Trojan/Vundo.AG wie schmeiss ich den runter hab schon alles veruscht

#0
24.03.2008, 11:23
...neu hier

Beiträge: 7
#1 hallo ich habe den Trojan Vundo auf dem rechner bekomm den aber nicht runter,weder mit trojan remover noch mit antivir oder spywer doctor!!!

Hier der log von hijackthis :::



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:32, on 24.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Home Of Freedom\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HOMEOF~1\AppData\Local\Temp\yayww.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\Windows\system32\pr2akdnc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\HOMEOF~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12241 bytes



Danke schonmal im vorraus
Seitenanfang Seitenende
24.03.2008, 11:29
Moderator

Beiträge: 5694
#2 Halo Trojan 1984

««
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HOMEOF~1\AppData\Local\Temp\yayww.dll,#1

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

««
wende CCl eaner an
http://www.virus-protect.org/CCleaner.html

««
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

««
scanne mit rvaxo
http://www.virus-protect.org/artikel/tools/rvaxo.html
poste den report

««
wende Combofix an
http://www.virus-protect.org/artikel/tools/combofix.html
poste den report

Gruss Swiss
Dieser Beitrag wurde am 24.03.2008 um 11:41 Uhr von Tonstudio editiert.
Seitenanfang Seitenende
24.03.2008, 11:40
...neu hier

Themenstarter

Beiträge: 7
#3 was soll ich mit dem crap cleaner löschen???
erst analysieren und dann die datein löschen die er findet und löschen will?
Seitenanfang Seitenende
24.03.2008, 11:43
Moderator

Beiträge: 5694
#4 Ja, das ist nur zum löschen von Temp Dateien.Sozusagen den Müllhaufen welcher der PC in der Zeit anschafft beseitigen.

Einfach CCleaner starten. (Button unten rechts)
Seitenanfang Seitenende
24.03.2008, 11:45
...neu hier

Themenstarter

Beiträge: 7
#5 aha und den spywer doctor durchlaufen lassen und die reports posten!!!

alles klar dann werd ich das mal machen
Seitenanfang Seitenende
24.03.2008, 11:53
Moderator

Beiträge: 5694
#6 Einfach was ich im Beitrag geschrieben habe und dies der Reihenfolge nach ;)
Seitenanfang Seitenende
24.03.2008, 12:08
...neu hier

Themenstarter

Beiträge: 7
#7 Combofix report


ComboFix 08-03-23.5 - Home Of Freedom 2008-03-24 11:51:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1254 [GMT 1:00]
ausgeführt von:: C:\Users\Home Of Freedom\Documents\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
-- Script messages for sUBs --
C:\Windows\system32\conime.exe
CF16005.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF16005.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF16005.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Windows\system32\svchost.exe -k hpdevmgmt
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\avmwlanstick\WlanNetService.exe"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {95CFAC1F-CF3B-415E-AB15-9ABA8D570519}
taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456}
taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC}
taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
rundll32 NVSVC.DLL,nvsvcInitialize
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"C:\Windows\ehome\ehtray.exe"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
C:\Windows\system32\conime.exe
CF16005.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\Windows\*
CF16005.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF16005.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
pv -d30000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Windows\system32\svchost.exe -k hpdevmgmt
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\avmwlanstick\WlanNetService.exe"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456}
taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC}
taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
rundll32 NVSVC.DLL,nvsvcInitialize
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"C:\Windows\ehome\ehtray.exe"
SED "s/\\/\\\\/g"
MTEE /+ cfiles.dat
SED -r "/^svchost.exe$/I!d; s/.{37}//"
Handle .exe
C:\Windows\system32\conime.exe
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Windows\system32\svchost.exe -k hpdevmgmt
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\avmwlanstick\WlanNetService.exe"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456}
taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC}
taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
rundll32 NVSVC.DLL,nvsvcInitialize
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"C:\Windows\ehome\ehtray.exe"
Handle .exe
C:\Windows\system32\conime.exe
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Windows\system32\svchost.exe -k hpdevmgmt
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\avmwlanstick\WlanNetService.exe"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456}
taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC}
taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
rundll32 NVSVC.DLL,nvsvcInitialize
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"C:\Windows\ehome\ehtray.exe"
Handle .exe
C:\Windows\system32\conime.exe
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Windows\system32\svchost.exe -k hpdevmgmt
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\avmwlanstick\WlanNetService.exe"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456}
taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC}
taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
rundll32 NVSVC.DLL,nvsvcInitialize
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"C:\Windows\ehome\ehtray.exe"
Handle .exe
C:\Windows\system32\conime.exe
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Windows\system32\svchost.exe -k hpdevmgmt
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\avmwlanstick\WlanNetService.exe"
"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe {F2F6294D-30F7-4287-9352-A26DF0925456}
taskeng.exe {2A2AF836-AC62-4219-A81D-20E21B3DDAAC}
taskeng.exe {DC54D339-AEC7-473A-927A-36F6E65EADFB}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d65251f-0e81-4914-9b74-aac7e86efb58 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f6e050b9-7c1c-4b96-a9f3-47a1468593e0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-679c76a6-acfb-4303-b8d0-5474cdb7a07d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4c94d0f3-a9d0-4f0b-b0b0-1951d1a0c8a0
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
explorer.exe
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
rundll32 NVSVC.DLL,nvsvcInitialize
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"C:\Windows\ehome\ehtray.exe"
Handle .exe
C:\Windows\system32\conime.exe
pv -d80000 * -t -l

