CiD Popups eingefangen :( |
||
|---|---|---|
| #0
| ||
|
05.08.2007, 11:36
Member
Beiträge: 14 |
||
 
|
|
|
|
05.08.2007, 12:19
Moderator
Beiträge: 7805 |
#2
Da der Rechner ein Firmenrechner zu sein scheint, solltest du dich vorher erkundigen, wie solch einem Fall bei euch gehandhabt wird, nicht das du mit Abmahnungen rechnen musst.
Wuerde es kein Firmenrechner sein, solte man folgendes machen: Loesche folgende Ordner und Dateien im abgesicherten Modus: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hold that admin ball C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ball mapi owns ping C:\WINNT\Tasks\AADA08139185BB0B.job c:\docume~1\atw10zu3\applic~1\defyfo~1\Atomsixthbyte.exe Hake dann folgendes im abgesicherten Modus bei Hijackthis an und druecke fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Owns Ping Ante Admin] C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping\FOR SOFTWARE.exe O4 - HKLM\..\Run: [face itch safe admin] C:\Documents and Settings\All Users\Application Data\Hold that admin ball\Jugs Stop Sixth.exe O4 - HKCU\..\Run: [Help 16] C:\DOCUME~1\atw10zu3\APPLIC~1\DEFYFO~1\Size Okay.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Mache einen Kontrollscan mit folgenden Programmen Drweb Cureitbeta : http://freedrweb.com/ Ewido Micro: http://downloads.ewido.net/ewido_micro.exe __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
05.08.2007, 13:57
Member
Themenstarter Beiträge: 14 |
#3
kanns sein das irgendwelche firmentools schaden davontragen ?
ansonsten hat sich die firma seit 1,5 jahren nicht drum gekümmert was ich mit dem ding tu ... kann ich auch selber viren entfernen denk ich ... |
|
|
|
|
|
|
05.08.2007, 14:38
Moderator
Beiträge: 7805 |
#4
Du kannst es gerne auf eigene Gefahr machen. Solltest du es, erstelle danach alle Reporte neu und poste sie.
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
06.08.2007, 20:15
Member
Themenstarter Beiträge: 14 |
#5
gibt es eine möglichkeit den PC zu zwingen im abgesichteren Modus hochzufahren ?
das mit F8 drücken beim hochfahren hat bei mir nicht geklappt ... kanns sein das weils ein firmenrechner ist das irgendwo anders zu machen ist ? |
|
|
|
|
|
|
15.08.2007, 12:24
Member
Themenstarter Beiträge: 14 |
#6
ComboFix 07-08-04.3 - "atw10zu3" 2007-08-15 11:56:13.2 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True ((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 ))))))))))))))))))))))))))))))) 2007-08-14 13:30 <DIR> d-------- C:\DOCUME~1\atw10zu3\DoctorWeb 2007-08-14 13:22 <DIR> d-------- C:\WINNT\system32\appmgmt 2007-08-14 13:19 <DIR> d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\Realtime Soft 2007-08-14 13:19 <DIR> d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\FRITZ! 2007-08-14 13:19 <DIR> d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\AR System 2007-08-14 13:07 2,182,144 -----c--- C:\WINNT\system32\dllcache\ntoskrnl.exe 2007-08-14 13:07 2,137,600 -----c--- C:\WINNT\system32\dllcache\ntkrnlmp.exe 2007-08-14 13:07 2,017,280 -----c--- C:\WINNT\system32\dllcache\ntkrpamp.exe 2007-08-14 13:04 52,736 -----c--- C:\WINNT\system32\dllcache\wzcsapi.dll 2007-08-14 13:04 476,160 -----c--- C:\WINNT\system32\dllcache\wzcsvc.dll 2007-08-14 13:04 14,592 -----c--- C:\WINNT\system32\dllcache\ndisuio.sys 2007-08-09 21:56 <DIR> d-------- C:\WINNT\pss 2007-08-05 10:56 51,200 --a------ C:\WINNT\nircmd.exe 2007-08-04 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-04 12:05 <DIR> d-------- C:\Program Files\Defy Ford Heck 2007-07-23 21:50 <DIR> d-------- C:\Program Files\SFT Loader 2007-07-18 16:01 <DIR> d-------- C:\Program Files\directx 2007-07-18 15:59 <DIR> d-------- C:\Program Files\Rockstar Games 2007-07-15 23:55 <DIR> d-------- C:\Program Files\FLVPlayer 2007-07-15 22:12 <DIR> d-------- C:\Program Files\MSN Messenger 2007-07-15 17:02 21,425 --a------ C:\WINNT\system32\drivers\AegisP.sys 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\INST20~1\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\CATCLI~1\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel 2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel 2007-07-15 17:01 557,056 --a------ C:\WINNT\system32\Netw2c32.dll 2007-07-15 17:01 2,732,032 --a------ C:\WINNT\system32\Netw2r32.dll 2007-07-15 17:01 <DIR> d-------- C:\WINNT\system32\ReinstallBackups 2007-07-15 16:59 <DIR> d-------- C:\Intel (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-14 22:26 --------- d-------- C:\Program Files\OfficeScan NT 2007-08-14 21:09 --------- d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\uTorrent 2007-08-05 10:12 --------- d-------- C:\Program Files\mIRC 2007-08-05 00:45 --------- d-------- C:\Program Files\Winamp 2007-07-31 14:46 --------- d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\Siemens 2007-07-18 15:59 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-15 18:12 --------- d-------- C:\Program Files\TrackMania Nations ESWC 2007-07-07 17:17 --------- d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\SlySoft 2007-07-07 17:02 --------- d-------- C:\Program Files\SlySoft 2007-06-22 15:54 99904 --a------ C:\WINNT\system32\drivers\AnyDVD.sys 2007-06-20 23:08 93128 --a------ C:\WINNT\system32\ElbyCDIO.dll 2007-06-18 21:29 --------- d-------- C:\Program Files\Mihov Image Resizer 2007-06-05 21:35 1498 --a------ C:\WINNT\checkip.dat 2007-05-16 17:12 86528 --a--c--- C:\WINNT\system32\dllcache\directdb.dll 2007-05-16 17:12 85504 --a--c--- C:\WINNT\system32\dllcache\wabimp.dll 2007-05-16 17:12 683520 --a--c--- C:\WINNT\system32\dllcache\inetcomm.dll 2007-05-16 17:12 683520 --a------ C:\WINNT\system32\inetcomm.dll 2007-05-16 17:12 510976 --a--c--- C:\WINNT\system32\dllcache\wab32.dll 2007-05-16 17:12 1314816 --a--c--- C:\WINNT\system32\dllcache\msoe.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2005-03-18 15:36] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 11:59] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-27 11:58] "RTHDCPL"="RTHDCPL.EXE" [2005-02-22 03:09 C:\WINNT\RTHDCPL.EXE] "Alcmtr"="ALCMTR.EXE" [2005-02-21 16:49 C:\WINNT\ALCMTR.