Trojan Horse (x2) und Trojan Downloader gefunden und vernichtet? |
||
---|---|---|
#0
| ||
09.07.2007, 11:52
...neu hier
Beiträge: 6 |
||
|
||
09.07.2007, 12:15
Moderator
Beiträge: 7805 |
#2
Reiche bitte noch ein Combofix Report nach und meldet Norton noch etwas?
Combofix Lade es von von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop Starte es durch doppelklick auf die Combofix.exe und bestaetige die folgende Abfrage mit 1 und drueckt Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeit, den bitte kopieren und in eurem Thread einfuegen. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
09.07.2007, 13:44
...neu hier
Themenstarter Beiträge: 6 |
#3
Hallo raman,
Nein, Norten hat nichts mehr angezeigt. Hier der COmbofix Log: "airbone" - 2007-07-09 13:40:13 - ComboFix 07-07-09.3 - Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 ))))))))))))))))))))))))))))))) 2007-07-09 13:39 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-08 11:57 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-07-08 11:57 <DIR> d-------- C:\WINDOWS\LastGood 2007-07-08 11:32 7,273 --a------ C:\dnsbak.reg 2007-07-06 23:40 <DIR> d-------- C:\DOKUME~1\airbone\ANWEND~1\InstallShield 2007-06-30 10:36 <DIR> d-------- C:\Programme\iPod 2007-06-30 10:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Apple 2007-06-30 10:35 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple 2007-06-11 18:12 991 --a------ C:\WINDOWS\eReg.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-08 21:01:24 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-07-07 19:00:30 62 ----a-w C:\WINDOWS\popcinfo.dat 2007-07-06 21:41:50 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-07-06 15:41:15 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-07-06 15:41:15 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-07-06 15:41:15 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-07-06 15:22:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-07-05 20:23:18 -------- d-----w C:\DOKUME~1\airbone\ANWEND~1\Xfire 2007-07-01 17:21:11 -------- d-----w C:\DOKUME~1\airbone\ANWEND~1\teamspeak2 2007-06-08 13:19:14 -------- d-----w C:\DOKUME~1\airbone\ANWEND~1\VMedia 2007-06-08 13:16:11 -------- d-----w C:\DOKUME~1\airbone\ANWEND~1\TVcentral-Core 2007-06-08 13:09:30 -------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service 2007-06-08 13:08:19 -------- d-----w C:\Programme\Gemeinsame Dateien\Sonavis 2007-06-03 16:16:42 -------- d-----w C:\Programme\Half-Life Model Viewer 2007-05-28 13:12:53 -------- d-----w C:\Programme\Yod M3D 2007-05-28 13:09:23 -------- d-----w C:\Programme\PowerEnc 2.3 2007-05-28 13:06:00 -------- d-----w C:\Programme\elpado 2007-05-28 12:54:37 -------- d-----w C:\Programme\IrfanView 2007-05-26 21:06:25 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] e:\programme\andere programme\Reader\ActiveX\AcroIEHelper.ocx [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] 2006-09-05 23:18 93400 -ra------ C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "ntiMUI"="c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 19:15] "RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "AOLDialer"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2004-02-25 11:21] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40] "GhostStartTrayApp"="C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-15 17:32] "Omnipage"="E:\Programme\Andere Programme\OmniPage SE\opware32.exe" [2002-06-03 11:38] "UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" [] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2006-09-05 19:22] "Symantec PIF AlertEng"="C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 09:41] "TVBroadcast"="E:\Programme\Andere Programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-04-13 16:24] "iTunesHelper"="E:\Programme\Andere Programme\ITunes\iTunesHelper.exe" [2007-06-28 09:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00] "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55] "Yodm3D"="C:\Programme\Yod M3D\Yodm3D.exe" [2007-04-19 09:30] "Steam"="e:\programme\spiele\steam\steam.exe" [2007-07-08 12:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme *Newly Created Service* - COMHOST *Newly Created Service* - CO_MON Contents of the 'Scheduled Tasks' folder 2007-07-06 14:05:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-06 18:00:14 C:\WINDOWS\tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - airbone.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-09 13:41:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-09 13:42:14 --- E O F --- |
|
|
||
09.07.2007, 18:39
Moderator
Beiträge: 7805 |
#4
Das sieht gut aus. Da hat fixwareout und Norton wohl alles erwischt
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
Mein Norten Internet Security 2007 hat 2 Trojan Horse und einen Trojan Downloader gefunden. Er hat mir aber nur angezeigt das sie blockiert wurden, wie bekomme ich sie wieder runter? Eine genaue Angabe der Namen der Trojaner ist nicht möglich da Norten mir nur Horse und Downloader angezeigt hat.
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:46:44, on 09.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Programme\Andere Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
E:\Programme\Andere Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Programme\Andere Programme\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
E:\Programme\Andere Programme\OmniPage SE\opware32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Programme\Andere Programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
E:\Programme\Andere Programme\ITunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Yod M3D\Yodm3D.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Acer WLAN 11g USB Dongle\ZDWlan.exe
E:\Programme\Andere Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
E:\Programme\Common\Bin\WinCinemaMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
E:\Programme\Andere Programme\ICQLite\ICQLite.exe
E:\Programme\Spiele\Steam\steam.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\airbone\Desktop\Wichtige Dateien\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\programme\andere programme\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ntiMUI] c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Omnipage] E:\Programme\Andere Programme\OmniPage SE\opware32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVBroadcast] E:\Programme\Andere Programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\Andere Programme\ITunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Programme\Yod M3D\Yodm3D.exe
O4 - HKCU\..\Run: [Steam] "e:\programme\spiele\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\Andere Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Programme\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = E:\Programme\Andere Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Programme\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\Andere Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\Andere Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - E:\Programme\Andere Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - E:\Programme\Andere Programme\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
Fixwareout:
Username "airbone" - 08.07.2007 11:32:33 [Fixwareout edited 2007/07/05]
»»»»»Prerun check
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6B0723A5-8C5E-48D8-B9AA-C2F08A424567}
"DhcpNameServer"="85.255.115.45,85.255.112.144" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B2F30EFC-73E9-4190-8D8C-EB2C388116DA}
"DhcpNameServer"="85.255.115.45,85.255.112.144" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B39C87BC-AD38-48BF-8E33-78E202458853}
"DhcpNameServer"="85.255.115.45,85.255.112.144" <Value cleared.
Der DNS-Auflösungscache wurde geleert.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"LaunchApp"="Alaunch"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ntiMUI"="c:\\Programme\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"Acer Empowering Technology Monitor"="C:\\WINDOWS\\system32\\SysMonitor.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"GhostStartTrayApp"="C:\\Programme\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"Omnipage"="E:\\Programme\\Andere Programme\\OmniPage SE\\opware32.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Programme\\Norton Internet Security\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"TVBroadcast"="E:\\Programme\\Andere Programme\\Sceneo\\AbsolutTV\\SERVICES\\ODSBC\\ODSBCApp.exe"
"iTunesHelper"="\"E:\\Programme\\Andere Programme\\ITunes\\iTunesHelper.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yodm3D"="C:\\Programme\\Yod M3D\\Yodm3D.exe"
"Steam"="\"E:\\Programme\\Spiele\\Steam\\Steam.exe\" -silent"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
grüße H2O