internet explorer öffnet sich nicht kein windows update möglichThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
13.07.2007, 15:41
Member
Beiträge: 25 |
||
|
||
13.07.2007, 16:56
Moderator
Beiträge: 7805 |
#2
Das sieht nach Haxdoor aus. Nutze bitte dieses Programm:
http://www.hijackthis-forum.de/showthread.php?t=14523 Teste diese Datei C:\ynudp.exe bei Jotti oder Virustotal und poste das Ergebniss, sowie das Haxdoor Log und neu erswtelltem Combofix Report. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.07.2007, 17:32
Member
Themenstarter Beiträge: 25 |
#3
danke für die schnelle antwort!!!
ich versuchs mal[/img] |
|
|
||
13.07.2007, 17:38
Moderator
Beiträge: 7805 |
||
|
||
13.07.2007, 18:04
Member
Themenstarter Beiträge: 25 |
#5
hab alles durchlaufen lassen hier die logs
HAXFIX logfile - by Marckie version 4.47 13.07.2007 17:30:31,81 --- Checking for Haxdoor --- checking for a3d files a3d files not found checking for matching notify keys no matching notify keys found checking for matching services no matching services found checking for matching safeboot services no matching safeboot services found checking for other Haxdoor-files no other Haxdoor-files found --- Checking for Goldun --- checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for other Goldun-files no other Goldun-files found checking iexplore.exe iexplore.exe is not infected --- Catchme logfile - thank you Gmer --- catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-13 17:30:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\01\10-{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}-v1-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\11\11-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v11-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\12\12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1012800 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\12\12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 71634 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\12\12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 5016 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\12\12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112368 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\13\13-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v13-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1060788 bytes hidden from API C:\Dokumente und Einstellungen\Sergej\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sergeja@hotmail.de\SharingMetadata\mellie20004@hotmail.com\DFSR\Staging\CS{B5BD8398-CDE8-1C39-7D77-E2F20C4FCD2E}\13\13-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v13-{E5C93D54-91DF-4040-8C41-20CC994CA2A5}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 117728 bytes hidden from API C:\WINDOWS\system32\xdrve9d.sys C:\WINDOWS\system32\xtav3des.dll scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 10 --- Analysing Catchme logfile --- matching notify key found: xtav3des matching service found: xdrve9d Finished! http://virusscan.Jotti.org/ log Scan taken on 13 Jul 2007 15:49:57 (GMT) A-Squared Found nothing AntiVir Found HEUR/Crypted ArcaVir Found nothing Avast Found nothing AVG Antivirus Found BackDoor.Haxdoor.DJ BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found a variant of Win32/Haxdoor.GI Norman Virus Control Found Suspicious_F.gen Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found Mal/Packer VirusBuster Found Packed/FSG VBA32 Found Trojan-Spy.Banker.51 (probable variant) combofix log "Sergej" - 2007-07-13 17:55:51 - ComboFix 07-07-13.8 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 ))))))))))))))))))))))))))))))) 2007-07-13 17:30 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-07-13 17:30 9,006 --a--c--- C:\clean.bat 2007-07-13 17:30 86,528 --a------ C:\WINDOWS\system32\catchme.exe 2007-07-13 17:30 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-07-13 17:30 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-07-13 15:29 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-13 15:08 <DIR> d----c--- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Panasonic 2007-07-13 15:04 65,536 --a------ C:\WINDOWS\system32\PDvAvi3.dll 2007-07-13 15:04 65,536 --a------ C:\WINDOWS\system32\PDvAvi2.dll 2007-07-13 15:04 <DIR> d-------- C:\Programme\Gemeinsame Dateien\CNC 2007-07-13 15:02 <DIR> d----c--- C:\8c18636ee2de4237cf749345a6 2007-07-13 14:56 77,824 --a------ C:\WINDOWS\system32\PAvFilt.dll 2007-07-13 14:56 36,864 --a------ C:\WINDOWS\system32\DvWrite.dll 2007-07-13 14:56 36,864 --a------ C:\WINDOWS\system32\DvRead.dll 2007-07-13 14:56 253,952 --a------ C:\WINDOWS\system32\PCodec.dll 2007-07-13 14:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panasonic 2007-07-13 14:55 <DIR> d-------- C:\Programme\Panasonic 2007-06-28 19:12 63 --a------ C:\WINDOWS\system\SysSD.dll 2007-06-28 19:11 1,044,480 --a------ C:\WINDOWS\system32\VchReg.dll 2007-06-27 19:49 6 --a------ C:\WINDOWS\system32\TMcnt.bin 2007-06-27 18:43 