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-06-15 02:00 C:\WINNT\AGRSMMSG.exe] "Java Profiles Fix"="C:\Program Files\Java\Profile Fix\Java_Profile.exe" [2003-04-30 13:40] "JavaProfileFix2"="C:\Program Files\Java\Profile Fix\Java_Profile_2.exe" [2004-03-04 14:33] "CryptoExTrayV3"="C:\Program Files\CryptoEx\Common\CexTray.exe" [2004-11-01 13:13] "CryptoExVolumeAutoMount"="C:\Program Files\CryptoEx\Volume\CexVolume.exe" [2004-11-01 17:52] "SIECACST"="C:\Program Files\Siemens\Card API\bin\siecacst.exe" [2005-02-01 11:10] "OfficeScanNT Monitor"="C:\Program Files\OfficeScan NT\pccntmon.exe" [2006-02-07 17:16] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 11:50] "Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-04 02:56] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10] "NetPumper"="C:\Program Files\NetPumper\NetPumperIEProxy.exe" [2004-07-03 21:06] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-11-08 10:28] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-11-08 10:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CatUserRun"="exec32 /wh /c chgreg5 /c" [] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] "Help 16"="C:\DOCUME~1\atw10zu3\APPLIC~1\DEFYFO~1\Size Okay.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "1cexvolumeinstalldriver"=C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver "2cexvolumeenabledriver"=C:\Program Files\CryptoEx\Volume\CexVolume.exe /EnableDriver [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"=0 (0x0) "RunStartupScriptSync"=1 (0x1) "SynchronousMachineGroupPolicy"=1 (0x1) "SynchronousUserGroupPolicy"=1 (0x1) "MaxGPOScriptWait"=3600 (0xe10) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "ConnectHomeDirToRoot"=0 (0x0) "HideLogoffScripts"=1 (0x1) "HideLogonScripts"=1 (0x1) "HideLegacyLogonScripts"=1 (0x1) "EnableProfileQuota"=1 (0x1) "ProfileQuotaMessage"=You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage. "MaxProfileSize"=24576 (0x6000) "IncludeRegInProQuota"=1 (0x1) "WarnUser"=1 (0x1) "WarnUserTimeout"=15 (0xf) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"=1 (0x1) "NoWelcomeScreen"=1 (0x1) "NoPublishingWizard"=1 (0x1) "NoWebServices"=1 (0x1) "NoOnlinePrintsWizard"=1 (0x1) "NoMSAppLogo5ChannelNotify"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "PromptRunasInstallNetPath"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "ForceStartMenuLogOff"=1 (0x1) "NoResolveSearch"=1 (0x1) "NoResolveTrack"=1 (0x1) "GreyMSIAds"=1 (0x1) "NoRecentDocsNetHood"=1 (0x1) "DisablePersonalDirChange"=1 (0x1) "LinkResolveIgnoreLinkInfo"=1 (0x1) "NoThumbnailCache"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoAutoUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon] C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll 2004-11-01 13:04 57344 C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-14129\Scripts\Logoff\0\0] "Script"=CBELogoff.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-14129\Scripts\Logon\0\0] "Script"=\\vies1fea.ww300.siemens.net\userdirs$\Homes_VIES1FEA.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-212355\Scripts\Logoff\0\0] "Script"=CBELogoff.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-212355\Scripts\Logoff\1\0] "Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Logoff.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-212355\Scripts\Logon\0\0] "Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Logon.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1177238915-682003330-500\Scripts\Logoff\0\0] "Script"=CBELogoff.bat R0 iastor;Intel AHCI Controller;C:\WINNT\system32\DRIVERS\iaStor.sys R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINNT\system32\drivers\sfvfs02.sys R2 ACEDRV07;ACEDRV07;\??\C:\WINNT\system32\drivers\ACEDRV07.sys R2 CATService;CAT Service;C:\WINNT\CatPC\CatSVC\CatService.exe R2 CBBS;CAT Bulletin Board;"C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe" R2 CcmExec;SMS Agent Host;C:\WINNT\system32\CCM\CcmExec.exe R2 ntrtscan;OfficeScanNT RealTime Scan;"C:\Program Files\OfficeScan NT\ntrtscan.exe" R2 s24trans;WLAN-Transport;C:\WINNT\system32\DRIVERS\s24trans.sys R2 SU;SU Service;C:\WINNT\system32\suss.exe R2 TmFilter;Trend Micro Filter;\??\C:\Program Files\OfficeScan NT\TmXPFlt.sys R2 tmlisten;OfficeScanNT Listener;"C:\Program Files\OfficeScan NT\tmlisten.exe" R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\OfficeScan NT\TmPreFlt.sys R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\Program Files\OfficeScan NT\VSApiNt.sys R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINNT\system32\DRIVERS\FUJ02E3.sys R3 sdbus;sdbus;C:\WINNT\system32\DRIVERS\sdbus.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINNT\system32\DRIVERS\SynTP.sys R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber fr Windows XP;C:\WINNT\system32\DRIVERS\w29n51.sys S3 actser;actser;C:\WINNT\system32\drivers\actser.sys S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINNT\system32\DRIVERS\alcan5wn.sys S3 GTwinUSB;GTwinUSB;C:\WINNT\system32\Drivers\GTwinUSB.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINNT\system32\DRIVERS\MSIRCOMM.sys S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINNT\system32\NSNDIS5.SYS S3 prepdrvr;SMS Process Event Driver;\??\C:\WINNT\system32\CCM\prepdrv.sys S3 r_server;Remote Administrator Service;"C:\Program Files\Radmin\r_server.exe" /service S3 sffdisk;SFF Storage Class Driver;C:\WINNT\system32\DRIVERS\sffdisk.sys S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINNT\system32\DRIVERS\sffp_sd.sys S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-Treiber;C:\WINNT\system32\DRIVERS\w22n51.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINNT\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w300obex.sys S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINNT\system32\DRIVERS\W700bus.sys S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\W700mdfl.sys S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\W700mdm.sys S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\W700mgmt.sys S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\W700obex.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4685bf06-0563-11dc-8f09-0013ce26f162}] AutoRun\command- wd_windows_tools\setup.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-15 11:58:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-15 11:59:56 C:\ComboFix-quarantined-files.txt ... 2007-08-15 11:59 C:\ComboFix2.txt ... 2007-08-05 11:07 --- E O F --- ----------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19, on 2007-08-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\CatPC\CatSVC\CatService.exe C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe C:\Program Files\Licensing\License Agent\bin\cla.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\MSSQL7\binn\sqlservr.exe C:\Program Files\OfficeScan NT\ntrtscan.