Ständige pop ups (gelbes warn Dreieck) |
||
---|---|---|
#0
| ||
04.12.2007, 22:00
...neu hier
Beiträge: 6 |
||
|
||
04.12.2007, 22:42
Ehrenmitglied
Beiträge: 6028 |
#2
Entferne auf C:\ Qoobox-->Papierkorb leeren
Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: (no name) - {245A6CD4-5EA9-B9EB-791A-06F67243094D} - C:\Programme\Blaxbdoh\zbswzpel.dll O2 - BHO: (no name) - {7B7765D7-A4F4-4CD6-BD09-86FEBB85DBD1} - C:\WINDOWS\system32\pmkjj.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\Programme\Rapidown\rapi310.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wwrmjwfx.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wwrmjwfx.dll O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing) O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\ O20 - Winlogon Notify: wwrmjwfx - C:\WINDOWS\SYSTEM32\wwrmjwfx.dll klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst cfscript.txt 1. Den folgenden blauen Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. file:: C:\WINDOWS\system32\jjkmp.ini C:\WINDOWS\system32\wwrmjwfx.dllbox C:\WINDOWS\system32\jjkmp.ini2 C:\WINDOWS\system32\wwrmjwfx.dll C:\WINDOWS\system32\bjjlpasu.dll C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\yaywwvs.dll Folder:: C:\Programme\Blaxbdoh 2. Sleppe diese Datei in ComboFix.exe(sehe Bild) ComboFix wird jetzt starten und die Daten ausfuehren Nach neustart des Rechners,poste das log von ComboFix Und ein log von Hijack This __________ MfG Argus |
|
|
||
05.12.2007, 15:00
...neu hier
Themenstarter Beiträge: 6 |
#3
ComboFix 07-12-02.6 - Dominik 2007-12-05 7:14:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1459 [GMT 1:00] ausgeführt von:: C:\Dokumente und Einstellungen\Dominik\Desktop\ComboFix.exe Command switches used :: C:\Dokumente und Einstellungen\Dominik\Desktop\cfscript.txt * Neuer Wiederherstellungspunkt wurde erstellt FILE C:\WINDOWS\system32\bjjlpasu.dll C:\WINDOWS\system32\jjkmp.ini C:\WINDOWS\system32\jjkmp.ini2 C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\wwrmjwfx.dll C:\WINDOWS\system32\wwrmjwfx.dllbox C:\WINDOWS\system32\yaywwvs.dll . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Startmenü\Live Safety Center.lnk C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.lnk C:\Dokumente und Einstellungen\Dominik\Desktop\Live Safety Center.lnk C:\Dokumente und Einstellungen\Dominik\Desktop\Online Security Guide.lnk C:\Dokumente und Einstellungen\Dominik\Favoriten\Online Security Guide.lnk C:\Programme\Blaxbdoh C:\Programme\Blaxbdoh\zbswzpel.dll C:\WINDOWS\system32\bjjlpasu.dll C:\WINDOWS\system32\jjkmp.ini C:\WINDOWS\system32\jjkmp.ini2 C:\WINDOWS\system32\pmkjj.dll C:\WINDOWS\system32\wwrmjwfx.dll C:\WINDOWS\system32\wwrmjwfx.dllbox C:\WINDOWS\system32\yaywwvs.dll . ((((((((((((((((((((((( Dateien erstellt von 2007-11-05 bis 2007-12-05 )))))))))))))))))))))))))))))) . 2007-12-03 15:35 . 2007-12-03 15:35 <DIR> d-------- C:\WINDOWS\system32\bwbkcnad 2007-12-03 15:35 . 2007-12-03 15:35 <DIR> d-------- C:\Programme\viboturk 2007-12-03 15:35 . 2007-12-03 15:36 1,148,902 --a------ C:\Install 2007-11-29 15:31 . 2007-11-29 15:31 20,291 --a------ C:\WINDOWS\system32\wbers.dat.dmp 2007-11-24 15:16 . 2007-11-24 15:16 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Microsoft Office Mobile 2007-11-24 15:10 . 2007-11-24 15:10 <DIR> d-------- C:\Programme\Wyrmkeep 2007-11-23 21:19 . 2007-11-23 21:19 <DIR> d-------- C:\Programme\Astraware 2007-11-23 14:26 . 2007-11-28 14:11 <DIR> d-------- C:\ijji 2007-11-21 14:51 . 2007-11-21 15:17 <DIR> d-------- C:\Programme\SuperScan 2007-11-16 16:57 . 2007-11-16 16:57 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Tibia 2007-11-15 16:24 . 2007-11-15 16:31 <DIR> d--hs---- C:\WINDOWS\system32\28463 2007-11-14 17:20 . 2007-11-14 17:25 <DIR> d-------- C:\Programme\GetRight 2007-11-14 16:54 . 2007-11-14 17:25 <DIR> d-------- C:\Programme\FlashGet 2007-11-14 16:54 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg 2007-11-12 07:19 . 2007-11-12 07:19 268 --ah----- C:\sqmdata03.sqm 2007-11-12 07:19 . 2007-11-12 07:19 244 --ah----- C:\sqmnoopt03.sqm 2007-11-11 15:43 . 