1.628.920 pxsfs.dll
08.03.2007 01:51 187.128 pxmas.dll
08.03.2007 01:51 379.640 pxwave.dll
08.03.2007 01:51 64.760 pxinsa64.exe
08.03.2007 01:51 129.784 pxafs.dll
08.03.2007 01:51 547.576 px.dll
08.03.2007 01:51 64.760 pxcpya64.exe
08.03.2007 01:51 510.712 pxdrv.dll
08.03.2007 01:51 72.440 pxhpinst.exe
28.02.2007 18:02 2.059.904 ntkrnlpa.exe
28.02.2007 18:02 2.182.656 ntoskrnl.exe

-----------------------------------------------------------------

Ich hoffe, ihr könnt mir helfen, und bedanke mich schonmal im Voraus.

Grüße, JanK
Seitenanfang Seitenende
15.06.2007, 15:02
Member

Beiträge: 3716
#2 hi,
1. arbeitsplatz öffnen,extras,ordneroptionen,ansicht
dateinamenerweiterungen bei bekannten dateitypen ausblenden off
geschützte systeemdateien ausblenden off
inhalte von systemordnern einblenden on
versteckte dateien und ordner alle einblenden on
2. lad dir hijackthis:
www.hijackthis.de
bitte instaliere das programm in eienn eigenen ordner
c:\programme\hijackhtis bitte benenne die hijackthis.exe in hjt.com um, dies ist nötig, da sich malware vor der hijackthis.exe verstecken kann also die
endung .exe muss verschwinden!
öffne nun das programm, klicke scan and safe log und poste dies hier.
3. lad combofix:
http://virus-protect.org/artikel/tools/combofix.html

poste log.
4. lad smitfraudfix:
http://siri.geekstogo.com/SmitfraudFix_De.php
bitte das erste log im normalen modus erstellen und die reinigung unbedingt im abgesicherten durchführen. bitte beide logs posten!
5. vundofix laden und posten:
www.hijackthis-forum.de/archive/index.php/t-18415.html - 14k -
so fot scannen lassen, bis nichts mehr gefunden wird, alle logs posten!
6. da vundo auch mit rootkits verbunden sein kann, lad dir all diese rootkitscanner runter und führe sie nach beschreibung aus:
www.hijackthis-forum.de/showthread.php?t=20219 - 38k -
bitte trenne deine internetverbindung und schalte alle programme wie antivirenlösung aus. mit trennen meine ich kabel raus, wlan aus.
7. logs in folgender reihenfolge posten:
1. smitfraudfix
2. vundofix
3. rootkitscanns
4. combofix und neues hijackthis.
Seitenanfang Seitenende
15.06.2007, 19:39
Member

Themenstarter

Beiträge: 16
#3 Hallo,
Danke erstmal für die schnelle Antwort.
Ich habe jetzt die Liste durchgearbeitet, da allerdings sowohl Vundofix als auch RootkitRevealer und Blacklight nichts gefunden haben, wollte ich erstmal die Zwischenergebnisse posten, bevor ich zig Logs poste, die alle dasselbe aussagen, nämlich dass nichts gefunden wurde.

1. Smitfraudfix

Normaler Modus:

SmitFraudFix v2.195

Scan done at 15:39:06,42, 15.06.2007
Run from C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\cmd.exe
C:\Programme\Messenger\msmsgs.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Jan Kriebel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Jan Kriebel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\JANKRI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Paketplaner-Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------

Abgesicherter Modus:

SmitFraudFix v2.195

Scan done at 15:19:03,51, 15.06.2007
Run from C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7AABD39B-3F4B-452B-9395-6E3FB954C3F5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

-----------------------------------------

2. Vundofix


VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 15:40:22 15.06.2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 15:47:05 15.06.2007

Listing files found while scanning....

No infected files were found.

-----------------------------------------------

3.1 RootkitReveal

HKU\.DEFAULT\Control Panel\International 15.06.2007 15:11 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 15.06.2007 15:11 0 bytes Security mismatch.
HKU\S-1-5-21-1801674531-606747145-725345543-1004\Control Panel\International 15.06.2007 15:11 0 bytes Security mismatch.
HKU\S-1-5-21-1801674531-606747145-725345543-1004\Control Panel\International\Geo 15.06.2007 15:11 0 bytes Security mismatch.
HKU\S-1-5-21-1801674531-606747145-725345543-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 27.05.2007 12:39 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-18\Control Panel\International 15.06.2007 15:11 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 15.06.2007 15:11 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 18.12.2004 18:53 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 18.12.2004 18:53 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 18.12.2004 19:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 12.03.2005 20:36 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System* 02.06.2007 22:04 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 13.03.2005 10:56 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\currentPollMinutes 15.06.2007 16:02 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\lastGoodTime 15.06.2007 16:02 32 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg 21.03.2007 19:54 0 bytes Access is denied.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 12.10.2006 13:25 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 12.10.2006 13:25 111.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD 15.06.2007 16:00 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL 15.06.2007 16:00 0 bytes Visible in Windows API, MFT, but not in directory index.