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINNT\system32\suss.exe C:\Program Files\OfficeScan NT\tmlisten.exe C:\WINNT\system32\CCM\CcmExec.exe C:\Program Files\OfficeScan NT\OfcPfwSvc.exe C:\WINNT\TEMP\DB4137.EXE C:\WINNT\system32\proquota.exe C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\RTHDCPL.EXE C:\WINNT\AGRSMMSG.exe C:\Program Files\CryptoEx\Common\CexTray.exe C:\Program Files\Siemens\Card API\bin\siecacst.exe C:\Program Files\OfficeScan NT\pccntmon.exe C:\Program Files\CryptoEx\Common\EASServer.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CryptoEx\Volume\CexVolumeWatcher.exe C:\Program Files\NetPumper\NetPumperIEProxy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\MSSQL7\Binn\sqlmangr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\explorer.exe C:\Documents and Settings\atw10zu3\My Documents\Downloads\HJT\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:81 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe O4 - HKLM\..\Run: [JavaProfileFix2] C:\Program Files\Java\Profile Fix\Java_Profile_2.exe O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon O4 - HKLM\..\Run: [CryptoExVolumeAutoMount] "C:\Program Files\CryptoEx\Volume\CexVolume.exe" /AutoMount O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Help 16] C:\DOCUME~1\atw10zu3\APPLIC~1\DEFYFO~1\Size Okay.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [1cexvolumeinstalldriver] C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [1cexvolumeinstalldriver] C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver (User 'Default user') O4 - Startup: Goowy Notifier.lnk = ? O4 - Startup: goowyNotifier2327047424.lnk = C:\Program Files\Goowy\Notifier\goowyNotifier.exe O4 - Global Startup: Dienst-Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.abatos.com O15 - Trusted Zone: *.acuson.com O15 - Trusted Zone: *.adb.be O15 - Trusted Zone: *.amag.at O15 - Trusted Zone: *.anfdata.cz O15 - Trusted Zone: *.any4swat.net O15 - Trusted Zone: *.ardentek.com O15 - Trusted Zone: *.atea.be O15 - Trusted Zone: *.audioservice.de O15 - Trusted Zone: *.ba-ca.com O15 - Trusted Zone: *.bbcom-hh.de O15 - Trusted Zone: *.cerberus.ch O15 - Trusted Zone: *.siemens.co.ae O15 - Trusted Zone: *.voest.co.at O15 - Trusted Zone: *.siemens.co.id O15 - Trusted Zone: *.siemens-hearing.co.id O15 - Trusted Zone: *.siemens.co.il O15 - Trusted Zone: *.siemens.co.in O15 - Trusted Zone: *.sisl.co.in O15 - Trusted Zone: *.spcnl.co.in O15 - Trusted Zone: *.siemens.co.ir O15 - Trusted Zone: *.siemens.co.jp O15 - Trusted Zone: *.siemens.co.kr O15 - Trusted Zone: *.sbs.co.ma O15 - Trusted Zone: *.siemens.co.ma O15 - Trusted Zone: *.siemens.co.nz O15 - Trusted Zone: *.siemens.co.ro O15 - Trusted Zone: *.siemens.co.th O15 - Trusted Zone: *.siemens.co.uk O15 - Trusted Zone: *.siemenscomms.co.uk O15 - Trusted Zone: *.sni.co.uk O15 - Trusted Zone: *.siemens.co.yu O15 - Trusted Zone: *.siemens.co.za O15 - Trusted Zone: *.siemens.com.ar O15 - Trusted Zone: *.siemensvdo.com.ar O15 - Trusted Zone: *.siemens.com.au O15 - Trusted Zone: *.siemens.com.bd O15 - Trusted Zone: *.siemens.com.bh O15 - Trusted Zone: *.siemens.com.bn O15 - Trusted Zone: *.icotron.com.br O15 - Trusted Zone: *.infineon.com.br O15 - Trusted Zone: *.osram.com.br O15 - Trusted Zone: *.sbt.com.br O15 - Trusted Zone: *.siemens.com.br O15 - Trusted Zone: *.siemens.com.cn O15 - Trusted Zone: *.siemens-hearing.com.cn O15 - Trusted Zone: *.siemens.com.co O15 - Trusted Zone: *.siemens.com.ec O15 - Trusted Zone: *.egti.com.eg O15 - Trusted Zone: *.siemens.com.eg O15 - Trusted Zone: *.siemens.com.hk O15 - Trusted Zone: *.siemens.com.kw O15 - Trusted Zone: *.siemens.com.lb O15 - Trusted Zone: *.siemens.com.mx O15 - Trusted Zone: *.siemens.com.my O15 - Trusted Zone: *.siemens.com.ng O15 - Trusted Zone: *.siemens.com.om O15 - Trusted Zone: *.siemens.com.pe O15 - Trusted Zone: *.siemens.com.ph O15 - Trusted Zone: *.siemens.com.pk O15 - Trusted Zone: *.iscosa.com.sa O15 - Trusted Zone: *.siemens.com.sa O15 - Trusted Zone: *.siemens.com.sg O15 - Trusted Zone: *.siemenswestinghouse.com.sg O15 - Trusted Zone: *.siemens.com.tn O15 - Trusted Zone: *.sbs.com.tr O15 - Trusted Zone: *.siemens.com.tr O15 - Trusted Zone: *.simko.com.tr O15 - Trusted Zone: *.siemens.com.tw O15 - Trusted Zone: *.siemens.com.ua O15 - Trusted Zone: *.siemens.com.uz O15 - Trusted Zone: *.siemens.com.ve O15 - Trusted Zone: *.comneon.com O15 - Trusted Zone: *.dematic.com O15 - Trusted Zone: *.dematic.de O15 - Trusted Zone: *.e-utile.it O15 - Trusted Zone: *.efficient.com O15 - Trusted Zone: *.elmo-vacuum.com O15 - Trusted Zone: *.emcom.ro O15 - Trusted Zone: *.empros.com O15 - Trusted Zone: *.entex.com O15 - Trusted Zone: *.epos-d.com O15 - Trusted Zone: *.eupec.com O15 - Trusted Zone: *.eupec.de O15 - Trusted Zone: *.fueruns-shop.de O15 - Trusted Zone: *.gepas.com O15 - Trusted Zone: *.gepas.de O15 - Trusted Zone: *.gskv.de O15 - Trusted Zone: *.herold.at O15 - Trusted Zone: *.hoffmann-gmbh.de O15 - Trusted Zone: *.hspkoeln.de O15 - Trusted Zone: *.i-center.at O15 - Trusted Zone: *.icsp.at O15 - Trusted Zone: *.cvl.ind.br O15 - Trusted Zone: *.infineon.com O15 - Trusted Zone: *.infineon.de O15 - Trusted Zone: *.innovest.at O15 - Trusted Zone: *.iserv.cc O15 - Trusted Zone: *.italdata.it O15 - Trusted Zone: *.kordoba.de O15 - Trusted Zone: *.landisgyr.com O15 - Trusted Zone: *.landisstaefa.com O15 - Trusted Zone: *.leo.org O15 - Trusted Zone: *.milltronics.com O15 - Trusted Zone: *.mobile-travel.com O15 - Trusted Zone: *.mobisphere.com O15 - Trusted Zone: *.mrtedtalentlink.com O15 - Trusted Zone: *.my-siemens.com O15 - Trusted Zone: *.nokia-siemens-networks.com O15 - Trusted Zone: *.nokiasiemensnetworks.com O15 - Trusted Zone: *.osram-os.com O15 - Trusted Zone: *.osram-os.de O15 - Trusted Zone: *.otb.at O15 - Trusted Zone: *.passport.com O15 - Trusted Zone: *.passport.net O15 - Trusted Zone: *.ptc.com O15 - Trusted Zone: *.recruitmentplatform.com O15 - Trusted Zone: *.rolm.com O15 - Trusted Zone: *.rs-components.com O15 - Trusted Zone: *.rxs.fr O15 - Trusted Zone: *.s-partners.net O15 - Trusted Zone: *.sap-ag.de O15 - Trusted Zone: *.sap.com O15 - Trusted Zone: *.sbi-jena.de O15 - Trusted Zone: *.sbk.org O15 - Trusted Zone: *.sbs.at O15 - Trusted Zone: *.sbs.be O15 - Trusted Zone: *.sbs.de O15 - Trusted Zone: *.sbs.fr O15 - Trusted Zone: *.sbs.pl O15 - Trusted Zone: *.sbs.ru O15 - Trusted Zone: *.sbs.sk O15 - Trusted Zone: *.sbsitalia.it O15 - Trusted Zone: *.servicedesk.at O15 - Trusted Zone: *.sgpvt.at O15 - Trusted Zone: *.shs-online.de O15 - Trusted Zone: *.sibt.com O15 - Trusted Zone: *.sicad.de O15 - Trusted Zone: *.siemens-d-m.de O15 - Trusted Zone: *.siemens-emis.com O15 - Trusted Zone: *.siemens-mobile.com O15 - Trusted Zone: *.siemens-mobile.de O15 - Trusted Zone: *.siemens-psc.com O15 - Trusted Zone: *.siemens-real-estate.com O15 - Trusted Zone: *.siemens-sbs.ch O15 - Trusted Zone: *.siemens-scg.com O15 - Trusted Zone: *.siemens-sharenet.com O15 - Trusted Zone: *.siemens-vai.com O15 - Trusted Zone: azm.siemens.at O15 - Trusted Zone: owa.siemens.at O15 - Trusted Zone: *.siemens.at O15 - Trusted Zone: *.siemens.be O15 - Trusted Zone: *.siemens.bg O15 - Trusted Zone: *.siemens.ca O15 - Trusted Zone: *.siemens.ch O15 - Trusted Zone: *.siemens.cl O15 - Trusted Zone: *.siemens.com O15 - Trusted Zone: *.siemens.cz O15 - Trusted Zone: *.siemens.de O15 - Trusted Zone: *.siemens.dk O15 - Trusted Zone: *.siemens.es O15 - Trusted Zone: *.siemens.fi O15 - Trusted Zone: *.siemens.fr O15 - Trusted Zone: *.siemens.gr O15 - Trusted Zone: *.siemens.hr O15 - Trusted Zone: *.siemens.hu O15 - Trusted Zone: *.siemens.ie O15 - Trusted Zone: *.siemens.it O15 - Trusted Zone: *.siemens.kz O15 - Trusted Zone: *.siemens.lt O15 - Trusted Zone: *.siemens.lu O15 - Trusted Zone: *.siemens.net O15 - Trusted Zone: *.siemens.nl O15 - Trusted Zone: *.siemens.no O15 - Trusted Zone: *.siemens.pl O15 - Trusted Zone: *.siemens.pt O15 - Trusted Zone: *.siemens.ro O15 - Trusted Zone: *.siemens.ru O15 - Trusted Zone: *.siemens.se O15 - Trusted Zone: *.siemens.si O15 - Trusted Zone: *.siemens.sk O15 - Trusted Zone: *.siemens.sn O15 - Trusted Zone: *.siemensauto.de O15 - Trusted Zone: *.siemenscom.com O15 - Trusted Zone: *.siemensibc.de O15 - Trusted Zone: *.siemensmedical.com O15 - Trusted Zone: *.siemenspro.at O15 - Trusted Zone: *.siemensvdo.com O15 - Trusted Zone: *.siemensvdo.de O15 - Trusted Zone: *.siemensvdo.fr O15 - Trusted Zone: *.siemensvdo.ro O15 - Trusted Zone: *.siemenswelt.de O15 - Trusted Zone: *.sietec.de O15 - Trusted Zone: *.sim-immobilien.de O15 - Trusted Zone: *.sitest.net O15 - Trusted Zone: *.smsocs.com O15 - Trusted Zone: *.sni.at O15 - Trusted Zone: *.sni.de O15 - Trusted Zone: *.sni.fi O15 - Trusted Zone: *.sni.it O15 - Trusted Zone: *.sni.nl O15 - Trusted Zone: *.sni.no O15 - Trusted Zone: *.sni.se O15 - Trusted Zone: *.spiral.at O15 - Trusted Zone: *.spls.de O15 - Trusted Zone: *.sri-online.de O15 - Trusted Zone: *.sri.de O15 - Trusted Zone: *.sta-augsburg.de O15 - Trusted Zone: *.strein.at O15 - Trusted Zone: *.swh.sk O15 - Trusted Zone: *.sykatec.de O15 - Trusted Zone: *.sysdata.hu O15 - Trusted Zone: *.teamworks.at O15 - Trusted Zone: *.trangosoft.com O15 - Trusted Zone: *.vads.cc O15 - Trusted Zone: *.vai.at O15 - Trusted Zone: *.vareise.at O15 - Trusted Zone: *.vdogrp.de O15 - Trusted Zone: *.viefile1 O15 - Trusted Zone: *.vvk.com O15 - Trusted Zone: *.weissgmbh.de O15 - Trusted Zone: *.whiteoaksemi.com O15 - Trusted Zone: *.wts-ag.de O15 - Trusted IP range: 148.56.0.67 O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - O16 - DPF: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_13) - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ww300.siemens.net O17 - HKLM\Software\..\Telephony: DomainName = ww300.siemens.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ww300.siemens.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ww300.siemens.net O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll O23 - Service: CAT Service (CATService) - Siemens AG - C:\WINNT\CatPC\CatSVC\CatService.exe O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: License Agent - Siemens AG - C:\Program Files\Licensing\License Agent\bin\cla.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 18113 bytes ------------------------------------------------------------------------ . . Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten . . Volume in drive C is SYSTEM_W2K Volume Serial Number is 3C16-7963 Directory of C:\WINNT\system32 2007-08-14 13:20 399,972 perfh009.dat 2007-08-14 13:20 61,934 perfc009.dat 2007-08-14 13:20 469,014 PerfStringBackup.INI 2007-08-14 13:15 177,056 FNTCACHE.DAT 2007-08-14 12:26 2,206 wpa.dbl 2007-08-01 18:17 4,937 jupdate-1.6.0_02-b06.log 2007-07-22 18:39 279,552 swreg.exe 2007-07-15 17:02 304 results.txt 2007-07-12 02:22 139,264 javaws.exe 2007-07-12 02:22 69,632 javacpl.cpl 2007-07-12 01:22 135,168 javaw.exe 2007-07-12 01:22 135,168 java.exe 2007-06-20 23:08 93,128 ElbyCDIO.dll 2007-06-01 18:19 4,027 jupdate-1.6.0_01-b06.log 2007-05-16 17:12 683,520 inetcomm.dll 2007-05-04 14:59 3,064,320 mshtml.dll Volume in drive C is SYSTEM_W2K Volume Serial Number is 3C16-7963 Directory of C:\WINNT 2007-08-14 22:27 466 SMSCFG.ini 2007-08-14 22:26 0 0.log 2007-08-14 22:26 2,048 bootstat.dat 2007-08-14 21:20 32,482 SchedLgU.Txt 2007-08-14 21:20 196,422 WindowsUpdate.log 2007-08-14 13:22 787,281 iis6.log 2007-08-14 13:22 229,307 comsetup.log 2007-08-14 13:22 138,869 ntdtcsetup.log 2007-08-14 13:22 1,917 imsins.log 2007-08-14 13:22 33,907 tabletoc.log 2007-08-14 13:22 313,483 tsoc.log 2007-08-14 13:22 36,649 ocmsn.log 2007-08-14 13:22 118,092 netfxocm.log 2007-08-14 13:22 47,188 MedCtrOC.log 2007-08-14 13:22 335,086 ocgen.log 2007-08-14 13:22 34,054 msgsocm.log 2007-08-14 13:22 669,033 FaxSetup.log 2007-08-14 13:22 216,524 msmqinst.log 2007-08-14 13:21 643 win.ini 2007-08-14 13:21 227 system.ini 2007-08-14 13:13 7,751 cfgall.ini 2007-08-14 13:08 1,374 imsins.BAK 2007-08-14 13:08 17,294 KB886185.log 2007-08-14 13:07 39,709 updspapi.log 2007-08-14 13:06 16,070 KB935839.log 2007-08-14 13:05 16,345 KB925902.log 2007-08-14 13:05 15,082 KB923980.log 2007-08-05 10:03 1,630 TMFilter.log 2007-07-20 00:47 109,056 catchme.exe 2007-07-18 17:15 203,415 setupact.log 2007-07-18 17:15 1,075,736 setupapi.log.0.old 2007-07-18 16:01 32,856 DirectX.log 2007-07-15 22:13 1,253,950 DPINST.LOG 2007-06-17 00:11 51,200 nircmd.exe 2007-06-10 20:52 116 NeroDigital.ini 2007-06-05 21:54 152 NetwkCfg.txt 2007-06-05 21:35 1,498 checkip.dat 2007-04-04 17:24 98,304 system32CmdLineExt.dll . Volume in drive C is SYSTEM_W2K Volume Serial Number is 3C16-7963 Directory of C:\WINNT\temp 2006-02-07 17:10 172,099 DB4137.EXE 1 File(s) 172,099 bytes 0 Dir(s) 1,434,812,416 bytes free . . . Volume in drive C is SYSTEM_W2K Volume Serial Number is 3C16-7963 Directory of C:\WINNT\Downloaded Program Files 2007-03-27 16:00 5,021 swflash.inf 2006-03-02 15:40 1,271 erma.inf 2005-10-11 12:02 65 desktop.ini 2000-01-20 15:25 1,162 Microsoft XML Parser for Java.osd 4 File(s) 7,519 bytes 0 Dir(s) 1,434,812,416 bytes free bis jetzt hatte ich keine popups mehr hab scans mit ebido und cureit gemacht bei ebido millionen zeugs gefunden und gefixed ... |
|
|
|
|
|
|
24.08.2007, 16:02
Member
Themenstarter Beiträge: 14 |
#7
is clean jetz ? oder sollte ich noch mit was scannen oder entfernen ?
