fservice exe fehler

#1 hallo ich habe genau das selbe problem mit fservice exe datei, jedes mal wenn ich den rechner hochfahre erscheint diese fehlermeldung ich habe schon einen logfile von hijackthis erstellt....bitte um dringende hilfe
thomasio

Hier der logfile:
Logfile of HijackThis v1.99.1
Scan saved at 15:42:01, on 20.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
D:\spd.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Time-Sync\TimeSyncServiceClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Defenza\pcd-as.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\System32\svchost.exe
D:\cFosSpeed.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\MSN Messenger\usnsvc.exe
D:\PTBSync\PTBSync.exe
C:\Programme\AOL 9.0 VRa\waol.exe
C:\Programme\AOL 9.0 VRa\shellmon.exe
C:\Programme\ErrorSmart\ErrorSmart.exe
C:\Programme\Gemeinsame Dateien\AOL\Topspeed\3.0\aoltpsd3.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Hilu\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCDefender] C:\Programme\E-Press\PC Defender\bin\ClamTray.exe --logon
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCDAS] C:\Programme\Defenza\pcd-as.exe /10000
O4 - HKLM\..\Run: [EasyAntivirus] C:\Programme\EasyAntivirus\bin\ClamTray.exe --logon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [cFosSpeed] D:\cFosSpeed.exe
O4 - HKLM\..\Run: [PTBSync] D:\PTBSync\PTBSync.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AntiSpyware] D:\AntiSpywareApp\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Programme\AOL 9.0 VRa\AOL.EXE" -b
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\GROEPR~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.debitel.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader5.cab?nocache=20080115-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{287D6F3B-66EB-400E-8B00-E8450C554DD9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{64ED70E9-912B-4686-AA5F-C3F09157F563}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{A776ADD3-A877-4FC9-ADDC-0DE9D7FF20F9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA6CC07A-813A-4AE6-B43E-44F795AA7A35}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{B37EAD3B-2A7A-413A-A63D-B39AB3C2C021}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA90478-89DC-4625-BB2F-972D40B76B91}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{287D6F3B-66EB-400E-8B00-E8450C554DD9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Time-Sync Client (ServiceTimeSyncClient) - Speed-Soft - C:\Programme\Time-Sync\TimeSyncServiceClient.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Große Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#2 thomasio

1.
lade fixwareout (noch nicht anwenden)
http://www.virus-protect.org/artikel/tools/fixwareout.html

2.
HijackThis
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [PCDAS] C:\Programme\Defenza\pcd-as.exe /10000

O4 - HKLM\..\Run: [EasyAntivirus] C:\Programme\EasyAntivirus\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ErrorSmart] C:\Programme\ErrorSmart\ErrorSmart.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{287D6F3B-66EB-400E-8B00-E8450C554DD9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{64ED70E9-912B-4686-AA5F-C3F09157F563}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{A776ADD3-A877-4FC9-ADDC-0DE9D7FF20F9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA6CC07A-813A-4AE6-B43E-44F795AA7A35}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{B37EAD3B-2A7A-413A-A63D-B39AB3C2C021}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA90478-89DC-4625-BB2F-972D40B76B91}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{287D6F3B-66EB-400E-8B00-E8450C554DD9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26

3.
wende fixwareout an

4.
pc wird automatisch neustarten, falls nicht, starte du neu

5.
poste hier den report von fixwareout

6.
wende Combofix an - poste hier den Report
http://www.virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 so hier is der fixwareout report
mfg thomasio

Username "Hilu" - 20.01.2008 19:55:27 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{287D6F3B-66EB-400E-8B00-E8450C554DD9}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{AA6CC07A-813A-4AE6-B43E-44F795AA7A35}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FAEF5795-5B18-439C-82C5-80C7FE45BE0A}
"DhcpNameServer"="85.255.114.54,85.255.112.26" <Value cleared.

