LOP Toolbar Activity Pop-Up

#1 Hey!!
Vieleicht könnt ihr mir helfen...
Ich bekomm seit einigen Tagen alle paar Minuten ein Pop-Up von Norton, das besagt das ein Angriff auf meinen PC abgwehrt wird...

und bei Details steht dann "hohes Risiko" "Lop toolbar Activity", aber löschen kann norton den Blödsinn wiedermal nicht

habt Ihr vieleicht irgendeine Idee??

mfG, caniball

#2 hier fängts an

http://board.protecus.de/t23188.htm

#3 Hey, Hoff ich hab alles richtig gemacht!

_____________________________________________

ComboFix 07-10-26.4 - caniball 2007-10-27 12:27:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1282 [GMT 2:00]
ausgeführt von:: C:\Users\caniball\Desktop\Spyware Adware Malware Chk\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2007-09-27 bis 2007-10-27 ))))))))))))))))))))))))))))))
.

2007-10-27 12:23 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-26 22:29 <DIR> d-------- C:\Program Files\hmmm
2007-10-26 02:03 0 --a------ C:\Windows\System32\SBRC.dat
2007-10-26 02:03 0 --a------ C:\Windows\System32\SBFC.dat
2007-10-26 01:39 <DIR> d-------- C:\Users\caniball\AppData\Roaming\Sunbelt Software
2007-10-26 01:39 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2007-10-26 01:39 <DIR> d-------- C:\ProgramData\Sunbelt Software
2007-10-25 10:17 <DIR> d-------- C:\Program Files\CounterSpy
2007-10-25 10:13 <DIR> d-------- C:\Program Files\CCleaner
2007-10-25 00:01 <DIR> d-------- C:\Windows\C8BB491212D942AEB571E580D8CD1B5B.TMP
2007-10-24 23:02 <DIR> d-------- C:\Windows\pss
2007-10-24 22:47 <DIR> d-------- C:\Users\caniball\AppData\Roaming\Grisoft
2007-10-24 22:47 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-10-24 22:46 <DIR> d-------- C:\Users\All Users\Grisoft
2007-10-24 22:46 <DIR> d-------- C:\ProgramData\Grisoft
2007-10-24 22:46 <DIR> d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-10-24 18:20 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-10-24 18:20 <DIR> d-------- C:\ProgramData\Lavasoft
2007-10-24 18:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-24 09:32 205,824 --a------ C:\Windows\System32\msoeacct.dll
2007-10-24 09:32 87,040 --a------ C:\Windows\System32\msoert2.dll
2007-10-24 09:32 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2007-10-24 09:31 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-10-24 09:31 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-10-24 09:30 2,048 --a------ C:\Windows\System32\tzres.dll
2007-10-24 09:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-24 09:27 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-10-24 09:27 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-10-24 09:27 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2007-10-24 09:27 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-10-24 09:27 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-10-24 09:27 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-10-24 09:24 2,026,496 --a------ C:\Windows\System32\win32k.sys
2007-10-24 09:24 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-24 09:24 633,856 --a------ C:\Windows\System32\user32.dll
2007-10-24 09:24 152,576 --a------ C:\Windows\System32\imagehlp.dll
2007-10-24 09:24 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2007-10-24 09:24 5,120 --a------ C:\Windows\System32\wmi.dll
2007-10-24 09:23 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-10-24 07:51 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-10-24 07:51 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-10-24 07:51 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-10-24 07:51 43,352 --a------ C:\Windows\System32\wups2.dll