2005-01-22 20:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll 2007-11-11 15:42 . 2007-11-11 16:28 <DIR> d-------- C:\Programme\WC3Banlist 2007-11-09 19:05 . 2007-11-09 19:05 <DIR> d-------- C:\Downloaded Videos 2007-11-09 19:04 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx 2007-11-09 14:30 . 2007-11-09 14:30 53 --a------ C:\WINDOWS\DVBData.INI 2007-11-07 16:12 . 2007-11-07 17:30 <DIR> d-------- C:\Programme\Hamachi 2007-11-07 15:32 . 2007-11-07 15:32 <DIR> d-------- C:\Programme\TeamViewer3 2007-11-07 15:32 . 2007-11-07 15:39 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\TeamViewer 2007-11-07 15:31 . 2007-11-07 15:31 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\temp . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 06:26 33,848 ----a-w C:\WINDOWS\system32\drivers\sbapifs.sys 2007-12-05 05:59 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2007-12-05 05:58 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Hamachi 2007-12-02 17:12 --------- d-----w C:\Programme\DivX 2007-11-30 17:51 --------- d-----w C:\Programme\TightVNC 2007-11-28 16:36 --------- d-----w C:\Programme\Teamspeak2_RC2 2007-11-27 20:25 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Babylon 2007-11-27 20:24 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon 2007-11-26 17:49 --------- d-----w C:\Programme\Tibia 2007-11-26 15:42 --------- d-----w C:\Programme\ICQ6 2007-11-26 14:32 --------- d-----w C:\Programme\Symantec 2007-11-26 14:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2007-11-25 14:57 --------- d-----w C:\Programme\World of Warcraft 2007-11-25 14:45 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Skype 2007-11-24 21:33 --------- d-----w C:\Programme\Microsoft ActiveSync 2007-11-18 20:16 --------- d-----w C:\Programme\Tibia Auto 2007-11-16 15:49 --------- d-----w C:\Programme\Warcraft III 2007-11-09 17:30 --------- d-----w C:\Programme\Diablo II 2007-11-07 15:12 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-28 19:36 --------- d-----w C:\Programme\GV Everest Pokernet 2007-10-27 14:39 --------- d-----w C:\Programme\Download Direct 2007-10-26 12:27 --------- d-----w C:\Programme\Java 2007-10-25 15:04 --------- d-----w C:\Programme\RouterControl 2007-10-25 15:04 --------- d-----w C:\Programme\1 2007-10-25 14:38 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\RapidGet 2007-10-22 14:02 --------- d-----w C:\Programme\Dream Aquarium 2007-10-20 04:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Oberongames 2007-10-19 12:12 --------- d-----w C:\Programme\PokerStars 2007-10-19 11:37 --------- d-----w C:\Programme\Babylon 2007-10-15 09:54 --------- d-----w C:\Programme\PDFCreator 2007-10-15 09:54 --------- d-----w C:\Programme\Hide IP Platinum 2007-10-15 09:54 --------- d-----r C:\Programme\Aston 2007-10-15 09:53 --------- d-----w C:\Programme\AV Vcs 5.0 DIAMOND 2007-10-15 09:07 --------- d-----w C:\Programme\TuneUp Utilities 2007 2007-10-15 09:07 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-10-15 08:54 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\TuneUp Software 2007-10-15 08:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2007-10-14 18:27 --------- d-----w C:\Programme\ElcomSoft 2007-10-11 15:54 --------- d--h--w C:\Programme\InstallShield Installation Information 2007-10-11 15:54 --------- d-----w C:\Programme\LifeScan 2007-10-11 14:39 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\OpenOffice.org2 2007-10-10 09:24 --------- d-----w C:\Programme\Ubisoft 2007-10-09 15:02 --------- d--h--r C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\SecuROM 2007-10-09 14:22 --------- d-----w C:\Programme\Atari 2007-10-05 11:41 --------- d-----w C:\Programme\SoftMaker Office 2006 (Trial) 2007-10-05 09:20 --------- d-----w C:\Programme\HashTab Shell Extension 2007-09-26 11:41 330,336 ----a-w C:\WINDOWS\RCoUn.EXE 2007-05-29 12:36 47,360 ----a-w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\pcouffin.sys 2006-06-10 19:52 56 --sh--r C:\WINDOWS\system32\1FC601D2E6.sys 2006-06-10 19:52 1,160 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-10-22 16:45] "T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 16:50] "WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:56] "msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] "H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41] "NVMixerTray"="C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\soundman.