Der DNS-Auflösungscache wurde geleert.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Dit"="Dit.exe"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"HotKey"="C:\\WINDOWS\\Twain_32\\SlimU2TA\\HotKey.exe"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1165609237\\ee\\AOLSoftware.exe"
"PCDefender"="C:\\Programme\\E-Press\\PC Defender\\bin\\ClamTray.exe --logon"
"QuickTime Task"="\"E:\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"LifeCam"="\"C:\\Programme\\Microsoft LifeCam\\LifeExp.exe\""
"VX1000"="C:\\WINDOWS\\vVX1000.exe"
"DAEMON Tools"="\"D:\\DAEMON Tools\\daemon.exe\" -lang 1033"
"cFosSpeed"="D:\\cFosSpeed.exe"
"PTBSync"="D:\\PTBSync\\PTBSync.exe /Start"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"AntiSpyware"="D:\\AntiSpywareApp\\AntiSpyware.exe -boot"
"AOL Fast Start"="\"C:\\Programme\\AOL 9.0 VRa\\AOL.EXE\" -b"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#4 o.k.
nun poste das log von Combofix
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 leider ist der log von combofix nicht erschienen sondern das fenster hat sich einfach geschlossen obwohl ich den anweisungen exakt gefolgt bin

mfg thomasio

#6 poste alle logs von complet.bat
http://www.virus-protect.org/completbat.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7 hier sind die logs

Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED

Verzeichnis von C:\

2006-01-27 21:39 0 afile.txt
2006-01-27 21:39 0 aperf.txt
2006-01-27 21:39 0 asize.txt
2004-02-03 19:34 0 AUTOEXEC.BAT
2006-04-26 18:13 211 boot.ini
2002-08-29 13:00 4,952 bootfont.bin
2004-02-03 19:34 0 CONFIG.SYS
2008-01-21 09:32 0 DC.txt
2005-12-01 14:42 2,877 debugInstaller.txt
2005-07-06 13:29 411,136 DOKUM2
2004-09-01 13:49 1,165,312 Druckstudio.exe
2006-11-17 15:33 190 drwtsn32.log
2006-12-24 17:41 1 DXOkay.bin
1997-09-12 17:41 63,488 eztw32.dll
2004-12-26 12:10 38 FantasyDruckstudio.isu
2008-01-21 09:20 536,399,872 hiberfil.sys
2007-07-04 16:34 230,424 img2-001.raw
2007-07-03 17:18 230,424 img2-002.raw
2006-02-12 17:09 1,178 INSTALL.LOG
2004-02-03 19:34 0 IO.SYS

2004-02-03 19:34 0 MSDOS.SYS
2006-04-26 18:05 47,564 NTDETECT.COM
2006-04-26 18:05 251,184 ntldr
2008-01-21 09:20 805,306,368 pagefile.sys
2000-05-02 05:17 212,480 PCDLIB32.DLL
2006-02-04 17:43 4,884 PRISM.log
2006-02-04 17:43 5,824 RNDIS.log
2004-12-12 15:56 0 s3uc
2007-03-16 13:20 58 TESTFILE
2001-05-24 12:59 162,304 UNWISE.EXE
2006-02-04 17:43 26,835 XPWIFI.log
2007-01-25 20:56 146 YServer.txt
103 Datei(en) 1,357,983,622 Bytes
0 Verzeichnis(se), 56,070,295,552 Bytes frei


Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED

Verzeichnis von C:\

2006-06-08 11:48 <DIR> CL
2008-01-20 21:14 <DIR> ComboFix
2005-05-27 15:46 <DIR> DigibibDALit
2007-05-22 06:00 <DIR> Dokumente und Einstellungen
2008-01-20 20:06 <DIR> fixwareout
2006-09-10 11:28 <DIR> Games
2004-12-24 21:09 <DIR> Help
2004-12-12 15:55 <DIR> iEntertainment Network
2004-12-24 21:09 <DIR> Interf
2007-07-18 16:28 <DIR> LEMMINGS
2006-04-18 21:37 <DIR> Medion
2004-09-04 20:05 <DIR> MWASPI
2004-02-04 08:21 <DIR> My Music
2005-09-11 12:06 <DIR> pc-bib
2007-10-19 09:28 <DIR> Phenomedia AG
2004-12-24 21:09 <DIR> Plugins
2005-07-15 13:16 <DIR> pointsoft
2007-04-13 10:02 <DIR> Program Files
2008-01-07 21:41 <DIR> Programme
2008-01-20 21:13 <DIR> QooBox
2005-09-05 16:31 <DIR> RECYCLER
2004-05-09 14:15 <DIR> Software
2007-01-10 17:28 <DIR> Sun
2008-01-20 20:13 <DIR> System Volume Information
2007-12-04 16:29 <DIR> temp
2008-01-21 09:21 <DIR> WINDOWS
0 Datei(en) 0 Bytes
26 Verzeichnis(se), 56,070,287,360 Bytes frei


Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED

Verzeichnis von C:\Programme



Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED

Verzeichnis von C:\Programme

2008-01-07 21:41 <DIR> .
2008-01-07 21:41 <DIR> ..
2005-12-16 20:11 <DIR> Adobe
2006-02-04 19:13 <DIR> Ahead
2007-09-27 18:27 <DIR> AOL
2007-05-20 11:23 <DIR> AOL 9.0
2006-12-22 17:57 <DIR> AOL 9.0 VR
2007-12-27 22:56 <DIR> AOL 9.0 VRa
2007-05-14 18:15 <DIR> AOL 9.0a
2004-02-04 01:11 <DIR> ATI Technologies
2006-07-08 08:33 <DIR> Bertelsmann
2006-02-22 12:03 <DIR> bhv
2006-11-21 20:30 <DIR> BitTornado
2005-09-11 10:17 <DIR> Brockhaus Multimedia
2007-04-13 09:57 <DIR> C-Media 3D Audio
2004-03-29 19:39 <DIR> CA
2006-12-23 23:15 <DIR> CCleaner
2005-06-12 12:56 <DIR> Changes
2004-02-07 15:59 <DIR> Common Files
2004-02-03 19:32 <DIR> ComPlus Applications
2006-03-18 19:18 <DIR> CyberLink
2008-01-02 09:38 <DIR> DaemonTools_WhenUSave_Installer
2005-03-12 17:55 <DIR> DATA BECKER
2008-01-19 09:13 <DIR> Defenza
2005-07-03 05:47 <DIR> directx
2004-02-04 18:20 <DIR> DivX
2006-12-15 15:11 <DIR> E-Press
2007-12-09 15:00 <DIR> EA SPORTS
2007-01-09 15:26 <DIR> EasyAntivirus
2007-12-21 19:34 <DIR> Elcomsoft
2008-01-08 17:11 <DIR> ErrorSmart
2007-01-11 00:21 <DIR> ESTsoft
2006-06-11 12:14 <DIR> Fargus
2006-03-04 17:05 <DIR> FRITZ!Box
2007-04-08 14:06 <DIR> Gemeinsame Dateien
2007-12-09 15:19 <DIR> Google
2007-03-16 13:36 <DIR> greenstreet
2006-03-18 23:47 <DIR> Home Cinema
2007-11-06 12:03 <DIR> ICQ6
2008-01-19 20:38 <DIR> ICQToolbar
2008-01-02 12:19 <DIR> InstallShield Installation Information
2007-03-16 13:08 <DIR> Intel
2008-01-20 20:25 <DIR> Internet Explorer
2005-07-16 07:25 <DIR> Jardinains!
2007-10-06 09:00 <DIR> Java
2006-03-04 14:45 <DIR> Logitech
2004-08-12 06:56 <DIR> Managed DirectX (0900)
2004-02-04 02:59 <DIR> Medion Tools
2007-03-16 13:01 <DIR> MegaSystems
2006-11-09 19:51 <DIR> Messenger
2007-10-07 18:59 <DIR> Messenger Plus! Live
2004-02-04 19:35 <DIR> Microsoft AutoRoute
2007-05-08 18:14 <DIR> Microsoft CAPICOM 2.1.0.2
2004-02-04 19:46 <DIR> Microsoft Encarta
2004-02-03 19:34 <DIR> microsoft frontpage
2007-04-13 20:46 <DIR> Microsoft Games
2007-06-22 14:02 <DIR> Microsoft LifeCam
2004-02-04 19:27 <DIR> Microsoft Office
2007-12-06 19:48 <DIR> Microsoft Picture It! 9
2004-02-04 19:27 <DIR> Microsoft Visual Studio
2004-02-04 19:30 <DIR> Microsoft Works
2004-02-04 19:21 <DIR> Microsoft Works Suite 2004
2006-04-26 18:11 <DIR> Movie Maker
2008-01-18 09:25 <DIR> Mozilla Firefox
2004-02-03 19:32 <DIR> MSN
2004-02-03 19:32 <DIR> MSN Gaming Zone
2008-01-07 19:53 <DIR> MSN Messenger
2006-11-17 15:32 <DIR> MSXML 4.0
2006-02-27 20:16 <DIR> MUSICMATCH
2004-02-04 18:31 <DIR> muvee Technologies
2006-04-26 18:08 <DIR> NetMeeting
2004-02-04 08:22 <DIR> Nullsoft
2004-02-03 19:32 <DIR> Online Services
2004-02-03 19:33 <DIR> Online-Dienste
2007-06-13 14:54 <DIR> Outlook Express
2004-09-04 20:02 <DIR> PIXELA
2006-11-06 21:22 <DIR> PTP2004
2007-03-16 13:13 <DIR> QuickTime
2004-02-04 08:21 <DIR> Real
2005-07-26 11:04 <DIR> sixteen tons entertainment
2005-05-06 07:40 <DIR> Sony Corporation
2007-04-08 14:06 <DIR> Sony Ericsson
2004-03-29 19:15 <DIR> Speed Disk
2004-05-09 14:24 <DIR> SpeedProject
2007-02-04 17:58 <DIR> Time-Sync
2007-04-10 20:37 <DIR> TuneUp Utilities 2007
2008-01-11 13:04 <DIR> TuneUp Utilities 2008
2006-02-05 15:20 <DIR> Ulead Systems
2004-09-06 13:07 <DIR> Uninstall Information
2004-02-06 10:23 <DIR> USB Wireless Keyboard Driver
2007-06-27 15:48 <DIR> ViaVoice Outloud
2007-01-13 11:59 <DIR> VideoLAN
2004-02-03 19:47 <DIR> Windows Journal Viewer
2007-10-08 07:16 <DIR> Windows Live
2007-11-30 16:27 <DIR> Windows Live Favorites
2007-11-30 16:27 <DIR> Windows Live Toolbar
2006-12-19 21:44 <DIR> Windows Media Connect 2
2006-12-19 21:44 <DIR> Windows Media Player
2006-04-26 18:08 <DIR> Windows NT
2006-03-18 13:12 <DIR> WindowsUpdate
2004-05-09 14:16 <DIR> WinRAR
2007-07-24 10:29 <DIR> WinZip
2004-02-09 19:21 <DIR> X10 Hardware
2004-02-03 19:34 <DIR> xerox
2007-01-25 20:56 <DIR> Yahoo!
2006-02-07 01:24 <DIR> Zone Labs
2008-01-19 11:54 <DIR> Zylom Games
0 Datei(en) 0 Bytes
107 Verzeichnis(se), 56,070,279,168 Bytes frei