2007-10-24 07:48 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-10-24 07:48 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-10-24 07:48 33,624 --a------ C:\Windows\System32\wups.dll
2007-10-24 07:46 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-10-24 07:46 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-10-24 05:18 6 --a------ C:\RECOVERY.DAT
2007-10-24 05:15 1,418,720 --a------ C:\Windows\System32\WdfCoinstaller01001.dll
2007-10-24 05:15 140,800 --a------ C:\Windows\System32\drivers\Apfiltr.sys
2007-10-24 05:15 100,030 --a------ C:\Windows\System32\Vxdif.dll
2007-10-24 05:12 <DIR> d-------- C:\Program Files\PowerForPhone
2007-10-24 05:12 2,384,897 --a------ C:\Windows\snuninst.exe
2007-10-24 05:12 1,743,232 --a------ C:\Windows\System32\drivers\snp2uvc.sys
2007-10-24 05:12 28,160 --a------ C:\Windows\System32\drivers\sncduvc.sys
2007-10-24 05:11 1,048,576 --a------ C:\F3Ka.BIN
2007-10-24 05:10 <DIR> d-------- C:\Program Files\Apoint2K
2007-10-24 05:06 29,752 --a------ C:\Windows\System32\drivers\AsDsm.sys
2007-10-24 05:05 <DIR> d-------- C:\Users\All Users\P4G
2007-10-24 05:05 <DIR> d-------- C:\ProgramData\P4G
2007-10-24 05:05 <DIR> d-------- C:\Program Files\P4G
2007-10-24 05:04 155,648 --a------ C:\Windows\System32\ACEngSvr.exe
2007-10-24 05:01 90,112 --a------ C:\Windows\System32\snymsico.dll
2007-10-24 05:01 42,496 --a------ C:\Windows\System32\drivers\rimsptsk.sys
2007-10-24 05:01 39,936 --a------ C:\Windows\System32\drivers\rimmptsk.sys
2007-10-24 05:01 37,376 --a------ C:\Windows\System32\drivers\rixdptsk.sys
2007-10-24 05:01 16,480 --a------ C:\Windows\System32\rixdicon.dll
2007-10-24 04:59 76,288 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2007-10-24 04:58 <DIR> d-------- C:\Users\All Users\ASUS
2007-10-24 04:58 <DIR> d-------- C:\ProgramData\ASUS
2007-10-24 04:55 <DIR> d-------- C:\Windows\Options
2007-10-24 04:55 <DIR> d-------- C:\Users\All Users\Atheros
2007-10-24 04:55 <DIR> d-------- C:\ProgramData\Atheros
2007-10-24 04:55 <DIR> d-------- C:\Program Files\Atheros
2007-10-24 04:55 694,784 --a------ C:\Windows\System32\drivers\athr.sys
2007-10-24 04:55 694,784 --a------ C:\Windows\System32\athr.sys
2007-10-24 04:54 <DIR> d-------- C:\Program Files\Wireless Console 2
2007-10-24 04:46 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-10-24 04:46 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2007-10-24 04:45 <DIR> d-------- C:\Users\All Users\Symantec
2007-10-24 04:45 <DIR> d-------- C:\ProgramData\Symantec
2007-10-24 04:45 <DIR> d-------- C:\Program Files\Symantec
2007-10-24 04:44 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-24 04:44 <DIR> d-------- C:\Program Files\ATKOSD2
2007-10-24 04:43 <DIR> d-------- C:\Program Files\ATKGFNEX
2007-10-24 04:42 <DIR> d-------- C:\Program Files\ATK Hotkey
2007-10-24 04:41 <DIR> d-------- C:\Windows\System32\RTCOM
2007-10-24 04:40 <DIR> d-------- C:\Program Files\Realtek
2007-10-24 04:40 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-24 04:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-24 04:35 <DIR> d-------- C:\Program Files\ATI Technologies
2007-10-24 04:34 <DIR> d-------- C:\Program Files\ATI
2007-10-24 04:33 <DIR> d-------- C:\Program Files\ASUS
2007-10-24 04:28 <DIR> d-------- C:\Program Files\Motorola
2007-10-23 23:30 <DIR> d-------- C:\Users\All Users\beep axis mode free
2007-10-23 23:30 <DIR> d-------- C:\ProgramData\beep axis mode free
2007-10-23 22:22 <DIR> d-------- C:\Users\caniball\AppData\Roaming\Logitech
2007-10-23 22:21 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-23 22:20 546 --a------ C:\Windows\System32\ABF3Ka.DAT

