Trojan/Vundo.AG wie schmeiss ich den runter hab schon alles veruscht |
||
---|---|---|
#0
| ||
24.03.2008, 11:23
...neu hier
Beiträge: 7 |
||
|
||
24.03.2008, 11:29
Moderator
Beiträge: 5694 |
#2
Halo Trojan 1984
«« mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank«« wende CCl eaner an http://www.virus-protect.org/CCleaner.html «« gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein «« scanne mit rvaxo http://www.virus-protect.org/artikel/tools/rvaxo.html poste den report «« wende Combofix an http://www.virus-protect.org/artikel/tools/combofix.html poste den report Gruss Swiss Dieser Beitrag wurde am 24.03.2008 um 11:41 Uhr von Tonstudio editiert.
|
|
|
||
24.03.2008, 11:40
...neu hier
Themenstarter Beiträge: 7 |
#3
was soll ich mit dem crap cleaner löschen???
erst analysieren und dann die datein löschen die er findet und löschen will? |
|
|
||
24.03.2008, 11:43
Moderator
Beiträge: 5694 |
#4
Ja, das ist nur zum löschen von Temp Dateien.Sozusagen den Müllhaufen welcher der PC in der Zeit anschafft beseitigen.
Einfach CCleaner starten. (Button unten rechts) |
|
|
||
24.03.2008, 11:45
...neu hier
Themenstarter Beiträge: 7 |
#5
aha und den spywer doctor durchlaufen lassen und die reports posten!!!
alles klar dann werd ich das mal machen |
|
|
||
24.03.2008, 11:53
Moderator
Beiträge: 5694 |
#6
Einfach was ich im Beitrag geschrieben habe und dies der Reihenfolge nach
|
|
|
||
24.03.2008, 12:08
...neu hier
Themenstarter Beiträge: 7 |
#7
Combofix report
ComboFix 08-03-23.5 - Home Of Freedom 2008-03-24 11:51:02.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1254 [GMT 1:00] ausgeführt von:: C:\Users\Home Of Freedom\Documents\Downloads\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . -- Script messages for sUBs -- C:\Windows\system32\conime.exe CF16005.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat" VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* CF16005.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat" VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" CF16005.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" pv -d80000 * -t -l \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\lsass.exe C:\Windows\system32\services.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PnkBstrA.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" C:\Windows\system32\svchost.exe -k hpdevmgmt "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\avmwlanstick\WlanNetService.exe" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k netsvcs taskeng.exe {95CFAC1F-CF3B-415E-AB15-9ABA8D570519} taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456} taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC} taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB} C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Windows\system32\Dwm.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe explorer.exe "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" rundll32 NVSVC.DLL,nvsvcInitialize "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" "C:\Windows\ehome\ehtray.exe" Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$" VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll" C:\Windows\system32\conime.exe CF16005.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat" VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* CF16005.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat" VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" CF16005.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" pv -d30000 * -t -l \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\lsass.exe C:\Windows\system32\services.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PnkBstrA.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" C:\Windows\system32\svchost.exe -k hpdevmgmt "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\avmwlanstick\WlanNetService.exe" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k netsvcs taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456} taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC} taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB} C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Windows\system32\Dwm.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe explorer.exe "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" rundll32 NVSVC.DLL,nvsvcInitialize "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" "C:\Windows\ehome\ehtray.exe" SED "s/\\/\\\\/g" MTEE /+ cfiles.dat SED -r "/^svchost.exe$/I!d; s/.{37}//" Handle .exe C:\Windows\system32\conime.exe pv -d80000 * -t -l \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\lsass.exe C:\Windows\system32\services.