Verzeichnis von C:\WINDOWS

2008-01-21 09:21 <DIR> .
2008-01-21 09:21 <DIR> ..
2008-01-20 20:01 <DIR> $hf_mig$
2006-05-23 09:19 <DIR> $MSI31Uninstall_KB893803v2$
2006-04-26 18:03 <DIR> $NtServicePackUninstall$
2006-12-18 21:35 <DIR> $NtServicePackUninstallIDNMitigationAPIs$
2006-12-18 21:34 <DIR> $NtServicePackUninstallNLSDownlevelMapping$

2004-02-04 01:30 <DIR> addins
2006-12-20 10:32 <DIR> AppPatch
2006-08-03 11:07 <DIR> assembly
2006-08-23 22:00 <DIR> Cache
2004-02-03 20:27 <DIR> Config
2004-02-03 20:27 <DIR> Connection Wizard
2004-02-03 19:32 <DIR> Cursors
2007-04-03 09:02 <DIR> Debug
2007-04-08 14:04 <DIR> Downloaded Installations
2008-01-19 17:43 <DIR> Downloaded Program Files
2004-02-03 20:27 <DIR> Driver Cache
2006-04-26 17:59 <DIR> EHome
2008-01-20 20:25 <DIR> erdnt
2008-01-20 14:57 <DIR> Fonts
2006-02-12 17:58 <DIR> ftpcache
2007-08-21 07:15 <DIR> Help
2004-02-04 03:25 <DIR> I386
2006-12-18 21:36 <DIR> ie7
2007-08-15 18:09 <DIR> ie7updates
2006-04-26 18:11 <DIR> ime
2008-01-21 02:23 <DIR> inf
2008-01-21 02:14 <DIR> Installer
2006-02-07 01:24 <DIR> Internet Logs
2004-02-03 19:33 <DIR> java
2006-12-18 21:36 <DIR> Media
2006-04-30 15:13 <DIR> Microsoft.NET
2007-11-01 09:54 <DIR> Minidump
2007-04-11 14:52 <DIR> msagent
2004-02-03 20:27 <DIR> msapps
2006-04-26 14:30 <DIR> msdownld.tmp
2004-02-03 20:27 <DIR> mui
2006-12-18 21:32 <DIR> network diagnostic
2007-05-14 15:43 <DIR> occache
2004-02-03 19:33 <DIR> Offline Web Pages
2005-06-23 18:04 <DIR> PCHealth
2006-04-26 18:11 <DIR> peernet
2004-03-30 13:26 <DIR> PIF
2008-01-20 21:34 <DIR> Prefetch
2005-09-11 10:16 <DIR> Profiles
2005-02-15 10:26 <DIR> provisioning
2006-08-23 21:58 <DIR> RegisteredPackages
2007-04-08 14:18 <DIR> Registration
2004-02-27 15:38 <DIR> repair
2004-02-03 20:27 <DIR> Resources
2007-12-31 19:17 <DIR> security
2006-04-26 18:08 <DIR> ServicePackFiles
2006-02-04 12:21 <DIR> ShellNew
2007-11-01 10:11 <DIR> SoftwareDistribution
2005-01-01 21:40 <DIR> speech
2006-04-26 18:08 <DIR> srchasst
2006-03-19 12:40 <DIR> Startmenü
2007-01-09 14:00 <DIR> Sun
2007-12-30 13:31 <DIR> system
2008-01-21 09:20 <DIR> system32
2007-12-30 13:15 <DIR> Tasks
2008-01-21 09:22 <DIR> Temp
2007-06-22 14:17 <DIR> twain_32
2006-12-18 21:37 <DIR> WBEM
2006-04-26 18:05 <DIR> Web
2007-12-04 18:17 <DIR> WinSxS
0 Datei(en) 0 Bytes
234 Verzeichnis(se), 56,070,311,936 Bytes frei