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52] "LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2005-01-18 16:47] "LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2005-01-18 16:37] "type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50] "PRISMSVR.EXE"="C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.exe" [2004-04-26 13:26] "ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2006-01-06 11:12] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-05-20 16:44] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-05-15 13:20] "CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46] "ToADiMon.exe"="C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 09:04] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-07-30 13:27] "T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 16:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2007-04-27 12:10 18744 C:\WINDOWS\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wwrmjwfx] wwrmjwfx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkjj.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Programme\BitTorrent\bittorrent.exe --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLASC] 2007-02-06 15:43 1680896 --a------ C:\Programme\World of Warcraft\BLASC\BLASC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater] C:\Programme\DynDNS Updater\DynDNS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-02-23 15:45 278528 --a------ C:\Programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message-Bob] C:\Dokumente und Einstellungen\Dominik\Eigene Dateien\Message-Bob.exe /a [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IECheck"=C:\WINDOWS\IECheck.exe "H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" "Steam"="c:\programme\valve\steam\steam.exe" -silent "CryptLoad"=C:\Dokumente und Einstellungen\Dominik\Desktop\httpwww.serienjunkies.dl.am\cl08seCu13\RouterClient.exe "MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VirtualCloneDrive"="C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s "SBCSTray"=C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe "Babylon Client"=C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart "RouterControl"=C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE "OPSE reminder"="C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini" "OpwareSE2"="C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" "ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys R1 SSHDRV85;SSHDRV85;\??\C:\WINDOWS\system32\drivers\SSHDRV85.sys R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 DT154_A02;Sinus 154 data II Driver;C:\WINDOWS\system32\DRIVERS\TS154USB.sys R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS R3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys R3 TT7146KS;TechnoTrend SAA7146 Capture (WDM);C:\WINDOWS\system32\DRIVERS\TT7146KS.sys S2 EZWRIT3;EZWRIT3;C:\WINDOWS\system32\Drivers\ezwrit3.sys S3 APLOADER;APLOADER;C:\WINDOWS\system32\drivers\ApLoader.sys S3 CEDRIVER52;CEDRIVER52;\??\C:\Programme\Cheat Engine\dbk32.sys S3 CEDRIVER53;CEDRIVER53;\??\C:\Dokumente und Einstellungen\Dominik\Desktop\SNES Romz\Neuer Ordner (2)\Cheat Engine\dbk32.sys S3 MIINPazX;MIINPazX NDIS Protocol Driver;\??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;\??\C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis1\MTOnlPktAlyX.SYS S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 puma1;puma1;\??\C:\Dokumente und Einstellungen\Dominik\Desktop\SNES Romz\Neuer Ordner (4)\puma.sys S3 Revolution1;Revolution1;\??\C:\Dokumente und Einstellungen\Dominik\Desktop\SNES Romz\Neuer Ordner (7)\SHAK3.sys S3 SAA7146n;TT DVB-PCI driver (SAA7146n);C:\WINDOWS\system32\DRIVERS\saa7146n.sys S3 TODslService;T-Online DSL-Manager;"C:\Programme\T-Online\DSL-Manager\TODslSvc.exe" S3 TSHAK3T1;TSHAK3T1;\??