mfg |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ComboFix 07-08-04.3 - "atw10zu3" 2007-08-05 10:57:51.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\grouppolicy\machine\scripts\scripts.ini
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))
2007-08-05 10:56 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-04 17:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-04 12:05 <DIR> d-------- C:\Program Files\Defy Ford Heck
2007-08-04 12:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hold that admin ball
2007-08-04 12:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ball mapi owns ping
2007-07-23 21:50 <DIR> d-------- C:\Program Files\SFT Loader
2007-07-18 16:01 <DIR> d-------- C:\Program Files\directx
2007-07-18 15:59 <DIR> d-------- C:\Program Files\Rockstar Games
2007-07-15 23:55 <DIR> d-------- C:\Program Files\FLVPlayer
2007-07-15 22:12 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-15 17:02 21,425 --a------ C:\WINNT\system32\drivers\AegisP.sys
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\INST20~1\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\CATCLI~1\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-07-15 17:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-07-15 17:01 557,056 --a------ C:\WINNT\system32\Netw2c32.dll
2007-07-15 17:01 2,732,032 --a------ C:\WINNT\system32\Netw2r32.dll
2007-07-15 17:01 <DIR> d-------- C:\WINNT\system32\ReinstallBackups
2007-07-15 16:59 <DIR> d-------- C:\Intel
2007-07-12 19:34 <DIR> d-------- C:\tmp
2007-07-07 17:17 <DIR> d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\SlySoft
2007-07-07 17:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-07-07 17:02 <DIR> d-------- C:\Program Files\SlySoft
2007-07-07 16:51 97,056 -ra------ C:\WINNT\system32\drivers\W700mdm.sys
2007-07-07 16:51 9,264 -ra------ C:\WINNT\system32\drivers\W700mdfl.sys
2007-07-07 16:51 88,560 -ra------ C:\WINNT\system32\drivers\W700mgmt.sys
2007-07-07 16:51 86,368 -ra------ C:\WINNT\system32\drivers\W700obex.sys
2007-07-07 16:51 61,536 -ra------ C:\WINNT\system32\drivers\W700bus.sys
2007-07-07 16:51 6,208 -ra------ C:\WINNT\system32\drivers\W700cmnt.sys
2007-07-07 16:51 6,208 -ra------ C:\WINNT\system32\drivers\W700cm.sys
2007-07-07 16:51 5,840 -ra------ C:\WINNT\system32\drivers\W700whnt.sys
2007-07-07 16:51 5,840 -ra------ C:\WINNT\system32\drivers\W700wh.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-05 11:03 --------- d-------- C:\Program Files\OfficeScan NT
2007-08-05 10:12 --------- d-------- C:\Program Files\mIRC
2007-08-05 10:02 --------- d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\uTorrent
2007-08-05 00:45 --------- d-------- C:\Program Files\Winamp
2007-08-04 12:05 --------- d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\Defy Ford Heck
2007-07-18 15:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-15 18:12 --------- d-------- C:\Program Files\TrackMania Nations ESWC
2007-06-24 18:57 --------- d-------- C:\DOCUME~1\atw10zu3\APPLIC~1\Teleca
2007-06-22 15:54 99904 --a------ C:\WINNT\system32\drivers\AnyDVD.sys
2007-06-20 23:08 93128 --a------ C:\WINNT\system32\ElbyCDIO.dll
2007-06-18 21:29 --------- d-------- C:\Program Files\Mihov Image Resizer
2007-06-05 21:35 1498 --a------ C:\WINNT\checkip.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2005-03-18 15:36]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 11:59]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-27 11:58]
"RTHDCPL"="RTHDCPL.EXE" [2005-02-22 03:09 C:\WINNT\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-02-21 16:49 C:\WINNT\ALCMTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-15 02:00 C:\WINNT\AGRSMMSG.exe]
"Java Profiles Fix"="C:\Program Files\Java\Profile Fix\Java_Profile.exe" [2003-04-30 13:40]
"JavaProfileFix2"="C:\Program Files\Java\Profile Fix\Java_Profile_2.exe" [2004-03-04 14:33]
"CryptoExTrayV3"="C:\Program Files\CryptoEx\Common\CexTray.exe" [2004-11-01 13:13]
"CryptoExVolumeAutoMount"="C:\Program Files\CryptoEx\Volume\CexVolume.exe" [2004-11-01 17:52]
"SIECACST"="C:\Program Files\Siemens\Card API\bin\siecacst.exe" [2005-02-01 11:10]
"OfficeScanNT Monitor"="C:\Program Files\OfficeScan NT\pccntmon.exe" [2006-02-07 17:16]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 11:50]
"Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-04 02:56]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"NetPumper"="C:\Program Files\NetPumper\NetPumperIEProxy.exe" [2004-07-03 21:06]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-11-08 10:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-11-08 10:22]
"Owns Ping Ante Admin"="C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping\FOR SOFTWARE.exe" [2007-08-05 11:05]
"face itch safe admin"="C:\Documents and Settings\All Users\Application Data\Hold that admin ball\Jugs Stop Sixth.exe" [2007-08-04 12:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CatUserRun"="exec32 /wh /c chgreg5 /c" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56]
"Help 16"="C:\DOCUME~1\atw10zu3\APPLIC~1\DEFYFO~1\Size Okay.exe" [2007-08-04 12:05]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"1cexvolumeinstalldriver"=C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver
"2cexvolumeenabledriver"=C:\Program Files\CryptoEx\Volume\CexVolume.exe /EnableDriver
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"RunStartupScriptSync"=1 (0x1)
"SynchronousMachineGroupPolicy"=1 (0x1)
"SynchronousUserGroupPolicy"=1 (0x1)
"MaxGPOScriptWait"=3600 (0xe10)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConnectHomeDirToRoot"=0 (0x0)
"HideLogoffScripts"=1 (0x1)
"HideLogonScripts"=1 (0x1)
"HideLegacyLogonScripts"=1 (0x1)
"EnableProfileQuota"=1 (0x1)
"ProfileQuotaMessage"=You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
"MaxProfileSize"=24576 (0x6000)
"IncludeRegInProQuota"=1 (0x1)
"WarnUser"=1 (0x1)
"WarnUserTimeout"=15 (0xf)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoPublishingWizard"=1 (0x1)
"NoWebServices"=1 (0x1)
"NoOnlinePrintsWizard"=1 (0x1)