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PnkBstrA.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" C:\Windows\system32\svchost.exe -k hpdevmgmt "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\avmwlanstick\WlanNetService.exe" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k netsvcs taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456} taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC} taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB} C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Windows\system32\Dwm.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe explorer.exe "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" rundll32 NVSVC.DLL,nvsvcInitialize "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" "C:\Windows\ehome\ehtray.exe" Handle .exe C:\Windows\system32\conime.exe pv -d80000 * -t -l \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\lsass.exe C:\Windows\system32\services.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PnkBstrA.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" C:\Windows\system32\svchost.exe -k hpdevmgmt "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\avmwlanstick\WlanNetService.exe" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k netsvcs taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456} taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC} taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB} C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Windows\system32\Dwm.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe explorer.exe "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" rundll32 NVSVC.DLL,nvsvcInitialize "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" "C:\Windows\ehome\ehtray.exe" Handle .exe C:\Windows\system32\conime.exe pv -d80000 * -t -l \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\lsass.exe C:\Windows\system32\services.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PnkBstrA.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" C:\Windows\system32\svchost.exe -k hpdevmgmt "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\avmwlanstick\WlanNetService.exe" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k netsvcs taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456} taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC} taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB} C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Windows\system32\Dwm.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe explorer.exe "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" rundll32 NVSVC.DLL,nvsvcInitialize "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" "C:\Windows\ehome\ehtray.exe" Handle .exe C:\Windows\system32\conime.exe pv -d80000 * -t -l \SystemRoot\System32\smss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\lsass.exe C:\Windows\system32\services.exe C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PnkBstrA.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" C:\Windows\system32\svchost.exe -k hpdevmgmt "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Windows\system32\svchost.exe -k bthsvcs "C:\Program Files\avmwlanstick\WlanNetService.exe" "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k netsvcs taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456} taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC} taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB} C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Windows\system32\Dwm.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\ehome\ehmsas.exe -Embedding C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 winlogon.exe explorer.exe "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" rundll32 NVSVC.DLL,nvsvcInitialize "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" "C:\Windows\ehome\ehtray.exe" Handle .exe C:\Windows\system32\conime.exe pv -d80000 * -t -l (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Home Of Freedom\AppData\Roaming\inst.exe . ((((((((((((((((((((((( Dateien erstellt von 2008-02-24 bis 2008-03-24 )))))))))))))))))))))))))))))) . Keine neuen Dateien erstellt in diesem Zeitraum . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 10:49 --------- d---a-w C:\ProgramData\TEMP 2008-03-24 10:37 --------- d-----w C:\Program Files\CCleaner 2008-03-24 10:31 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\uTorrent 2008-03-24 10:08 --------- d-----w C:\Program Files\Trend Micro 2008-03-23 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-23 22:55 --------- d-----w C:\ProgramData\Media Center Programs 2008-03-23 22:40 --------- d-----w C:\Program Files\Xvid 2008-03-23 20:37 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Tobit 2008-03-23 20:27 --------- d-----w C:\Program Files\Codemasters 2008-03-23 20:16 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\TrojanHunter 2008-03-23 20:15 --------- d-----w C:\Program Files\MioNet 2008-03-23 19:38 --------- d-----w C:\Program Files\TrojanHunter 4.7 2008-03-23 13:35 --------- d-----w C:\ProgramData\Google Updater 2008-03-23 09:25 --------- d-----w C:\Program Files\OpenAL 2008-03-23 09:14 --------- d-----w C:\Program Files\1C Company 2008-03-23 00:07 --------- d-----w C:\Program Files\Eidos 2008-03-22 23:54 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Xfire 2008-03-22 23:35 --------- d-----w C:\Program Files\Everest Poker 2008-03-22 23:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-22 23:08 --------- d-----w C:\ProgramData\Xfire 2008-03-22 23:08 --------- d-----w C:\Program Files\Xfire 2008-03-22 23:02 --------- d-----w C:\Program Files\Lighthouse Interactive 2008-03-22 18:16 --------- d-----w C:\Program Files\EA Games 2008-03-21 14:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-20 05:31 --------- d-----w C:\Program Files\Spyware Doctor 2008-03-18 08:05 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\phonostar-Player 2008-03-17 19:17 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Image Zone Express 2008-03-13 13:33 --------- d-----w C:\Program Files\Windows Mail 2008-03-12 17:11 2,108 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\wklnhst.dat 2008-03-12 16:53 --------- d-----w C:\Program Files\Sega 2008-03-11 18:35 --------- d-----w C:\Program Files\GameSpy 2008-03-11 18:08 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Skype 2008-03-11 17:38 669,184 ----a-w C:\Windows\System32\pbsvc.exe 2008-03-11 17:38 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-03-11 17:38 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-11 17:38 22,328 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\PnkBstrK.sys 2008-03-11 17:38 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-11 15:03 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\skypePM 2008-03-10 21:59 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\.BitTornado 2008-03-10 21:59 --------- d-----w C:\Program Files\BitTornado 2008-03-10 20:47 --------- d-----w C:\Program Files\ProtectDisc Driver Installer 2008-03-10 20:43 233,973 ----a-w C:\Windows\RTL Racing Team Manager Uninstaller.exe 2008-03-10 20:43 --------- d-----w C:\Program Files\RTL Racing Team Manager 2008-03-10 19:58 --------- d-----w C:\Program Files\uTorrent 2008-03-10 17:49 --------- d-----w C:\Program Files\Philips Flat Panel Adjust 2008-03-10 17:23 --------- d-----w C:\ProgramData\Roxio 2008-03-09 18:13 --------- d-----w C:\Program Files\poc 2008-03-08 22:40 --------- d-----w C:\ProgramData\Nero 2008-03-08 22:40 --------- d-----w C:\Program Files\Nero 2008-03-08 22:40 --------- d-----w C:\Program Files\Common Files\Nero 2008-03-08 19:42 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-03-08 19:24 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Ashampoo 2008-03-08 19:06 --------- d-----w C:\ProgramData\ashampoo 2008-03-08 19:06 --------- d-----w C:\Program Files\Ashampoo 2008-03-08 17:17 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\T-Online 2008-03-08 15:48 --------- d-----w C:\Program Files\Common Files\T-Com 2008-03-08 13:48 --------- d-----w C:\Program Files\ArcorOnline 2008-03-07 18:13 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Ubisoft 2008-03-07 18:13 --------- d-----w C:\ProgramData\Ubisoft 2008-03-07 17:40 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\DAEMON Tools 2008-03-07 17:29 --------- d-----w C:\Program Files\Sun 2008-03-07 17:27 --------- d-----w C:\Program Files\Java 2008-03-05 18:24 --------- d-----w C:\Program Files\Darkness Within 2008-03-04 17:16 21,840 ----atw C:\Windows\System32\SIntfNT.dll 2008-03-04 17:16 17,212 ----atw C:\Windows\System32\SIntf32.dll 2008-03-04 17:16 12,067 ----atw C:\Windows\System32\SIntf16.dll 2008-03-04 17:12 --------- d-----w C:\Program Files\MagicDisc 2008-03-03 19:01 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\ICQ 2008-03-01 09:53 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Roxio 2008-02-24 19:04 --------- d-----w C:\Program Files\ICQ6 2008-02-18 16:29 96,256 ----a-w C:\Windows\system32\drivers\mcdbus.sys 2008-02-14 07:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 07:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 