\C:\Dokumente und Einstellungen\Dominik\Desktop\SNES Romz\RE 3.2\spuce.sys S3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\ttloophe.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6593ccf9-db8e-11da-b53a-806d6172696f}] \Shell\AutoRun\command - D:\ASUSACPI.exe *Newly Created Service* - SBAPIFS [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3DBC92A8-61EC-5C3C-4513-B252BEF3DFBF}] C:\WINDOWS\system32\Miicrosofttt\hallll2.exe s . Inhalt des "geplante Tasks" Ordners "2007-11-30 16:45:17 C:\WINDOWS\Tasks\1-Klick-Wartung.job" - C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe "2007-11-30 19:00:58 C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - Dominik.job" . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 07:26:25 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "T-Online_Software_6\\WLAN-Access Finder"="C:\\Programme\\T-Online\\WLAN-Access Finder\\ToWLaAcF.exe /StartMinimized" . Zeit der Fertigstellung: 2007-12-05 7:34:58 - machine was rebooted C:\ComboFix2.txt ... 2007-12-04 21:45 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:55:53, on 05.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\OnlineControl\ocontrol.exe C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe C:\Programme\Hamachi\hamachi.exe C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\notepad.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~2\Notifier\Notifier.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaSUpdate.exe C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE C:\Programme\MSN Messenger\usnsvc.exe C:\Dokumente und Einstellungen\Dominik\Desktop\protectus\Neuer Ordner\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Startup: hamachi.lnk = C:\Programme\Hamachi\hamachi.exe O4 - Startup: Rapidown.lnk = C:\Programme\Rapidown\rapidown.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe O4 - Global Startup: T-Com WLAN Manager.lnk = C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download all by Rapidown... - C:\Programme\Rapidown\RapidownGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Programme\Rapidown\RapidownGet.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programme\Rapidown\Rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programme\Rapidown\Rapidown.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146828224656 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://games-de.icq.com/online/online2/zuma/oberongamesloader.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{425EC079-00E3-4D37-A3AC-61C3037C17D5}: NameServer = 192.168.2.3,192.168.2.4 O20 - Winlogon Notify: wwrmjwfx - wwrmjwfx.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec pcAnywhere Host-Dienst (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe -- End of file - 16435 bytes |
|
|
||
05.12.2007, 15:36
Ehrenmitglied
Beiträge: 6028 |
#4
Entferne auf C:\ Qoobox-->Papierkorb leeren
Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) klicke: Fix checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Mache das mit cfscript.txt nochmal aber kopiere jetzt folgendes rein Folder:: C:\WINDOWS\system32\bwbkcnad C:\Programme\viboturk Dirlook:: C:\Install __________ MfG Argus |
|
|
||
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1373 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Dominik\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten.\xkpstgpm.dll
C:\Dokumente und Einstellungen\All Users\Startmenü\Live Safety Center.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.lnk
C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\addon.dat
C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\inst.exe
C:\Dokumente und Einstellungen\Dominik\Desktop\Live Safety Center.lnk
C:\Dokumente und Einstellungen\Dominik\Desktop\Online Security Guide.lnk
C:\Dokumente und Einstellungen\Dominik\Favoriten\Online Security Guide.lnk
C:\WINDOWS\system32\__c00C71B2.dat
C:\WINDOWS\system32\hnvflvha.dll
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\mgplakum.ini
C:\WINDOWS\system32\mukalpgm.dll
C:\WINDOWS\system32\qtbrbddt.exe
C:\WINDOWS\system32\sylfkmgl.dll
C:\WINDOWS\system32\wwrmjwfx.dllbox
C:\WINDOWS\system32\yayywur.dll
.
((((((((((((((((((((((( Dateien erstellt von 2007-11-04 bis 2007-12-04 ))))))))))))))))))))))))))))))
.
2007-12-04 16:57 . 2007-12-04 16:57 145,984 --a------ C:\WINDOWS\system32\wwrmjwfx.dll
2007-12-04 16:56 . 2007-12-04 16:56 145,984 --a------ C:\WINDOWS\system32\bjjlpasu.dll
2007-12-03 16:54 . 2007-12-03 16:54 321,120 --a------ C:\WINDOWS\system32\pmkjj.dll
2007-12-03 15:35 . 2007-12-03 15:35 <DIR> d-------- C:\WINDOWS\system32\bwbkcnad
2007-12-03 15:35 . 2007-12-03 15:35 <DIR> d-------- C:\Programme\viboturk
2007-12-03 15:35 . 2007-12-03 15:35 <DIR> d-------- C:\Programme\Blaxbdoh
2007-12-03 15:35 . 2007-12-03 15:36 1,148,902 --a------ C:\Install
2007-12-03 15:35 . 2007-12-03 15:35 37,888 --a------ C:\WINDOWS\system32\yaywwvs.dll
2007-11-29 15:31 . 2007-11-29 15:31 20,291 --a------ C:\WINDOWS\system32\wbers.dat.dmp
2007-11-24 15:16 . 2007-11-24 15:16 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Microsoft Office Mobile
2007-11-24 15:10 . 2007-11-24 15:10 <DIR> d-------- C:\Programme\Wyrmkeep
2007-11-23 21:19 . 2007-11-23 21:19 <DIR> d-------- C:\Programme\Astraware
2007-11-23 14:26 . 2007-11-28 14:11 <DIR> d-------- C:\ijji
2007-11-21 14:51 . 2007-11-21 15:17 <DIR> d-------- C:\Programme\SuperScan
2007-11-16 16:57 . 2007-11-16 16:57 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Tibia
2007-11-15 16:24 . 2007-11-15 16:31 <DIR> d--hs---- C:\WINDOWS\system32\28463
2007-11-14 17:20 . 2007-11-14 17:25 <DIR> d-------- C:\Programme\GetRight
2007-11-14 16:54 . 2007-11-14 17:25 <DIR> d-------- C:\Programme\FlashGet
2007-11-14 16:54 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-11-12 07:19 . 2007-11-12 07:19 268 --ah----- C:\sqmdata03.sqm
2007-11-12 07:19 . 2007-11-12 07:19 244 --ah----- C:\sqmnoopt03.sqm
2007-11-11 15:43 . 2005-01-22 20:12 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-11-11 15:42 . 2007-11-11 16:28 <DIR> d-------- C:\Programme\WC3Banlist
2007-11-09 19:05 . 2007-11-09 19:05 <DIR> d-------- C:\Downloaded Videos
2007-11-09 19:04 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2007-11-09 14:30 . 2007-11-09 14:30 53 --a------ C:\WINDOWS\DVBData.INI
2007-11-07 16:12 . 2007-11-07 17:30 <DIR> d-------- C:\Programme\Hamachi
2007-11-07 15:32 . 2007-11-07 15:32 <DIR> d-------- C:\Programme\TeamViewer3
2007-11-07 15:32 . 2007-11-07 15:39 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\TeamViewer
2007-11-07 15:31 . 2007-11-07 15:31 <DIR> d-------- C:\Dokumente und Einstellungen\Dominik\temp
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 20:35 33,848 ----a-w C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-04 20:06 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-12-04 20:04 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Hamachi
2007-12-02 17:12 --------- d-----w C:\Programme\DivX
2007-11-30 17:51 --------- d-----w C:\Programme\TightVNC
2007-11-28 16:36 --------- d-----w C:\Programme\Teamspeak2_RC2
2007-11-27 20:25 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Babylon
2007-11-27 20:24 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
2007-11-26 17:49 --------- d-----w C:\Programme\Tibia
2007-11-26 15:42 --------- d-----w C:\Programme\ICQ6
2007-11-26 14:32 --------- d-----w C:\Programme\Symantec
2007-11-26 14:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2007-11-25 14:57 --------- d-----w C:\Programme\World of Warcraft
2007-11-25 14:45 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Skype
2007-11-24 21:33 --------- d-----w C:\Programme\Microsoft ActiveSync
2007-11-18 20:16 --------- d-----w C:\Programme\Tibia Auto
2007-11-16 15:49 --------- d-----w C:\Programme\Warcraft III
2007-11-09 17:30 --------- d-----w C:\Programme\Diablo II