------------------------------------------------------

3.2 Blacklight


06/15/07 16:13:18 [Info]: BlackLight Engine 1.0.61 initialized
06/15/07 16:13:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/15/07 16:13:19 [Note]: 7019 4
06/15/07 16:13:19 [Note]: 7005 0
06/15/07 16:13:25 [Note]: 7006 0
06/15/07 16:13:25 [Note]: 7011 1824
06/15/07 16:13:25 [Note]: 7026 0
06/15/07 16:13:25 [Note]: 7026 0
06/15/07 16:13:43 [Note]: FSRAW library version 1.7.1021
06/15/07 19:26:47 [Note]: 7007 0

----------------------------------------------

4. Combofix:

Jan Kriebel - 06-12-05 16:11:56,43 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\Jan Kriebel"

((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))


2006-12-05 15:53 <DIR> d-------- C:\Programme\HijackThis
2006-12-01 17:47 21,504 --a------ C:\WINDOWS\jestertb.dll
2006-11-23 21:11 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-11-22 19:13 <DIR> d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Alnera
2006-11-22 19:12 <DIR> d-------- C:\Programme\Alnera
2006-11-22 19:04 77,824 --a------ C:\WINDOWS\system32\GkSui20.EXE
2006-11-22 19:04 <DIR> d-------- C:\Programme\RSS-Ticker
2006-11-21 20:46 57,344 --a------ C:\WINDOWS\system32\UnEnvyNT.dll
2006-11-21 20:46 <DIR> d-------- C:\Programme\Audio Deck
2006-11-21 20:40 589,120 --a------ C:\WINDOWS\system32\drivers\Envy24HF.sys
2006-11-21 20:40 254,000 --a------ C:\WINDOWS\system32\Audio3D.dll
2006-11-18 17:52 <DIR> d-------- C:\Programme\MSXML 4.0
2006-11-18 17:52 <DIR> d-------- C:\adc0cc0c79373d0b404491c31ccd
2006-11-14 14:49 <DIR> d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Ventrilo
2006-11-14 14:48 <DIR> d-------- C:\Programme\Ventrilo
2006-11-14 14:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-11-10 18:11 <DIR> d-------- C:\SteamBuster
2006-11-09 15:18 <DIR> d-------- C:\Programme\JanSoft
2006-11-05 14:32 <DIR> d-------- C:\Programme\GSpot
2006-11-05 11:52 <DIR> d-------- C:\Programme\Windows Media Connect 2
2006-11-05 11:49 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-05 16:11 -------- d-------- C:\Programme\Mozilla Firefox
2006-12-05 15:01 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-12-04 17:27 -------- d-------- C:\Programme\Warcraft III
2006-12-02 19:26 -------- d-------- C:\Programme\World of Warcraft
2006-12-02 12:40 -------- d-------- C:\Programme\Trillian
2006-12-02 11:50 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Xfire
2006-12-01 22:34 -------- d-------- C:\Programme\Electronic Arts
2006-12-01 18:23 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-12-01 18:22 -------- d-------- C:\Programme\Activision
2006-11-25 23:57 -------- d-------- C:\Programme\EA GAMES
2006-11-25 17:12 -------- d-------- C:\Programme\WinZip
2006-11-24 15:48 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\teamspeak2
2006-11-24 15:47 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\Skype
2006-11-23 21:36 -------- d-------- C:\Programme\Winamp
2006-11-22 16:48 -------- d-------- C:\Programme\RightMark3DSound
2006-11-18 22:09 -------- d---s---- C:\Programme\Xfire
2006-11-17 22:47 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-17 14:06 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-17 14:06 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-17 14:06 -------- d-------- C:\Programme\Symantec
2006-11-16 12:27 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-11-14 14:48 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-10 20:32 -------- d-------- C:\Programme\Gothic III
2006-11-10 18:42 -------- d-------- C:\Programme\Ubisoft
2006-11-08 16:50 -------- d-------- C:\Programme\phase5
2006-11-05 13:41 -------- d-------- C:\Programme\DOSBox-0.61
2006-11-05 11:52 -------- d-------- C:\Programme\Windows Media Player
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 14:23 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-11-02 14:23 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-11-01 21:23 -------- d-------- C:\Programme\iTunes
2006-11-01 21:23 -------- d-------- C:\Programme\iPod
2006-11-01 21:22 -------- d-------- C:\Programme\QuickTime
2006-11-01 21:20 -------- d-------- C:\Programme\Apple Software Update
2006-10-31 15:57 -------- d-------- C:\Programme\Tweak-XP Pro 4
2006-10-28 16:07 -------- d-------- C:\Programme\Google
2006-10-28 13:30 -------- d-------- C:\Programme\Rockstar Games
2006-10-26 12:59 -------- d-------- C:\Programme\Internet Explorer
2006-10-25 18:59 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\POPWWPROFILES
2006-10-21 19:21 -------- d-------- C:\Programme\BF2AutoLoader
2006-10-21 19:08 -------- d-------- C:\Programme\NeverwinterNights
2006-10-18 23:03 43008 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 19:31 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-10-18 19:31 -------- d-------- C:\Programme\Illustrate
2006-10-18 19:30 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\foobar2000