"NoMSAppLogo5ChannelNotify"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"PromptRunasInstallNetPath"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"GreyMSIAds"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"DisablePersonalDirChange"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoThumbnailCache"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon]
C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll 2004-11-01 13:04 57344 C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=CBEShutdown.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\CBESelect\CBESelect.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Startup.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\2]
"Script"=\\ww300.siemens.net\netlogon\CatPC\sissiupd\cksissi.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-14129\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-14129\Scripts\Logon\0\0]
"Script"=\\vies1fea.ww300.siemens.net\userdirs$\Homes_VIES1FEA.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-212355\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-212355\Scripts\Logoff\1\0]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Logoff.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-527237240-682003330-212355\Scripts\Logon\0\0]
"Script"=\\ww300.siemens.net\sysvol\ww300.siemens.net\scripts\CatPC\Scripts\Logon.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-484763869-1177238915-682003330-500\Scripts\Logoff\0\0]
"Script"=CBELogoff.bat
R0 iastor;Intel AHCI Controller;C:\WINNT\system32\DRIVERS\iaStor.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINNT\system32\drivers\sfvfs02.sys
R2 ACEDRV07;ACEDRV07;\??\C:\WINNT\system32\drivers\ACEDRV07.sys
R2 CATService;CAT Service;C:\WINNT\CatPC\CatSVC\CatService.exe
R2 CBBS;CAT Bulletin Board;"C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe"
R2 CcmExec;SMS Agent Host;C:\WINNT\system32\CCM\CcmExec.exe
R2 ntrtscan;OfficeScanNT RealTime Scan;"C:\Program Files\OfficeScan NT\ntrtscan.exe"
R2 s24trans;WLAN-Transport;C:\WINNT\system32\DRIVERS\s24trans.sys
R2 SU;SU Service;C:\WINNT\system32\suss.exe
R2 TmFilter;Trend Micro Filter;\??\C:\Program Files\OfficeScan NT\TmXPFlt.sys
R2 tmlisten;OfficeScanNT Listener;"C:\Program Files\OfficeScan NT\tmlisten.exe"
R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\OfficeScan NT\TmPreFlt.sys
R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\Program Files\OfficeScan NT\VSApiNt.sys
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINNT\system32\DRIVERS\FUJ02E3.sys
R3 sdbus;sdbus;C:\WINNT\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINNT\system32\DRIVERS\SynTP.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber fr Windows XP;C:\WINNT\system32\DRIVERS\w29n51.sys
S3 actser;actser;C:\WINNT\system32\drivers\actser.sys
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINNT\system32\DRIVERS\alcan5wn.sys
S3 GTwinUSB;GTwinUSB;C:\WINNT\system32\Drivers\GTwinUSB.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINNT\system32\DRIVERS\MSIRCOMM.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINNT\system32\NSNDIS5.SYS
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINNT\system32\CCM\prepdrv.sys
S3 r_server;Remote Administrator Service;"C:\Program Files\Radmin\r_server.exe" /service
S3 sffdisk;SFF Storage Class Driver;C:\WINNT\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINNT\system32\DRIVERS\sffp_sd.sys
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-Treiber;C:\WINNT\system32\DRIVERS\w22n51.sys
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINNT\system32\DRIVERS\w300bus.sys
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w300mdfl.sys
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w300mdm.sys
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w300mgmt.sys
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w300obex.sys
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINNT\system32\DRIVERS\W700bus.sys
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\W700mdfl.sys
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\W700mdm.sys
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\W700mgmt.sys
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\W700obex.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4685bf06-0563-11dc-8f09-0013ce26f162}]
AutoRun\command- wd_windows_tools\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-08-05 09:00:01 C:\WINNT\Tasks\AADA08139185BB0B.job - c:\docume~1\atw10zu3\applic~1\defyfo~1\Atomsixthbyte.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 11:04:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-05 11:07:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-05 11:07
--- E O F ---
------
HiJackThis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25, on 2007-08-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\CatPC\CatSVC\CatService.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\Licensing\License Agent\bin\cla.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\suss.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINNT\TEMP\JZA347.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\proquota.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\AGRSMMSG.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CryptoEx\Volume\CexVolumeWatcher.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\atw10zu3\My Documents\Downloads\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1.50.100.100:800
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix2] C:\Program Files\Java\Profile Fix\Java_Profile_2.exe
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [CryptoExVolumeAutoMount] "C:\Program Files\CryptoEx\Volume\CexVolume.exe" /AutoMount
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Owns Ping Ante Admin] C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping\FOR SOFTWARE.exe
O4 - HKLM\..\Run: [face itch safe admin] C:\Documents and Settings\All Users\Application Data\Hold that admin ball\Jugs Stop Sixth.exe
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Help 16] C:\DOCUME~1\atw10zu3\APPLIC~1\DEFYFO~1\Size Okay.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [1cexvolumeinstalldriver] C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [1cexvolumeinstalldriver] C:\Program Files\CryptoEx\Volume\CexVolume.exe /InstallDriver (User 'Default user')
O4 - Startup: Goowy Notifier.lnk = ?