06:56 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 06:54 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 06:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 06:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 06:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 16:54 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-10 11:55 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\PC Tools 2008-02-10 11:55 --------- d-----w C:\Program Files\Google 2008-02-10 11:54 --------- d-----w C:\Program Files\Picasa2 2008-02-09 07:40 --------- d-----w C:\Program Files\USB Vibration 2008-01-30 17:02 --------- d-----w C:\Program Files\Studio 3 2008-01-29 22:30 1,049,790 ----a-w C:\Windows\Prison Tycoon 3 Uninstaller.exe 2008-01-27 17:38 --------- d-----w C:\Program Files\MumboJumbo 2008-01-27 15:26 21,504 ----a-w C:\Windows\jestertb.dll 2008-01-27 14:07 --------- d-----w C:\Program Files\ICQToolbar 2008-01-27 14:06 94,208 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\ezplay.sys 2008-01-27 14:06 47,360 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\pcouffin.sys 2008-01-27 14:06 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Vso 2008-01-27 14:06 --------- d-----w C:\Program Files\AVSMedia 2008-01-27 11:06 --------- d-----w C:\Program Files\GedonSoft 2008-01-27 10:25 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Lionhead Studios 2008-01-27 10:24 --------- d-----w C:\Program Files\AdVantage 2008-01-27 10:21 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-27 10:07 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-01-25 19:05 --------- d-----w C:\Program Files\BitComet 2008-01-24 17:00 --------- d-----w C:\Program Files\rondomedia 2008-01-24 16:24 --------- d-----w C:\Program Files\ValuSoft . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-13 21:22 249896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920] "DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136] "THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19 1102848] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount "PhonostarTimer"=C:\Program Files\phonostar\ps_timer.exe "Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun "Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe "MSServer"=rundll32.exe C:\Users\HOMEOF~1\AppData\Local\Temp\qopom.dll,#1 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe "AVMWlanClient"=C:\Program Files\avmwlanstick\FRITZWLANMini.exe "SPC500NC_Monitor"=C:\Windows\Philips\SPC500NC\Monitor.exe "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{D2ABB48B-AE98-469F-9B34-89279DF8A34E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{F5F39849-11DF-4921-BE05-E09DE4A7B27D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{DEB3CC9D-7D91-4581-BAA6-BBF437F84F69}D:\\utorrent 1.6\\utorrent.exe"= UDP:\utorrent 1.6\utorrent.exe:utorrent "UDP Query User{CD2949DE-13BB-44CC-8F4C-442D692E8F54}D:\\utorrent 1.6\\utorrent.exe"= TCP:\utorrent 1.6\utorrent.exe:utorrent "TCP Query User{7E826527-4F65-455F-87D7-B96F660FF254}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{274F8A73-456E-4AE8-A054-A563946C5D7D}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{AF93A2D9-AC9C-48A9-AD7A-32029FEF40CA}C:\\program files\\tobit clipinc\\player\\clipinc-player.exe"= UDP:C:\program files\tobit clipinc\player\clipinc-player.exe:ClipInc. Player "UDP Query User{8D2247F1-BD4A-45CB-9960-36B44D8AF6C1}C:\\program files\\tobit clipinc\\player\\clipinc-player.exe"= TCP:C:\program files\tobit clipinc\player\clipinc-player.exe:ClipInc. Player "TCP Query User{91D0A6F1-EDCC-4078-BCDF-B1C4731F9A8B}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary "UDP Query User{61629A8E-F8D3-4839-A3EB-5E6AEA8586AD}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary "TCP Query User{AAD3E8E9-A219-4959-93A6-C360408F142A}C:\\users\\home of freedom\\documents\\downloads\\ratio master 1.7.5\\ratiomaster-1.7.5\\ratiomaster.exe"= UDP:C:\users\home of freedom\documents\downloads\ratio master 1.7.5\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe "UDP Query User{DFEF5809-8EAB-4409-99A6-9DC22140A1DD}C:\\users\\home of freedom\\documents\\downloads\\ratio master 1.7.5\\ratiomaster-1.7.5\\ratiomaster.exe"= TCP:C:\users\home of freedom\documents\downloads\ratio master 1.7.5\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe "TCP Query User{557135C4-BF0B-4383-B4EB-887D298D350E}C:\\program files\\icq6\\icq.exe"= Disabled:UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{11D61B8C-19B6-4178-B846-CF42239AAD3F}C:\\program files\\icq6\\icq.exe"= Disabled:TCP:C:\program files\icq6\icq.exe:ICQ Library "TCP Query User{E76421EB-F69F-434C-BCB0-C64CEE3945ED}C:\\program files\\mirc\\mirc.exe"= Disabled:UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{A9379F83-877E-4196-B1F6-AE7F4A488F7E}C:\\program files\\mirc\\mirc.exe"= Disabled:TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{3ED36127-2141-40DF-8891-5934538CB434}C:\\sims\\racer\\racer.exe"= Disabled:UDP:C:\sims\racer\racer.exe:racer "UDP Query User{091E3E42-2F42-488A-A42C-37ED5F231779}C:\\sims\\racer\\racer.exe"= Disabled:TCP:C:\sims\racer\racer.exe:racer "TCP Query User{CB6D22EC-8194-480B-B872-3C2E43482175}C:\\users\\home of freedom\\downloads\\racer\\racer.exe.exe"= Disabled:UDP:C:\users\home of freedom\downloads\racer\racer.exe.exe:racer.exe.exe "UDP Query User{99D5E176-3B32-4F93-A3A3-1F90A30522AF}C:\\users\\home of freedom\\downloads\\racer\\racer.exe.exe"= Disabled:TCP:C:\users\home of freedom\downloads\racer\racer.exe.exe:racer.exe.exe "TCP Query User{92BC7704-6843-456B-8D12-9E285B8C7DBC}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2 "UDP Query User{F2BA6D12-4BFE-4B4F-A570-8CA21A2A182F}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2 "TCP Query User{EF820C1F-9743-4FCF-8C1E-28544AFFD636}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{428DA238-955B-4A31-AA64-B6D7CCFCE019}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{B4DCECC7-7C76-4DCD-9E31-54C0258EB1A0}C:\\program files\\poc\\poc2008\\poc3d2008.exe"= UDP:C:\program files\poc\poc2008\poc3d2008.exeoc3D2008 "UDP Query User{20BC00A7-2960-4640-9C06-E893A5D6064B}C:\\program files\\poc\\poc2008\\poc3d2008.exe"= TCP:C:\program files\poc\poc2008\poc3d2008.exeoc3D2008 "TCP Query User{C865FC56-9684-4CEC-91A8-57279A4BC2A3}C:\\users\\home of freedom\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\home of freedom\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{D648195C-5952-4004-B062-515F8C03FD2B}C:\\users\\home of freedom\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\home of freedom\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{46A87723-72CD-4AA1-BB51-52D0830AE39E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{61D2492B-F65C-4CB5-ACF5-CB5F15887F10}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{1E7ABA62-602E-4208-B27D-C9B0700C25FC}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{BF6F801D-758A-401A-A93B-6CD50A3F4A55}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{E36E046C-D623-48EE-B549-FBDABAE24AA4}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{71616449-4EEB-427A-816C-A7E152DC9C71}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{B2EA5E31-EDAF-445E-BA53-63B2537B68E1}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{48EC1ECD-E2C2-46B7-A0D6-5D09370D3C9F}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "TCP Query User{60C10E6B-3FD0-4A57-9608-2CE36E985B7D}C:\\program files\\1c company\\you are empty\\you_are_empty.exe"= UDP:C:\program files\1c company\you are empty\you_are_empty.exe:ds2main "UDP Query User{C3C0C984-1597-42D4-9383-E377C9B5FF35}C:\\program files\\1c company\\you are empty\\you_are_empty.exe"= TCP:C:\program files\1c company\you are empty\you_are_empty.exe:ds2main [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 R0 pe3akdnc;You Are Empty Environment Driver (pe3akdnc);C:\Windows\system32\drivers\pe3akdnc.sys [2007-04-19 10:50] R0 ps6akdnc;You Are Empty Synchronization Driver (ps6akdnc);C:\Windows\system32\drivers\ps6akdnc.sys [2007-04-19 10:50] R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 01:34] R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 15:49] R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 09:19] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40] R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-07-23 11:48] R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-07-23 12:01] R3 SPC500NC;SPC 500NC Laptop Camera;C:\Windows\system32\DRIVERS\SPC610NC.SYS [2007-01-19 17:14] R3 VUALFDrv;SONIX Audio Filter Driver;C:\Windows\System32\Drivers\VUALFDrv.sys [2007-02-01 16:51] S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-07-23 11:48] S2 pr2akdnc;You Are Empty Drivers Auto Removal (pr2akdnc);C:\Windows\system32\pr2akdnc.exe svc [] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53] S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52] S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52] S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys [2006-12-28 00:02] S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;C:\Windows\system32\Drivers\dsltestSp5.sys [2007-09-12 17:24] S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-12-28 00:02] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53] S3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52] S3 TDslMgrService;DSL-Manager;"C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe" [2007-11-26 14:50] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2007-12-16 13:08] S4 SessionLauncher;SessionLauncher;C:\Users\HOMEOF~1\AppData\Local\Temp\DX9\SessionLauncher.