2006-10-17 12:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 12:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 12:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 12:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 12:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 12:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 12:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 12:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 12:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 12:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 12:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 12:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 12:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 12:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 11:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:56 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-10-13 11:56 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-10-13 11:56 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-10-12 14:37 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe
2006-10-12 14:37 -------- d-------- C:\Programme\Radeon Omega Drivers
2006-10-12 14:37 -------- d-------- C:\Programme\MultiRes
2006-10-11 15:18 -------- d-------- C:\Programme\Prey
2006-10-10 15:32 -------- d-------- C:\Dokumente und Einstellungen\Jan Kriebel\Anwendungsdaten\DivX
2006-10-10 15:18 -------- d-------- C:\Programme\WinRAR
2006-10-10 15:16 -------- d-------- C:\Programme\DivX
2006-10-10 15:14 56 -r-hs---- C:\WINDOWS\system32\4A18A6001F.sys
2006-10-10 15:14 11690 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-10 14:10 -------- d-------- C:\Programme\ICQLite
2006-10-08 15:30 356352 --a------ C:\WINDOWS\eSellerateEngine.dll
2006-10-05 12:45 -------- d-------- C:\Programme\CopyPod
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-24 14:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 22:58 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Programme\\Nero\\Nero 7\\InCD\\InCD.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"EnvyHFCPL"="C:\\Programme\\Audio Deck\\EnMixCPL.exe 1"
"RSS_TICKER"=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableStatusMessages"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoStart IR.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\AutoStart IR.lnk"
"backup"="C:\\WINDOWS\\pss\\AutoStart IR.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinTV\\Ir.exe /QUIET"
"item"="AutoStart IR"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen für Microsoft Works-Kalender.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Erinnerungen für Microsoft Works-Kalender.lnk"
"backup"="C:\\WINDOWS\\pss\\Erinnerungen für Microsoft Works-Kalender.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Erinnerungen für Microsoft Works-Kalender"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package Menu.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Picture Package VCD Maker.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Jan Kriebel^Startmenü^Programme^Autostart^Trillian.lnk]
"path"="C:\\Dokumente und Einstellungen\\Jan Kriebel\\Startmenü\\Programme\\Autostart\\Trillian.lnk"
"backup"="C:\\WINDOWS\\pss\\Trillian.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Trillian\\trillian.exe "
"item"="Trillian"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\Anti-Blaxx 1.18\\Anti-Blaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FeedBuster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FeedBuster"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Alnera\\FeedBuster\\FeedBuster.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\valve\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Jan Kriebel.job

Completion time: 06-12-05 16:14:04.76
C:\ComboFix.txt ... 06-12-05 16:14


-----------------------------------------------

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:06:26, on 15.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exea
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\hjt.com
C:\Programme\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programme\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: ATI Tray Tools.lnk = C:\Programme\Radeon Omega Drivers\v3.8.330\2KXP_INF\SwpDrv\DelRad.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTestClient) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXProj_20060127.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175589687906
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: bw+0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {38496AFA-8E9A-48A8-9F37-B1934DC40BC9} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

------------------------------------------

Mich wundert etwas, dass auf einmal kein Trojan.Vundo erkannt wird, auch die dauernden Bedrohungsmeldungen durch Norton haben aufgehört. Ich werde nochmal eine Prüfung laufen lassen, um zu schauen, ob er noch was findet.