O4 - Startup: goowyNotifier2327047424.lnk = C:\Program Files\Goowy\Notifier\goowyNotifier.exe
O4 - Global Startup: Dienst-Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.abatos.com
O15 - Trusted Zone: *.acuson.com
O15 - Trusted Zone: *.adb.be
O15 - Trusted Zone: *.amag.at
O15 - Trusted Zone: *.anfdata.cz
O15 - Trusted Zone: *.any4swat.net
O15 - Trusted Zone: *.ardentek.com
O15 - Trusted Zone: *.atea.be
O15 - Trusted Zone: *.audioservice.de
O15 - Trusted Zone: *.ba-ca.com
O15 - Trusted Zone: *.bbcom-hh.de
O15 - Trusted Zone: *.cerberus.ch
O15 - Trusted Zone: *.siemens.co.ae
O15 - Trusted Zone: *.voest.co.at
O15 - Trusted Zone: *.siemens.co.id
O15 - Trusted Zone: *.siemens-hearing.co.id
O15 - Trusted Zone: *.siemens.co.il
O15 - Trusted Zone: *.siemens.co.in
O15 - Trusted Zone: *.sisl.co.in
O15 - Trusted Zone: *.spcnl.co.in
O15 - Trusted Zone: *.siemens.co.ir
O15 - Trusted Zone: *.siemens.co.jp
O15 - Trusted Zone: *.siemens.co.kr
O15 - Trusted Zone: *.sbs.co.ma
O15 - Trusted Zone: *.siemens.co.ma
O15 - Trusted Zone: *.siemens.co.nz
O15 - Trusted Zone: *.siemens.co.ro
O15 - Trusted Zone: *.siemens.co.th
O15 - Trusted Zone: *.siemens.co.uk
O15 - Trusted Zone: *.siemenscomms.co.uk
O15 - Trusted Zone: *.sni.co.uk
O15 - Trusted Zone: *.siemens.co.yu
O15 - Trusted Zone: *.siemens.co.za
O15 - Trusted Zone: *.siemens.com.ar
O15 - Trusted Zone: *.siemensvdo.com.ar
O15 - Trusted Zone: *.siemens.com.au
O15 - Trusted Zone: *.siemens.com.bd
O15 - Trusted Zone: *.siemens.com.bh
O15 - Trusted Zone: *.siemens.com.bn
O15 - Trusted Zone: *.icotron.com.br
O15 - Trusted Zone: *.infineon.com.br
O15 - Trusted Zone: *.osram.com.br
O15 - Trusted Zone: *.sbt.com.br
O15 - Trusted Zone: *.siemens.com.br
O15 - Trusted Zone: *.siemens.com.cn
O15 - Trusted Zone: *.siemens-hearing.com.cn
O15 - Trusted Zone: *.siemens.com.co
O15 - Trusted Zone: *.siemens.com.ec
O15 - Trusted Zone: *.egti.com.eg
O15 - Trusted Zone: *.siemens.com.eg
O15 - Trusted Zone: *.siemens.com.hk
O15 - Trusted Zone: *.siemens.com.kw
O15 - Trusted Zone: *.siemens.com.lb
O15 - Trusted Zone: *.siemens.com.mx
O15 - Trusted Zone: *.siemens.com.my
O15 - Trusted Zone: *.siemens.com.ng
O15 - Trusted Zone: *.siemens.com.om
O15 - Trusted Zone: *.siemens.com.pe
O15 - Trusted Zone: *.siemens.com.ph
O15 - Trusted Zone: *.siemens.com.pk
O15 - Trusted Zone: *.iscosa.com.sa
O15 - Trusted Zone: *.siemens.com.sa
O15 - Trusted Zone: *.siemens.com.sg
O15 - Trusted Zone: *.siemenswestinghouse.com.sg
O15 - Trusted Zone: *.siemens.com.tn
O15 - Trusted Zone: *.sbs.com.tr
O15 - Trusted Zone: *.siemens.com.tr
O15 - Trusted Zone: *.simko.com.tr
O15 - Trusted Zone: *.siemens.com.tw
O15 - Trusted Zone: *.siemens.com.ua
O15 - Trusted Zone: *.siemens.com.uz
O15 - Trusted Zone: *.siemens.com.ve
O15 - Trusted Zone: *.comneon.com
O15 - Trusted Zone: *.dematic.com
O15 - Trusted Zone: *.dematic.de
O15 - Trusted Zone: *.e-utile.it
O15 - Trusted Zone: *.efficient.com
O15 - Trusted Zone: *.elmo-vacuum.com
O15 - Trusted Zone: *.emcom.ro
O15 - Trusted Zone: *.empros.com
O15 - Trusted Zone: *.entex.com
O15 - Trusted Zone: *.epos-d.com
O15 - Trusted Zone: *.eupec.com
O15 - Trusted Zone: *.eupec.de
O15 - Trusted Zone: *.fueruns-shop.de
O15 - Trusted Zone: *.gepas.com
O15 - Trusted Zone: *.gepas.de
O15 - Trusted Zone: *.gskv.de
O15 - Trusted Zone: *.herold.at
O15 - Trusted Zone: *.hoffmann-gmbh.de
O15 - Trusted Zone: *.hspkoeln.de
O15 - Trusted Zone: *.i-center.at
O15 - Trusted Zone: *.icsp.at
O15 - Trusted Zone: *.cvl.ind.br
O15 - Trusted Zone: *.infineon.com
O15 - Trusted Zone: *.infineon.de
O15 - Trusted Zone: *.innovest.at
O15 - Trusted Zone: *.iserv.cc
O15 - Trusted Zone: *.italdata.it
O15 - Trusted Zone: *.kordoba.de
O15 - Trusted Zone: *.landisgyr.com
O15 - Trusted Zone: *.landisstaefa.com
O15 - Trusted Zone: *.leo.org
O15 - Trusted Zone: *.milltronics.com
O15 - Trusted Zone: *.mobile-travel.com
O15 - Trusted Zone: *.mobisphere.com
O15 - Trusted Zone: *.mrtedtalentlink.com
O15 - Trusted Zone: *.my-siemens.com
O15 - Trusted Zone: *.osram-os.com
O15 - Trusted Zone: *.osram-os.de
O15 - Trusted Zone: *.otb.at
O15 - Trusted Zone: *.passport.com
O15 - Trusted Zone: *.passport.net
O15 - Trusted Zone: *.ptc.com
O15 - Trusted Zone: *.recruitmentplatform.com
O15 - Trusted Zone: *.rolm.com
O15 - Trusted Zone: *.rs-components.com
O15 - Trusted Zone: *.rxs.fr
O15 - Trusted Zone: *.s-partners.net
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sbi-jena.de
O15 - Trusted Zone: *.sbk.org
O15 - Trusted Zone: *.sbs.at
O15 - Trusted Zone: *.sbs.be
O15 - Trusted Zone: *.sbs.de
O15 - Trusted Zone: *.sbs.fr
O15 - Trusted Zone: *.sbs.pl
O15 - Trusted Zone: *.sbs.ru
O15 - Trusted Zone: *.sbs.sk
O15 - Trusted Zone: *.sbsitalia.it
O15 - Trusted Zone: *.servicedesk.at
O15 - Trusted Zone: *.sgpvt.at
O15 - Trusted Zone: *.shs-online.de
O15 - Trusted Zone: *.sibt.com
O15 - Trusted Zone: *.sicad.de
O15 - Trusted Zone: *.siemens-d-m.de
O15 - Trusted Zone: *.siemens-emis.com
O15 - Trusted Zone: *.siemens-mobile.com
O15 - Trusted Zone: *.siemens-mobile.de
O15 - Trusted Zone: *.siemens-psc.com
O15 - Trusted Zone: *.siemens-real-estate.com
O15 - Trusted Zone: *.siemens-sbs.ch
O15 - Trusted Zone: *.siemens-scg.com
O15 - Trusted Zone: *.siemens-sharenet.com
O15 - Trusted Zone: azm.siemens.at
O15 - Trusted Zone: owa.siemens.at
O15 - Trusted Zone: *.siemens.at
O15 - Trusted Zone: *.siemens.be
O15 - Trusted Zone: *.siemens.bg
O15 - Trusted Zone: *.siemens.ca
O15 - Trusted Zone: *.siemens.ch
O15 - Trusted Zone: *.siemens.cl
O15 - Trusted Zone: *.siemens.com
O15 - Trusted Zone: *.siemens.cz
O15 - Trusted Zone: *.siemens.de
O15 - Trusted Zone: *.siemens.dk
O15 - Trusted Zone: *.siemens.es
O15 - Trusted Zone: *.siemens.fi
O15 - Trusted Zone: *.siemens.fr
O15 - Trusted Zone: *.siemens.gr
O15 - Trusted Zone: *.siemens.hr
O15 - Trusted Zone: *.siemens.hu
O15 - Trusted Zone: *.siemens.ie
O15 - Trusted Zone: *.siemens.it
O15 - Trusted Zone: *.siemens.kz
O15 - Trusted Zone: *.siemens.lt
O15 - Trusted Zone: *.siemens.lu
O15 - Trusted Zone: *.siemens.net
O15 - Trusted Zone: *.siemens.nl
O15 - Trusted Zone: *.siemens.no
O15 - Trusted Zone: *.siemens.pl
O15 - Trusted Zone: *.siemens.pt
O15 - Trusted Zone: *.siemens.ro
O15 - Trusted Zone: *.siemens.ru