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \shell\AutoRun\command - Q:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41895dc1-c9cb-11dc-b31e-001a4f4b46b0}] \shell\AutoRun\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f82d8d0-b707-11dc-8410-001a4f4b46b0}] \shell\AutoRun\command - L:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727b6e7f-ccf0-11dc-8c2b-001a4f4b46b0}] \shell\AutoRun\command - N:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60f2784-a356-11dc-9fd7-001d60343c28}] \shell\AutoRun\command - Q:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f701c8dd-ccbf-11dc-b506-001a4f4b46b0}] \shell\AutoRun\command - O:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fca5e627-b30f-11dc-9309-806e6f6e6963}] \shell\AutoRun\command - F:\autorun.exe *Newly Created Service* - CATCHME . Inhalt des "geplante Tasks" Ordners "2008-03-07 16:22:37 C:\Windows\Tasks\1-Klick-Wartung.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-03-21 16:29:06 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 12:04:19 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-03-24 12:04:42 ComboFix-quarantined-files.txt 2008-03-24 11:04:40 . 2008-03-21 11:35:21 --- E O F --- |
|
|
||
24.03.2008, 12:15
Ehrenmitglied
Beiträge: 29434 |
#8
Trojan1984
mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank«« gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein »» poste ein neues LOG vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.03.2008, 12:24
...neu hier
Themenstarter Beiträge: 7 |
#9
also ich weiss ja nciht aber bei mir fehlen im hijackthis einige einträge die du mir aufgeführt hast
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:44, on 24.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\avmwlanstick\WlanNetService.exe C:\Windows\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\System32\svchost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Users\Home Of Freedom\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O13 - Gopher Prefix: O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252 O17 - HKLM\System\CS3\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\Windows\system32\pr2akdnc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 11321 bytes |
|
|
||
24.03.2008, 12:27
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo,
fixe mit HijackThis + PC neustarten Zitat R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankscanne mit Bitdefender + poste den Report http://board.protecus.de/t8642.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.03.2008, 12:45
...neu hier
Themenstarter Beiträge: 7 |
#11
bitdefender online scan funktioniert bei mir nicht
das schreibt mir die site Could not load the Online Scanner! Service Pack 2 was detected on this computer.Click on the information bar and select "Install ActiveX Control...".Click here for other possible fixes. machs jetzt mit kaspersky online scanner -------------------------------------------------------------------------------- |
|
|
||
24.03.2008, 12:48
Moderator
Beiträge: 5694 |
#12
Dann nimm Ewido
http://board.protecus.de/t8642.htm und dann noch Malwarebyt - poste den report hier http://www.virus-protect.org/artikel/tools/malwarebytes.html |
|
|
||
24.03.2008, 13:11
...neu hier
Themenstarter Beiträge: 7 |
#13
das kann aber einiges an zeit in anspruch nehmen,also meld ich mich später wieder mit der log von kaspersky online scanner
also kaspersky hat ncihts gefunden weder infiziert noch sonst was ich versuchs nochmal mit nem anderen scanner so jetzt geht auch der bitdefender aber dauert halt seine zeit.liegt noch bei 8 std. Dieser Beitrag wurde am 24.03.2008 um 14:04 Uhr von Trojan1984 editiert.
|
|
|
||
24.03.2008, 15:49
Ehrenmitglied
Beiträge: 29434 |
||
|
||
Hier der log von hijackthis :::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:32, on 24.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Home Of Freedom\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HOMEOF~1\AppData\Local\Temp\yayww.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\Windows\system32\pr2akdnc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\HOMEOF~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 12241 bytes
Danke schonmal im vorraus