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-06-27 18:43 <DIR> d-------- C:\Programme\themexp 2007-06-27 16:28 26,234 --a--c--- C:\ynudp.exe 2007-06-20 09:14 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-06-20 09:14 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-06-20 09:10 <DIR> d----c--- C:\DOKUME~1\Sergej\ANWEND~1\GoPal Assistant 2007-06-20 09:09 <DIR> d-------- C:\Programme\Medion GoPal Assistant (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 15:56:43 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Azureus 2007-07-13 13:12:31 -------- d-----w C:\Programme\eMule 2007-07-13 13:04:30 -------- d--h--w C:\Programme\InstallShield Installation Information 2007-07-13 09:01:00 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-07-12 22:43:26 78,238 ----a-w C:\WINDOWS\system32\perfc007.dat 2007-07-12 22:43:26 423,550 ----a-w C:\WINDOWS\system32\perfh007.dat 2007-06-28 22:35:39 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Lavasoft 2007-06-28 19:54:18 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\OpenOffice.org2 2007-06-28 19:01:11 -------- d-----w C:\Programme\TuneUp Utilities 2007 2007-06-28 18:27:05 -------- d-----w C:\Programme\Google 2007-06-28 18:19:13 -------- d-----w C:\Programme\PokerStars 2007-06-27 22:00:00 -------- d-----w C:\Programme\PokerStars.NET 2007-06-22 20:14:57 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Skype 2007-06-20 07:14:31 -------- d-----w C:\Programme\Microsoft ActiveSync 2007-06-20 07:12:32 -------- d-----w C:\Programme\Yahoo! 2007-06-09 19:28:36 -------- d-----w C:\Programme\AvantGo Connect 2007-06-09 19:28:32 -------- d-----w C:\Programme\Common Files 2007-05-20 15:33:15 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\SolSuite 2007-05-20 15:31:02 -------- d-----w C:\Programme\SolSuite 2007-05-18 15:37:35 -------- d-----w C:\Programme\12Ghosts 2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 16:39:36 -------- d-----w C:\Programme\Audacity 2007-05-15 14:28:35 -------- d-----w C:\Programme\Gemeinsame Dateien\Real 2007-05-15 14:27:30 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Real 2007-05-15 14:26:03 -------- d-----w C:\Programme\zuma 2007-05-15 14:25:21 -------- d-----w C:\Programme\inKline Global 2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll 2006-06-04 16:57:29 1,124 -c--a-w C:\DOKUME~1\Sergej\ANWEND~1\wklnhst.dat 2006-03-17 16:16:10 457 -c--a-w C:\Programme\INSTALL.LOG ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] 2007-01-12 01:04 96936 -ra------ C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "T-DSL SpeedMgr"="C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [2004-07-14 17:01] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59] "osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-01-14 01:11] "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-11-03 01:00 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2006-11-03 01:00 C:\WINDOWS\ALCWZRD.EXE] "Alcmtr"="ALCMTR.EXE" [2006-11-03 01:00 C:\WINDOWS\ALCMTR.EXE] "HerculesCamService"="C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-04 19:44] "ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 19:15] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-11-15 13:50] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:56] "CCleaner"="C:\Programme\CCleaner\CCleaner.exe" [2007-05-10 13:01] "H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "WMC_0"=C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\mp4sds32.ax" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xtav3des] xtav3des.dll --a------ 2007-06-27 16:28 13622 C:\WINDOWS\system32\xtav3des.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background "WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe "Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "T-DSL SpeedMgr"="C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=HDAShCut.exe "HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_07\bin\jusched.exe "NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "HerculesCamService"=C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe "DriveCleaner 2006"="c:\programme\drivecleaner 2006\dc2006.exe" /min "TopDesk"=C:\Programme\TopDesk\topdesk.exe "HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST Contents of the 'Scheduled Tasks' folder 2007-07-13 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job 2007-06-25 19:11:19 C:\WINDOWS\tasks\Norton Internet Security - Systemprüfung ausführen - Sergej.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-13 17:57:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\xdrve9d.sys C:\WINDOWS\system32\xtav3des.dll scan completed successfully hidden files: 2 ************************************************************************** Completion time: 2007-07-13 17:57:43 C:\ComboFix-quarantined-files.txt ... 2007-07-13 17:57 C:\ComboFix2.txt ... 2007-07-13 15:32 C:\combofixlog.txt ... 2007-07-13 15:34 --- E O F --- |
|
|
||
13.07.2007, 18:27
Moderator
Beiträge: 7805 |
#6
Aha, relativ neuer Haxdoor.