Grüße, JanK

Edit: Norton hat nichts mehr gefunden. Trotzdem ist das System langsamer als sonst.
Dieser Beitrag wurde am 15.06.2007 um 21:57 Uhr von JanK editiert.
Seitenanfang Seitenende
18.06.2007, 07:30
Member

Beiträge: 3716
#4 überprüfe bitte:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
bei virus toatal ergebeniss komplett posten mit additional informaition
www.virustotal.com sind noch probleme bemerkbar?b
Seitenanfang Seitenende
18.06.2007, 17:45
Member

Themenstarter

Beiträge: 16
#5 Hier ist das ergebnis der VirusTotal-Prüfung:

Antivirus Version Update Result
AhnLab-V3 2007.6.16.0 06.18.2007 no virus found
AntiVir 7.4.0.32 06.18.2007 TR/Crypt.XPACK.Gen
Authentium 4.93.8 06.16.2007 no virus found
Avast 4.7.997.0 06.18.2007 no virus found
AVG 7.5.0.467 06.17.2007 PSW.Generic4.SZY
BitDefender 7.2 06.18.2007 no virus found
CAT-QuickHeal 9.00 06.18.2007 no virus found
ClamAV devel-20070416 06.18.2007 no virus found
DrWeb 4.33 06.18.2007 no virus found
eSafe 7.0.15.0 06.17.2007 Win32.OnLineGames.es
eTrust-Vet 30.7.3726 06.18.2007 no virus found
Ewido 4.0 06.18.2007 Trojan.OnLineGames.es
FileAdvisor 1 06.18.2007 No Thread detected
Fortinet 2.85.0.0 06.18.2007 W32/OnLineGames.ES!tr.pws
F-Prot 4.3.2.48 06.15.2007 no virus found
F-Secure 6.70.13030.0 06.18.2007 Trojan-PSW.Win32.OnLineGames.es
Ikarus T3.1.1.8 06.18.2007 Dialer
Kaspersky 4.0.2.24 06.18.2007 Trojan-PSW.Win32.OnLineGames.es
McAfee 5054 06.15.2007 no virus found
Microsoft 1.2607 06.18.2007 no virus found
NOD32v2 2336 06.18.2007 no virus found
Norman 5.80.02 06.18.2007 W32/OnLineGames.HAJ
Panda 9.0.0.4 06.17.2007 Suspicious file
Prevx1 V2 06.18.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.16.2007 no virus found
Symantec 10 06.18.2007 no virus found
TheHacker 6.1.6.134 06.18.2007 Trojan/PSW.OnLineGames.es
VBA32 3.12.0.2 06.15.2007 no virus found
VirusBuster 4.3.23:9 06.18.2007 no virus found
Webwasher-Gateway 6.0.1 06.18.2007 Trojan.Crypt.XPACK.Gen

Aditional Information
File size: 57344 bytes
MD5: 1ebf8962ffde5d7dcc73e55377b91273
SHA1: 3d78e0e8c0905c9e643939b73d5c96c9621ad9be
packers: UPX
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=1ebf8962ffde5d7dcc73e55377b91273
packers: UPX

Ansonsten keine bemerkbaren Probleme mehr.
Seitenanfang Seitenende
19.06.2007, 16:34
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Schliesse alle Fenster und starte Hijack This
Klicke:Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

klicke:Fix checked

Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Loeschen und Papierkorb leeren
C:\Qoobox
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtuncnqj.exe

Und Berichte
__________
MfG Argus
Seitenanfang Seitenende
19.06.2007, 19:32
Member

Themenstarter

Beiträge: 16
#7 Habe beides gemacht. War es das?

Vielen Dank euch beiden für die Hilfe.

Grüße, JanK
Seitenanfang Seitenende
19.06.2007, 19:38
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#8 Systemwiederherstellung
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
Neu Starten
Dann wieder aktivieren

Dein Java software ist veraltet,download jre-6-windows-i586.exe
Srcolle runter nach ---->Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze in haeckchen bei --->"Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus ---> “jre-6-windows-i586.exe”
__________
MfG Argus
Seitenanfang Seitenende
19.06.2007, 20:57
Member

Themenstarter

Beiträge: 16
#9 Alles erledigt, danke nochmal.

Grüße, JanK
Seitenanfang Seitenende