2007-11-09 17:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-07 15:12 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-28 19:36 --------- d-----w C:\Programme\GV Everest Pokernet
2007-10-27 14:39 --------- d-----w C:\Programme\Download Direct
2007-10-26 12:27 --------- d-----w C:\Programme\Java
2007-10-25 15:04 --------- d-----w C:\Programme\RouterControl
2007-10-25 15:04 --------- d-----w C:\Programme\1
2007-10-25 14:38 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\RapidGet
2007-10-22 14:02 --------- d-----w C:\Programme\Dream Aquarium
2007-10-20 04:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Oberongames
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-19 12:12 --------- d-----w C:\Programme\PokerStars
2007-10-19 11:37 --------- d-----w C:\Programme\Babylon
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-15 13:05 2,278,400 ----a-w C:\WINDOWS\system32\TUKernel.exe
2007-10-15 09:54 --------- d-----w C:\Programme\PDFCreator
2007-10-15 09:54 --------- d-----w C:\Programme\Hide IP Platinum
2007-10-15 09:54 --------- d-----r C:\Programme\Aston
2007-10-15 09:53 --------- d-----w C:\Programme\AV Vcs 5.0 DIAMOND
2007-10-15 09:07 --------- d-----w C:\Programme\TuneUp Utilities 2007
2007-10-15 09:07 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-10-15 08:54 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\TuneUp Software
2007-10-15 08:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2007-10-14 18:27 --------- d-----w C:\Programme\ElcomSoft
2007-10-11 15:54 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-10-11 15:54 --------- d-----w C:\Programme\LifeScan
2007-10-11 14:39 --------- d-----w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\OpenOffice.org2
2007-10-10 09:24 --------- d-----w C:\Programme\Ubisoft
2007-10-09 15:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-09 15:02 --------- d--h--r C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\SecuROM
2007-10-09 14:22 --------- d-----w C:\Programme\Atari
2007-10-05 11:41 --------- d-----w C:\Programme\SoftMaker Office 2006 (Trial)
2007-10-05 09:20 --------- d-----w C:\Programme\HashTab Shell Extension
2007-09-26 11:41 330,336 ----a-w C:\WINDOWS\RCoUn.EXE
2007-09-10 09:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-05-29 12:36 47,360 ----a-w C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\pcouffin.sys
2006-06-10 19:52 56 --sh--r C:\WINDOWS\system32\1FC601D2E6.sys
2006-06-10 19:52 1,160 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245A6CD4-5EA9-B9EB-791A-06F67243094D}]
2007-12-03 15:35 102400 --a------ C:\Programme\Blaxbdoh\zbswzpel.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B7765D7-A4F4-4CD6-BD09-86FEBB85DBD1}]
2007-12-03 16:54 321120 --a------ C:\WINDOWS\system32\pmkjj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-04 16:57 145984 --a------ C:\WINDOWS\system32\wwrmjwfx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wwrmjwfx.dll [2007-12-04 16:57 145984]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Programme\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-10-22 16:45]
"T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 16:50]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:56]
"msnmsgr"="C:\Programme\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"NVMixerTray"="C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\soundman.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"LogitechVideoRepair"="C:\Programme\Logitech\Video\ISStart.exe" [2005-01-18 16:47]
"LogitechVideoTray"="C:\Programme\Logitech\Video\LogiTray.exe" [2005-01-18 16:37]
"type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50]
"PRISMSVR.EXE"="C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.exe" [2004-04-26 13:26]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2006-01-06 11:12]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-05-20 16:44]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-05-15 13:20]
"CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
"ToADiMon.exe"="C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 09:04]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.exe" [2007-07-30 13:27]
"T-Online_Software_6\WLAN-Access Finder"="C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 16:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2007-04-27 12:10 18744 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineak32]
wineak32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpsa32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wwrmjwfx]
wwrmjwfx.dll 2007-12-04 16:57 145984 C:\WINDOWS\system32\wwrmjwfx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkjj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Programme\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLASC]
2007-02-06 15:43 1680896 --a------ C:\Programme\World of Warcraft\BLASC\BLASC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
C:\Programme\DynDNS Updater\DynDNS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 15:45 278528 --a------ C:\Programme\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message-Bob]
C:\Dokumente und Einstellungen\Dominik\Eigene Dateien\Message-Bob.exe /a
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe /nosplash /minimized
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IECheck"=C:\WINDOWS\IECheck.exe
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"Steam"="c:\programme\valve\steam\steam.exe" -silent
"CryptLoad"=C:\Dokumente und Einstellungen\Dominik\Desktop\httpwww.serienjunkies.dl.am\cl08seCu13\RouterClient.exe
"MsnMsgr"="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SBCSTray"=C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
"Babylon Client"=C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"RouterControl"=C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
"OPSE reminder"="C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Programme\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
"OpwareSE2"="C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6593ccf9-db8e-11da-b53a-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe
*Newly Created Service* - SBAPIFS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3DBC92A8-61EC-5C3C-4513-B252BEF3DFBF}]
C:\WINDOWS\system32\Miicrosofttt\hallll2.exe s
.
Inhalt des "geplante Tasks" Ordners
"2007-11-30 16:45:17 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-30 19:00:58 C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - Dominik.job"
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 21:34:33
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Eintr„ge...
Scanne versteckte Dateien...
C:\WINDOWS\system32\jjkmp.ini 368 bytes
C:\WINDOWS\system32\wwrmjwfx.dllbox 20810 bytes
Scan erfolgreich abgeschlossen
versteckte Dateien: 2
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Online_Software_6\\WLAN-Access Finder"="C:\\Programme\\T-Online\\WLAN-Access Finder\\ToWLaAcF.exe /StartMinimized"
.
Zeit der Fertigstellung: 2007-12-04 21:45:09 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:22, on 04.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Dominik\Desktop\protectus\Neuer Ordner\HJT.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {245A6CD4-5EA9-B9EB-791A-06F67243094D} - C:\Programme\Blaxbdoh\zbswzpel.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7B7765D7-A4F4-4CD6-BD09-86FEBB85DBD1} - C:\WINDOWS\system32\pmkjj.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\Programme\Rapidown\rapi310.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wwrmjwfx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wwrmjwfx.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Programme\Hamachi\hamachi.exe