Nutze bitte einmal Blacklight: http://virus-protect.org/artikel/tools/rootkithook.html Lasse bitte nur den Report erzeugen und lasse nichts umbenennen. Fast vergessen. Loesche bitte C:\ynudp.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.07.2007, 19:07
Member
Themenstarter Beiträge: 25 |
#7
so hab auch das durchlaufen lassen hier das log
07/13/07 18:48:47 [Info]: BlackLight Engine 1.0.64 initialized 07/13/07 18:48:47 [Info]: OS: 5.1 build 2600 (Service Pack 2) 07/13/07 18:48:47 [Note]: 7019 4 07/13/07 18:48:47 [Note]: 7005 0 07/13/07 18:48:51 [Note]: 7006 0 07/13/07 18:48:51 [Note]: 7011 760 07/13/07 18:48:52 [Note]: 7026 0 07/13/07 18:48:52 [Note]: 7026 0 07/13/07 18:48:55 [Note]: FSRAW library version 1.7.1022 07/13/07 18:58:52 [Info]: Hidden file: c:\WINDOWS\system32\xdrve9d.sys 07/13/07 18:58:52 [Note]: 10002 1 07/13/07 18:58:53 [Info]: Hidden file: c:\WINDOWS\system32\xtav3des.dll 07/13/07 18:58:53 [Note]: 10002 1 07/13/07 19:05:54 [Note]: 7007 0 |
|
|
||
13.07.2007, 20:17
Moderator
Beiträge: 7805 |
#8
Gut, du kannst, wenn dir Blacklight es anbietet die Dateien
xdrve9d.sys xtav3des.dll "rename"en lassen und schaue mit Blacklight nach einem Neustart, ob die Dateien immer noch gemeldet werden. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.07.2007, 20:32
Member
Themenstarter Beiträge: 25 |
#9
also ich weiß nicht ob es an der version liegt oder ich zu blöd bin aber das einzige was angeboten wird ist cleaning...
aber ich bedanke mich schon mal auf jeden fall |
|
|
||
13.07.2007, 20:34
Moderator
Beiträge: 7805 |
#10
Oh, dann haben sie das in der neuen Version geaendert. Aber "Cleaning" hoert sich auch ganz gut an!
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.07.2007, 20:41
Member
Themenstarter Beiträge: 25 |
||
|
||
25.07.2007, 20:55
Member
Themenstarter Beiträge: 25 |
||
|
||
hoffe jemand kann mir helfen seit ein paar tagen kann ich den internet explorer nicht mehr öffnen nach dem anklicken kann er keine verbindung zum internet aufbauen und wenn ich ihn schliessen will dann kommt die fehler meldung " Diese fenster ist aktiv. Schliessen diese fensters kann möglicherweise probleme verursachen. möchten sie dennoch schliessen." wenn ich ok klicke passiert trotzdem nichts.
allgemein spinnt der pc seit kurzem kann zum beispiel keine updates ziehen von microsoft obwohl es eine legale version ist und dazu auch noch registriert.
Wäre echt cool wenn mir einer helfen könnte!!!
poste dazu noch die combofix log und hijacthis log
"Sergej" - 2007-07-13 15:30:25 - ComboFix 07-07-13.8 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOKUME~1\Sergej\ANWEND~1\DriveCleaner 2006
C:\DOKUME~1\Sergej\ANWEND~1\DriveCleaner 2006\activator_info.txt
C:\DOKUME~1\Sergej\ANWEND~1\DriveCleaner 2006\Logs\Activate.log
((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))
2007-07-13 15:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 15:08 <DIR> d----c--- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Panasonic
2007-07-13 15:04 65,536 --a------ C:\WINDOWS\system32\PDvAvi3.dll
2007-07-13 15:04 65,536 --a------ C:\WINDOWS\system32\PDvAvi2.dll
2007-07-13 15:04 <DIR> d-------- C:\Programme\Gemeinsame Dateien\CNC
2007-07-13 15:02 <DIR> d----c--- C:\8c18636ee2de4237cf749345a6
2007-07-13 14:56 77,824 --a------ C:\WINDOWS\system32\PAvFilt.dll
2007-07-13 14:56 36,864 --a------ C:\WINDOWS\system32\DvWrite.dll
2007-07-13 14:56 36,864 --a------ C:\WINDOWS\system32\DvRead.dll
2007-07-13 14:56 253,952 --a------ C:\WINDOWS\system32\PCodec.dll
2007-07-13 14:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Panasonic
2007-07-13 14:55 <DIR> d-------- C:\Programme\Panasonic
2007-06-28 19:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-06-28 19:11 1,044,480 --a------ C:\WINDOWS\system32\VchReg.dll
2007-06-27 19:49 6 --a------ C:\WINDOWS\system32\TMcnt.bin
2007-06-27 18:43 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-27 18:43 <DIR> d-------- C:\Programme\themexp
2007-06-27 16:28 26,234 --a--c--- C:\ynudp.exe
2007-06-20 09:14 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-06-20 09:14 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-06-20 09:10 <DIR> d----c--- C:\DOKUME~1\Sergej\ANWEND~1\GoPal Assistant
2007-06-20 09:09 <DIR> d-------- C:\Programme\Medion GoPal Assistant
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-13 13:31:41 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Azureus
2007-07-13 13:12:31 -------- d-----w C:\Programme\eMule
2007-07-13 13:04:30 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-07-13 09:01:00 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-07-12 22:43:26 78,238 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-07-12 22:43:26 423,550 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-28 22:35:39 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Lavasoft