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 16:28 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2007-10-24 16:28 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2007-10-24 16:01 --------- d-----w C:\Program Files\Windows Mail
2007-10-24 07:28 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-10-24 07:28 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-10-24 07:28 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-10-24 07:28 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-10-24 07:28 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-10-24 07:28 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-10-24 07:28 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-10-24 07:28 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-10-24 07:28 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-10-24 07:28 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-10-24 07:25 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-24 07:25 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-24 07:25 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-24 07:25 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-24 07:25 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-24 07:25 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-10-24 05:34 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2007-10-24 05:34 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2007-10-24 03:10 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2007-10-24 02:40 319,456 ----a-w C:\Windows\DIFxAPI.dll
2007-10-24 02:40 315,392 ----a-w C:\Windows\HideWin.exe
2007-10-23 18:44 0 ----a-w C:\Windows\system32\drivers\1043_ASUSTeK_F3Ka.alu
2007-09-18 12:44 10,662 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-08-27 09:26 27,120 ----a-w C:\Windows\System32\SBBD.exe
2007-08-16 14:17 51,568 ----a-w C:\Windows\System32\sirenacm.dll
2007-08-08 14:30 19,456 ----a-w C:\Windows\System32\OnlineScannerLang.dll
2007-08-02 16:11 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
2007-08-02 16:11 241,664 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
2007-07-27 13:49 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
2007-07-27 13:49 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 14:34]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 10:45 C:\Windows\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 03:22]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\Windows\KHALMNPR.Exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45]
"SBCSTray"="C:\Program Files\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
"MODE FREE BIRD SURF"="C:\ProgramData\bias hold 32.ocsjp4o" [2007-10-23 23:30]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-23 22:07:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

R0 AsDsm;AsDsm;C:\Windows\system32\drivers\AsDsm.sys
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071020.002\IDSvix86.sys
R2 ADSMService;ADSM Service;C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe
R2 ASMMAP;ASMMAP;\??\C:\Program Files\ATKGFNEX\ASMMAP.sys
R2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files\ATKGFNEX\GFNEXSrv.exe
R2 ghaio;ghaio;\??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe -k netsvcs
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
S3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners
"2007-10-26 15:16:25 C:\Windows\Tasks\1-Klick-Wartung.job"
"2007-10-24 05:41:35 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - caniball.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 12:38:03
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-10-27 12:43:41
.
________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:12, on 27.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\bias hold 32.ocsjp4o"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7972 bytes
_________________________________________________________________
.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Datentr„ger in Laufwerk C: ist VistaOS
Volumeseriennummer: 6AD9-FD6E