O4 - Startup: Rapidown.lnk = C:\Programme\Rapidown\rapidown.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: T-Com WLAN Manager.lnk = C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by Rapidown... - C:\Programme\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Programme\Rapidown\RapidownGet.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programme\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programme\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146828224656
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://games-de.icq.com/online/online2/zuma/oberongamesloader.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{425EC079-00E3-4D37-A3AC-61C3037C17D5}: NameServer = 192.168.2.3,192.168.2.4
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\
O20 - Winlogon Notify: wwrmjwfx - C:\WINDOWS\SYSTEM32\wwrmjwfx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Host-Dienst (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
--
End of file - 16884 bytes
04.12.2007 21:48 6.535 jjkmp.ini
04.12.2007 21:48 20.810 wwrmjwfx.dllbox
04.12.2007 21:46 6.535 jjkmp.ini2
04.12.2007 21:37 13.646 wpa.dbl
04.12.2007 16:57 145.984 wwrmjwfx.dll
04.12.2007 16:56 145.984 bjjlpasu.dll
03.12.2007 17:49 63.324 perfc009.dat
03.12.2007 17:49 404.104 perfh009.dat
03.12.2007 17:49 76.212 perfc007.dat
03.12.2007 17:49 419.300 perfh007.dat
03.12.2007 17:49 974.848 PerfStringBackup.INI
03.12.2007 16:54 321.120 pmkjj.dll
03.12.2007 15:35 37.888 yaywwvs.dll
30.11.2007 21:31 41 Filzip.ini
30.11.2007 14:52 1.197 lvcoinst.log
29.11.2007 15:31 20.291 wbers.dat.dmp
09.11.2007 18:11 43.520 CmdLineExt03.dll
02.11.2007 08:12 18.238.072 MRT.exe
29.10.2007 16:07 373.760 xpsp3res.dll
26.10.2007 13:27 5.686 jupdate-1.6.0_03-b05.log
25.10.2007 17:42 8.501.248 shell32.dll
20.10.2007 01:56 10.152 dsm_de.qm
20.10.2007 01:56 524.288 DivXsm.exe
20.10.2007 01:56 4.816 divxsm.tlb
20.10.2007 01:56 3.596.288 qt-dx331.dll
20.10.2007 01:56 1.044.480 libdivx.dll
20.10.2007 01:56 200.704 ssldivx.dll
20.10.2007 01:54 416 dtu100.dll.manifest
20.10.2007 01:54 196.608 dtu100.dll
20.10.2007 01:54 81.920 dpl100.dll
20.10.2007 01:54 416 dpl100.dll.manifest
20.10.2007 01:54 823.296 divx_xx0c.dll
20.10.2007 01:54 823.296 divx_xx07.dll
20.10.2007 01:54 802.816 divx_xx11.dll
20.10.2007 01:54 739.840 DivX.dll
20.10.2007 01:54 729.088 divxdec.ax
19.10.2007 12:38 9.728 BASSMOD.dll
18.10.2007 10:06 156.992 DivXCodecVersionChecker.exe
18.10.2007 10:03 593.920 dpuGUI11.dll
18.10.2007 10:03 294.912 dpu11.dll
18.10.2007 10:03 294.912 dpu10.dll
18.10.2007 10:03 57.344 dpv11.dll
18.10.2007 10:03 53.248 dpuGUI10.dll
18.10.2007 10:03 344.064 dpus11.dll
18.10.2007 10:02 12.288 DivXWMPExtType.dll
18.10.2007 10:02 8.523 dpude.qm
18.10.2007 10:02 3.136 dtu_de.qm
15.10.2007 14:05 2.278.400 TUKernel.exe
09.10.2007 16:02 107.888 CmdLineExt.dll
27.09.2007 14:06 16.832 amcompat.tlb
27.09.2007 14:06 23.392 nscompat.tlb
26.09.2007 17:05 12.288 advpack.dll.mui
24.09.2007 22:31 69.632 javacpl.cpl
24.09.2007 22:31 139.264 javaws.exe
24.09.2007 21:30 135.168 javaw.exe
24.09.2007 21:30 135.168 java.exe
15.09.2007 20:30 27 mcheck.mhf
13.09.2007 15:45 4.445 ijjiSetup.log
10.09.2007 10:55 692.224 ijjiSetup.exe
Seid gestern 03.12.2007 ist unten in meiner Taskleiste ein gelbes Warndreieck welches einem als Pop ups über irgendwelche angeblich vorhandenen Trojaner zeigt mich auf systemverlangsamungen hinweist und alle paar Minuten den Internet Explorer öffnet und mir sozusagen sagt, dass ich mir irgendwelche Anti Viren Software von Mysteriösen Seiten downloaden soll. Ich bin schonmal mit Counter Spy drüber gegangen hat aber leider nichts genutzt.
MfG
Serdradox