2007-06-28 19:54:18 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\OpenOffice.org2
2007-06-28 19:01:11 -------- d-----w C:\Programme\TuneUp Utilities 2007
2007-06-28 18:27:05 -------- d-----w C:\Programme\Google
2007-06-28 18:19:13 -------- d-----w C:\Programme\PokerStars
2007-06-27 22:00:00 -------- d-----w C:\Programme\PokerStars.NET
2007-06-22 20:14:57 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Skype
2007-06-20 07:14:31 -------- d-----w C:\Programme\Microsoft ActiveSync
2007-06-20 07:12:32 -------- d-----w C:\Programme\Yahoo!
2007-06-09 19:28:36 -------- d-----w C:\Programme\AvantGo Connect
2007-06-09 19:28:32 -------- d-----w C:\Programme\Common Files
2007-05-20 15:33:15 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\SolSuite
2007-05-20 15:31:02 -------- d-----w C:\Programme\SolSuite
2007-05-18 15:37:35 -------- d-----w C:\Programme\12Ghosts
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 16:39:36 -------- d-----w C:\Programme\Audacity
2007-05-15 14:28:35 -------- d-----w C:\Programme\Gemeinsame Dateien\Real
2007-05-15 14:27:30 -------- dc----w C:\DOKUME~1\Sergej\ANWEND~1\Real
2007-05-15 14:26:03 -------- d-----w C:\Programme\zuma
2007-05-15 14:25:21 -------- d-----w C:\Programme\inKline Global
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 01:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2006-06-04 16:57:29 1,124 -c--a-w C:\DOKUME~1\Sergej\ANWEND~1\wklnhst.dat
2006-03-17 16:16:10 457 -c--a-w C:\Programme\INSTALL.LOG
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2007-01-12 01:04 96936 -ra------ C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-DSL SpeedMgr"="C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [2004-07-14 17:01]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Programme\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-03 01:00 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2006-11-03 01:00 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2006-11-03 01:00 C:\WINDOWS\ALCMTR.EXE]
"HerculesCamService"="C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe" [2006-10-04 19:44]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 19:15]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-11-15 13:50]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:56]
"CCleaner"="C:\Programme\CCleaner\CCleaner.exe" [2007-05-10 13:01]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WMC_0"=C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\mp4sds32.ax"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xtav3des]
xtav3des.dll --a------ 2007-06-27 16:28 13622 C:\WINDOWS\system32\xtav3des.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"T-DSL SpeedMgr"="C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=HDAShCut.exe
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" -minimize
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HerculesCamService"=C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe
"DriveCleaner 2006"="c:\programme\drivecleaner 2006\dc2006.exe" /min
"TopDesk"=C:\Programme\TopDesk\topdesk.exe
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81eed9bf-9a44-11da-afb0-806d6172696f}]
AutoRun\command- D:\autorun.exe
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-06-29 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job
2007-06-25 19:11:19 C:\WINDOWS\tasks\Norton Internet Security - Systemprüfung ausführen - Sergej.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 15:32:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\xdrve9d.sys
C:\WINDOWS\system32\xtav3des.dll
scan completed successfully
hidden files: 2
**************************************************************************
Completion time: 2007-07-13 15:32:54
C:\ComboFix-quarantined-files.txt ... 2007-07-13 15:32
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 15:34:25, on 13.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\eMule\emule.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Sergej\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:25
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HerculesCamService] C:\Programme\Hercules\Hercules Blog Webcam\CamService.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\mp4sds32.ax"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Programme\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xtav3des - C:\WINDOWS\SYSTEM32\xtav3des.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
danke im vorraus!!!