Verzeichnis von C:\Windows\system32

27.10.2007 12:05 610.142 perfh009.dat
27.10.2007 12:05 103.924 perfc009.dat
27.10.2007 12:05 641.344 perfh007.dat
27.10.2007 12:05 116.706 perfc007.dat
27.10.2007 12:05 1.461.736 PerfStringBackup.INI
27.10.2007 11:58 3.072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
27.10.2007 11:58 3.072 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
26.10.2007 02:03 0 SBFC.dat
26.10.2007 02:03 0 SBRC.dat
24.10.2007 23:37 45.056 acovcnt.exe
24.10.2007 18:02 228.840 FNTCACHE.DAT
24.10.2007 09:32 39.424 ACCTRES.dll
24.10.2007 09:32 205.824 msoeacct.dll
24.10.2007 09:32 87.040 msoert2.dll
24.10.2007 09:31 49.664 csrsrv.dll
24.10.2007 09:31 376.320 winsrv.dll
24.10.2007 09:30 2.048 tzres.dll
24.10.2007 09:28 414.208 msscp.dll
24.10.2007 09:28 392.192 FirewallAPI.dll
24.10.2007 09:28 396.800 MPSSVC.dll
24.10.2007 09:28 86.016 icfupgd.dll
24.10.2007 09:28 16.896 wfapigp.dll
24.10.2007 09:28 61.952 cmifw.dll
24.10.2007 09:28 178.688 iphlpsvc.dll
24.10.2007 09:27 8.147.968 wmploc.DLL
24.10.2007 09:27 10.617.344 wmp.dll
24.10.2007 09:27 7.680 spwmp.dll
24.10.2007 09:27 4.096 dxmasf.dll
24.10.2007 09:27 4.096 msdxm.ocx
24.10.2007 09:27 104.448 DWWIN.EXE
24.10.2007 09:27 1.191.936 msxml3.dll
24.10.2007 09:27 2.048 msxml3r.dll
24.10.2007 09:25 3.584.512 mshtml.dll
24.10.2007 09:25 1.383.424 mshtml.tlb
24.10.2007 09:25 477.696 mshtmled.dll
24.10.2007 09:25 180.736 ieui.dll
24.10.2007 09:25 6.058.496 ieframe.dll
24.10.2007 09:25 1.152.000 urlmon.dll
24.10.2007 09:25 824.832 wininet.dll
24.10.2007 09:25 27.648 jsproxy.dll
24.10.2007 09:25 124.928 advpack.dll
24.10.2007 09:25 63.488 ie4uinit.exe
24.10.2007 09:25 44.544 iernonce.dll
24.10.2007 09:25 56.320 iesetup.dll
24.10.2007 09:25 26.624 ieUnatt.exe
24.10.2007 09:25 1.824.768 inetcpl.cpl
24.10.2007 09:25 63.488 icardie.dll
24.10.2007 09:25 671.232 mstime.dll
24.10.2007 09:25 214.528 dxtrans.dll
24.10.2007 09:25 347.136 dxtmsft.dll
24.10.2007 09:25 2.455.488 ieapfltr.dat
24.10.2007 09:25 383.488 ieapfltr.dll
24.10.2007 09:25 1.335.296 msxml6.dll
24.10.2007 09:25 2.048 msxml6r.dll
24.10.2007 09:25 84.480 INETRES.dll
24.10.2007 09:25 737.792 inetcomm.dll
24.10.2007 09:24 788.992 rpcrt4.dll
24.10.2007 09:24 5.120 wmi.dll
24.10.2007 09:24 152.576 imagehlp.dll
24.10.2007 09:24 2.026.496 win32k.sys
24.10.2007 09:24 633.856 user32.dll
24.10.2007 09:23 750.080 qmgr.dll
24.10.2007 07:51 1.524.224 wucltux.dll
24.10.2007 07:51 43.352 wups2.dll
24.10.2007 07:51 53.080 wuauclt.exe
24.10.2007 07:51 1.712.984 wuaueng.dll
24.10.2007 07:48 80.896 wudriver.dll
24.10.2007 07:48 33.624 wups.dll
24.10.2007 07:48 549.720 wuapi.dll
24.10.2007 07:46 163.000 wuwebv.dll
24.10.2007 07:46 31.232 wuapp.exe
23.10.2007 22:20 546 ABF3Ka.DAT
27.09.2007 22:19 18.089.592 mrt.exe
27.08.2007 11:26 27.120 SBBD.exe
16.08.2007 16:17 51.568 sirenacm.dll
08.08.2007 16:31 2.707.456 OnlineScanner.ocx
08.08.2007 16:30 19.456 OnlineScannerLang.dll
02.08.2007 18:11 253.952 OnlineScannerDLLA.dll
02.08.2007 18:11 241.664 OnlineScannerDLLW.dll
27.07.2007 15:49 196.683 lnod32apiA.dll
27.07.2007 15:49 225.355 lnod32apiW.dll
22.07.2007 18:39 279.552 swreg.exe
16.07.2007 10:34 2.048.000 RtkAPO.dll
06.07.2007 05:04 532.480 RTSndMgr.cpl
06.07.2007 04:27 17.408 RtkCoInst.dll