O15 - Trusted Zone: *.siemens.se
O15 - Trusted Zone: *.siemens.si
O15 - Trusted Zone: *.siemens.sk
O15 - Trusted Zone: *.siemens.sn
O15 - Trusted Zone: *.siemensauto.de
O15 - Trusted Zone: *.siemenscom.com
O15 - Trusted Zone: *.siemensibc.de
O15 - Trusted Zone: *.siemensmedical.com
O15 - Trusted Zone: *.siemenspro.at
O15 - Trusted Zone: *.siemensvdo.com
O15 - Trusted Zone: *.siemensvdo.de
O15 - Trusted Zone: *.siemensvdo.fr
O15 - Trusted Zone: *.siemensvdo.ro
O15 - Trusted Zone: *.siemenswelt.de
O15 - Trusted Zone: *.sietec.de
O15 - Trusted Zone: *.sim-immobilien.de
O15 - Trusted Zone: *.sitest.net
O15 - Trusted Zone: *.smsocs.com
O15 - Trusted Zone: *.sni.at
O15 - Trusted Zone: *.sni.de
O15 - Trusted Zone: *.sni.fi
O15 - Trusted Zone: *.sni.it
O15 - Trusted Zone: *.sni.nl
O15 - Trusted Zone: *.sni.no
O15 - Trusted Zone: *.sni.se
O15 - Trusted Zone: *.spiral.at
O15 - Trusted Zone: *.spls.de
O15 - Trusted Zone: *.sri-online.de
O15 - Trusted Zone: *.sri.de
O15 - Trusted Zone: *.sta-augsburg.de
O15 - Trusted Zone: *.strein.at
O15 - Trusted Zone: *.swh.sk
O15 - Trusted Zone: *.sykatec.de
O15 - Trusted Zone: *.sysdata.hu
O15 - Trusted Zone: *.teamworks.at
O15 - Trusted Zone: *.trangosoft.com
O15 - Trusted Zone: *.vads.cc
O15 - Trusted Zone: *.vai.at
O15 - Trusted Zone: *.vareise.at
O15 - Trusted Zone: *.vdogrp.de
O15 - Trusted Zone: *.viefile1
O15 - Trusted Zone: *.vvk.com
O15 - Trusted Zone: *.weissgmbh.de
O15 - Trusted Zone: *.whiteoaksemi.com
O15 - Trusted Zone: *.wts-ag.de
O15 - Trusted IP range: 148.56.0.67
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) -
O16 - DPF: {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_13) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ww300.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = ww300.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ww300.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ww300.siemens.net
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O23 - Service: CAT Service (CATService) - Siemens AG - C:\WINNT\CatPC\CatSVC\CatService.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: License Agent - Siemens AG - C:\Program Files\Licensing\License Agent\bin\cla.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Program Files\Radmin\r_server.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 18355 bytes
---------------
datfind.bad log
Volume in drive C is SYSTEM_W2K
Volume Serial Number is 3C16-7963
Directory of C:\WINNT\system32
2007-08-04 11:57 2,206 wpa.dbl
2007-08-01 18:17 4,937 jupdate-1.6.0_02-b06.log
2007-07-22 18:39 279,552 swreg.exe
2007-07-15 17:02 304 results.txt
2007-07-15 13:29 399,972 perfh009.dat
2007-07-15 13:29 61,934 perfc009.dat
2007-07-15 13:29 470,642 PerfStringBackup.INI
2007-07-12 02:22 139,264 javaws.exe
2007-07-12 02:22 69,632 javacpl.cpl
2007-07-12 01:22 135,168 javaw.exe
2007-07-12 01:22 135,168 java.exe
2007-06-20 23:08 93,128 ElbyCDIO.dll
2007-06-01 18:19 4,027 jupdate-1.6.0_01-b06.log
2007-03-13 14:11 122,198 TZLog.log
2007-03-04 16:58 9,354 jupdate-1.5.0_11-b03.log
2007-02-05 11:18 77,868 TEvtLog.dll
2007-02-01 23:41 9,140 jupdate-1.5.0_10-b03.log
2007-01-29 10:58 60,416 tzchange.exe
2007-01-25 14:24 616,960 urlmon.dll
2007-01-23 21:29 546,304 hhctrl.ocx
2007-01-19 12:53 51,056 sirenacm.dll
2007-01-04 16:05 1,498,112 shdocvw.dll
2007-01-04 16:05 665,088 wininet.dll
2007-01-04 16:05 39,424 pngfilt.dll
2007-01-04 16:05 532,480 mstime.dll
2007-01-04 16:05 474,112 shlwapi.dll
2007-01-04 16:05 96,256 inseng.dll
2007-01-04 16:05 449,024 mshtmled.dll
2007-01-04 16:05 16,384 jsproxy.dll
2007-01-04 16:05 146,432 msrating.dll
2007-01-04 16:05 1,022,976 browseui.dll
2007-01-04 16:05 151,040 cdfview.dll
2007-01-04 16:05 55,808 extmgr.dll
2007-01-04 16:05 205,312 dxtrans.dll
2007-01-04 16:05 357,888 dxtmsft.dll
2007-01-04 16:05 251,904 iepeers.dll
2007-01-04 16:05 1,054,208 danim.dll
2007-01-04 12:50 248,320 xpsp3res.dll
2007-01-04 07:05 3,062,272 mshtml.dll
---------
Volume in drive C is SYSTEM_W2K
Volume Serial Number is 3C16-7963
Directory of C:\DOCUME~1\atw10zu3\LOCALS~1\Temp
2007-08-05 11:26 104,630 datfind.txt
2007-08-05 11:24 114,688 ~DFEE21.tmp
2007-08-05 11:10 173 jusched.log
3 File(s) 219,491 bytes
0 Dir(s) 3,246,555,136 bytes free
.
.
.
Volume in drive C is SYSTEM_W2K
Volume Serial Number is 3C16-7963
Directory of C:\WINNT
2007-08-05 11:04 178,464 WindowsUpdate.log
2007-08-05 11:04 466 SMSCFG.ini
2007-08-05 11:03 0 0.log
2007-08-05 11:03 2,048 bootstat.dat
2007-08-05 11:02 32,482 SchedLgU.Txt
2007-08-05 10:03 1,630 TMFilter.log
2007-07-20 00:47 109,056 catchme.exe
2007-07-18 17:15 203,415 setupact.log
2007-07-18 17:15 1,075,736 setupapi.log
2007-07-18 16:01 32,856 DirectX.log
2007-07-15 22:13 1,253,950 DPINST.LOG
2007-06-17 00:11 51,200 nircmd.exe
2007-06-10 20:52 116 NeroDigital.ini
2007-06-05 21:54 152 NetwkCfg.txt
2007-06-05 21:35 1,498 checkip.dat
2007-04-04 17:24 98,304 system32CmdLineExt.dll
2007-03-13 14:13 680,398 iis6.log
2007-03-13 14:13 196,568 comsetup.log
2007-03-13 14:13 266,593 tsoc.log
2007-03-13 14:13 1,374 imsins.log
2007-03-13 14:13 118,687 ntdtcsetup.log
2007-03-13 14:13 28,931 tabletoc.log
2007-03-13 14:13 31,094 ocmsn.log
2007-03-13 14:13 100,255 netfxocm.log
2007-03-13 14:13 40,094 MedCtrOC.log
2007-03-13 14:13 285,620 ocgen.log
2007-03-13 14:13 28,940 msgsocm.log
2007-03-13 14:13 569,568 FaxSetup.log
2007-03-13 14:13 186,694 msmqinst.log
2007-03-13 14:13 1,374 imsins.BAK
2007-03-13 14:12 33,589 updspapi.log
2007-03-13 14:10 7,749 cfgall.ini
2007-03-13 14:10 12,953 KB928255.log
2007-03-13 14:09 11,427 KB928843.log
2007-03-13 14:09 11,182 KB924270.log
2007-03-13 14:08 7,354 KB920213.log
2007-03-13 14:08 370 ODBC.INI
2007-03-13 10:24 14,218 ASS_150E.INI
2007-01-21 22:13 159 wiadebug.log
2007-01-21 22:13 49 wiaservc.log
2007-01-13 23:29 249,856 Setup1.exe
2007-01-13 23:29 73,216 ST6UNST.EXE
---------------------
Problembeschreibung:
Seit ich diese popups habe die sich von Casinos, Klingeltöne, bis zu Titten und Ärsche erstrecken ( weshab mich meine freundin schon gefragt hat wo ich herumsurf -.- ) geht auch mit dem internet nix mehr weiter
die geschwindigkeit beim Seitenaufbau is phänomenal langsam ...
ich hoffe ihr habt eine Lösung für mich
LG Dworschi