Datenträger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED

Verzeichnis von C:\WINDOWS\system32

2008-01-21 09:22 2,206 wpa.dbl
2008-01-20 19:58 253,472 FNTCACHE.DAT
2008-01-20 18:39 107,832 PnkBstrB.exe
2008-01-11 13:04 306,432 TuneUpDefragService.exe
2008-01-02 19:21 17,642,616 MRT.exe
2008-01-02 12:16 107,888 CmdLineExt.dll
2007-12-29 09:54 841 SBFC.dat
2007-12-20 10:41 29,440 uxtuneup.dll
2007-12-12 09:40 387,268 TZLog.log
2007-11-19 20:16 376,016 perfh009.dat
2007-11-19 20:16 51,814 perfc009.dat
2007-11-19 20:16 386,338 perfh007.dat
2007-11-19 20:16 62,578 perfc007.dat
2007-11-19 20:16 886,580 PerfStringBackup.INI
2007-11-13 12:31 60,416 tzchange.exe
2007-11-07 10:27 729,600 lsasrv.dll
2007-10-31 00:19 3,590,656 mshtml.dll
2007-10-29 23:42 1,293,312 quartz.dll
2007-10-29 18:02 281,552 cfosspeed.dll
2007-10-29 16:07 373,760 xpsp3res.dll
2007-10-25 17:42 8,501,248 shell32.dll
2007-10-25 09:28 222,720 wmasf.dll

#8 Avenger
http://www.virus-protect.org/artikel/tools/avenger.html

Input script manually (anhaken)
die "Lupe" rechts anklicken - View/edit script (wird sich öffnen)
kopiere rein:

Code

Folders to delete: 
C:\Programme\DaemonTools_WhenUSave_Installer
C:\Programme\ErrorSmart
C:\Programme\Defenza

Files to delete: 
C:\WINDOWS\system32\fservice.exe

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)
- Klicke die grüne Ampel
- das Script wird nun ausgeführt, dann wird der PC nach Bestätigung (yes) neustarten

»»
lade sdfix - (im normalmodus)
RunThis.bat doppelt klicken
- wähle a-squared (option 1)
http://www.virus-protect.org/artikel/tools/sdfix.html
scanne + poste den report

»»
wende die Combofix noch mal an + poste den Report
http://www.virus-protect.org/artikel/tools/combofix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#9 hier ist der sdfixreport

a-squared Command Line Scanner - Version 3.0
Last update: N/A

Scan settings:

Objects: Memory, Traces, Cookies, C:
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 2008-01-21 13:25:31

c:\dokumente und einstellungen\hilu\startmenü\programme\whenu detected: Trace.Directory.WhenU.SaveNow
c:\windows\system32\mciwndx.ocx detected: Trace.File.ISTbar
Value: HKEY_CURRENT_USER\Software\Fun Web Products\Data --> DataDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU --> Order detected: Trace.Registry.WhenU.SaveNow
c:\programme\elcomsoft\aopr detected: Trace.Directory.Advanced Office Password Recovery
c:\programme\icqtoolbar detected: Trace.Directory.ICQToolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Office Password Recovery --> DisplayName detected: Trace.Registry.Advanced Office Password Recovery
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Office Password Recovery --> UninstallString detected: Trace.Registry.Advanced Office Password Recovery
Value: HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.ICQToolbar
Value: HKEY_CLASSES_ROOT\CLSID\{4BD2D6C3-31DC-B947-23D0-DC52EC4F0C4C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.ICQToolbar
Value: HKEY_CLASSES_ROOT\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\InprocServer32 --> ThreadingModel detected: Trace.Registry.ICQToolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar --> {855F3B16-6D32-4fe6-8A56-BBB695989046} detected: Trace.Registry.ICQToolbar
Value: HKEY_CURRENT_USER\Software\PartyGaming --> AutoLoginToOtherGames detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> ButtonText detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> CLSID detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Default Visible detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Exec detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> HotIcon detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Icon detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuStatusBar detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> MenuText detected: Trace.Registry.PartyPoker
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} --> Path detected: Trace.Registry.PartyPoker
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@2o7[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@adserv.quality-channel[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@adtech[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@advertising[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@atdmt[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@bfast[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@casalemedia[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@clickbank[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@com-magazin[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@comdirect[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@comics.incest-art[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@common[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@computer.aolsvc[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@count.xhit[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@counter.sexsuche[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@countomat[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@dealtime[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@doubleclick[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@hitbox[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@media.licenseacquisition[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@media.mtvnservices[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@media.ohost[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@mediavantage[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@popcorn[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@server.iad.liveperson[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@sexgott-or-not[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@sexproadventures[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@sexualhentai[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@F***[1].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@specificclick[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@statcounter[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Cookies\hilu@www.searchtraffic[2].txt detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:42 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:43 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:44 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:54 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:55 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:56 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:57 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:58 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\Hilu\Anwendungsdaten\Mozilla\Firefox\Profiles\1fz4ilrs.default\cookies.txt:62 detected: Trace.TrackingCookie
C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik\Top of Charts - 2004.wma detected: Trojan-Downloader.WMA.Wimad.l