#4 Download DeljobZip zum Desktop
Doppelklick: Deljob.exe
Ein logfile wird sich oeffnen (logit.txt)
Kopiere den Inhalt des Berichts “ logit.txt in diesen Thread
__________
MfG Argus

#5 --------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

1-Klick-Wartung.job
Norton Internet Security - Run Full System Scan - caniball.job
--------------------------------------------------------
App data folders

Datenträger in Laufwerk C: ist VistaOS
Volumeseriennummer: 6AD9-FD6E

Verzeichnis von C:\Users\caniball\AppData\Roaming

26.10.2007 01:39 <DIR> .
26.10.2007 01:39 <DIR> ..
23.10.2007 20:35 <DIR> ATI
24.10.2007 22:47 <DIR> Grisoft
23.10.2007 22:23 <DIR> ICQ
23.10.2007 20:34 <DIR> IDENTI~1 Identities
23.10.2007 20:33 <DIR> INSTAL~1 InstallShield
23.10.2007 22:22 <DIR> Logitech
23.10.2007 20:40 <DIR> MACROM~1 Macromedia
02.11.2006 14:37 <DIR> MEDIAC~1 Media Center Programs
23.10.2007 22:38 <DIR> MICROS~1 Microsoft
23.10.2007 20:44 <DIR> Mozilla
26.10.2007 01:39 <DIR> SUNBEL~1 Sunbelt Software
23.10.2007 20:44 <DIR> Talkback
23.10.2007 20:52 <DIR> TUNEUP~1 TuneUp Software
23.10.2007 22:07 <DIR> vlc
24.10.2007 08:40 <DIR> WinRAR
0 Datei(en), 0 Bytes
17 Verzeichnis(se), 60.424.716.288 Bytes frei
Datenträger in Laufwerk C: ist VistaOS
Volumeseriennummer: 6AD9-FD6E

Verzeichnis von C:\ProgramData\Application Data

--------------------------------------------------------

#6 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\bias hold 32.ocsjp4o"

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Download KillAFile by Marckie, zum Desktop

Packe die Datei aus,und speichere sie in einem Ordner auf deinem Desktop
Öffne den Ordner KillAFile
mach einen Doppelklick auf die Datei kill.bat
Wähle die Option 2: replace a file on reboot
Wenn du die Meldung bekommst Insert full path and filename to delete and then press enter
schreibst/Kopierst du rein:

C:\ProgramData\bias hold 32.ocsjp4o

Wenn die Datei anwesend ist kommt eine Meldung um alle offene Fenster zu schliessen,
und dass der Rechner neu starten wird(reboot)

Poste ein log von Hijack This
__________
MfG Argus

#7 Hey...das Kill.bathat die Datei nicht gefunden....hier ist das neue HJT-LoG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:35, on 28.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\CounterSpy\SBCSSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7888 bytes

#8 Download OTMoveIt zum Desktop
Oeffne:OTMoveIt.exe
Kopiere (selektiere en klick Ctrl-C) alle unterstehende

C:\Users\All Users\beep axis mode free
C:\ProgramData\beep axis mode free

im linken Fenster ,wo steht Paste List of Files/Folders to be moved

Klicke auf den Roten MoveIt! knopf
Wenn das Tool fertig ist wird ein log erstellt (*******_******.log *steht fuer datum und zeit
In Datei C:\_OTMoveIt\MovedFiles\
Mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen
__________
MfG Argus

#9 C:\Users\All Users\beep axis mode free moved successfully.
File/Folder C:\ProgramData\beep axis mode free not found.

Created on 10.28.2007 13:40:09

#10 Hast du jetzt noch pop-ups
Muss sagen hab weig ahnung von Vista
Schau mal nach ob C:\ProgramData\beep axis mode free noch da ist
__________
MfG Argus

#11 C:\ProgramData\beep axis mode free ist denk ich nicht mehr da....jedenfalls find ich sie nicht...
und Pop-up hab ich seit zirka 30 Minuten nicht mehr...

Edit: Jetz hat ich grad wieder eins...