Scanned

Files: 30471
Traces: 159169
Cookies: 1418
Processes: 58

Found

Files: 1
Traces: 22
Cookies: 41
Processes: 0

Quarantined

Files: 1
Traces: 19
Cookies: 41
Processes: 0

Scan end: 2008-01-21 13:47:57
Scan time: 0:22:26

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mpeyumqq

*******************

Script file located at: \??\C:\kpkfqcit.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programme\DaemonTools_WhenUSave_Installer deleted successfully.
Folder C:\Programme\ErrorSmart deleted successfully.
Folder C:\Programme\Defenza deleted successfully.


File C:\WINDOWS\system32\fservice.exe not found!
Deletion of file C:\WINDOWS\system32\fservice.exe failed!

Could not process line:
C:\WINDOWS\system32\fservice.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#10 +versuche es noch mal mit der Combofix
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#11 leider hat combofix wieder keinen log angezeigt obwohl alles optimal bis zum log gelaufen ist

mfg thomasio

#12 scanne und poste den Report (als Anhang ) - siehe unten
http://www.virus-protect.org/artikel/tools/kaspersky.html
+
poste das neue log vom HijackThis
http://www.virus-protect.org/hjtkurz.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#13 hier is der neue log von hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 08:33, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
D:\spd.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Time-Sync\TimeSyncServiceClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe
E:\qttask.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\vVX1000.exe
D:\cFosSpeed.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
D:\PTBSync\PTBSync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\AOL 9.0 VRa\waol.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\AOL 9.0 VRa\shellmon.exe
C:\Programme\Gemeinsame Dateien\AOL\Topspeed\3.0\aoltpsd3.exe
C:\DOKUME~1\Hilu\LOKALE~1\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165609237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCDefender] C:\Programme\E-Press\PC Defender\bin\ClamTray.exe --logon
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [cFosSpeed] D:\cFosSpeed.exe
O4 - HKLM\..\Run: [PTBSync] D:\PTBSync\PTBSync.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AntiSpyware] D:\AntiSpywareApp\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Programme\AOL 9.0 VRa\AOL.EXE" -b
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\GROEPR~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.debitel.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader5.cab?nocache=20080115-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Time-Sync Client (ServiceTimeSyncClient) - Speed-Soft - C:\Programme\Time-Sync\TimeSyncServiceClient.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Große Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#14 das sieht schon mal besser aus
hat der kaspersky was gefunden/geloescht ?

scanne mit Bitdefender/Online - und poste hier den Report
http://board.protecus.de/t8642.htm
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#15 nein kaspersky hat nichts weiter gelöscht leider hat bitdefender probleme bereitet und wollte nicht scannen
+ die fehlermeldung durch die fservice exe ist schon verschwunden dieses problem ist schon behoben

mfg thomasio