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Home Of Freedom\AppData\Roaming\inst.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-24 bis 2008-03-24 ))))))))))))))))))))))))))))))
.

Keine neuen Dateien erstellt in diesem Zeitraum

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 10:49 --------- d---a-w C:\ProgramData\TEMP
2008-03-24 10:37 --------- d-----w C:\Program Files\CCleaner
2008-03-24 10:31 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\uTorrent
2008-03-24 10:08 --------- d-----w C:\Program Files\Trend Micro
2008-03-23 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 22:55 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-23 22:40 --------- d-----w C:\Program Files\Xvid
2008-03-23 20:37 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Tobit
2008-03-23 20:27 --------- d-----w C:\Program Files\Codemasters
2008-03-23 20:16 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\TrojanHunter
2008-03-23 20:15 --------- d-----w C:\Program Files\MioNet
2008-03-23 19:38 --------- d-----w C:\Program Files\TrojanHunter 4.7
2008-03-23 13:35 --------- d-----w C:\ProgramData\Google Updater
2008-03-23 09:25 --------- d-----w C:\Program Files\OpenAL
2008-03-23 09:14 --------- d-----w C:\Program Files\1C Company
2008-03-23 00:07 --------- d-----w C:\Program Files\Eidos
2008-03-22 23:54 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Xfire
2008-03-22 23:35 --------- d-----w C:\Program Files\Everest Poker
2008-03-22 23:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-22 23:08 --------- d-----w C:\ProgramData\Xfire
2008-03-22 23:08 --------- d-----w C:\Program Files\Xfire
2008-03-22 23:02 --------- d-----w C:\Program Files\Lighthouse Interactive
2008-03-22 18:16 --------- d-----w C:\Program Files\EA Games
2008-03-21 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-20 05:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-18 08:05 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\phonostar-Player
2008-03-17 19:17 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Image Zone Express
2008-03-13 13:33 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 17:11 2,108 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\wklnhst.dat
2008-03-12 16:53 --------- d-----w C:\Program Files\Sega
2008-03-11 18:35 --------- d-----w C:\Program Files\GameSpy
2008-03-11 18:08 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Skype
2008-03-11 17:38 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-11 17:38 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-11 17:38 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-11 17:38 22,328 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\PnkBstrK.sys
2008-03-11 17:38 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-11 15:03 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\skypePM
2008-03-10 21:59 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\.BitTornado
2008-03-10 21:59 --------- d-----w C:\Program Files\BitTornado
2008-03-10 20:47 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2008-03-10 20:43 233,973 ----a-w C:\Windows\RTL Racing Team Manager Uninstaller.exe
2008-03-10 20:43 --------- d-----w C:\Program Files\RTL Racing Team Manager
2008-03-10 19:58 --------- d-----w C:\Program Files\uTorrent
2008-03-10 17:49 --------- d-----w C:\Program Files\Philips Flat Panel Adjust
2008-03-10 17:23 --------- d-----w C:\ProgramData\Roxio
2008-03-09 18:13 --------- d-----w C:\Program Files\poc
2008-03-08 22:40 --------- d-----w C:\ProgramData\Nero
2008-03-08 22:40 --------- d-----w C:\Program Files\Nero
2008-03-08 22:40 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-08 19:42 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-03-08 19:24 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Ashampoo
2008-03-08 19:06 --------- d-----w C:\ProgramData\ashampoo
2008-03-08 19:06 --------- d-----w C:\Program Files\Ashampoo
2008-03-08 17:17 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\T-Online
2008-03-08 15:48 --------- d-----w C:\Program Files\Common Files\T-Com
2008-03-08 13:48 --------- d-----w C:\Program Files\ArcorOnline
2008-03-07 18:13 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Ubisoft
2008-03-07 18:13 --------- d-----w C:\ProgramData\Ubisoft
2008-03-07 17:40 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\DAEMON Tools
2008-03-07 17:29 --------- d-----w C:\Program Files\Sun
2008-03-07 17:27 --------- d-----w C:\Program Files\Java
2008-03-05 18:24 --------- d-----w C:\Program Files\Darkness Within
2008-03-04 17:16 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-03-04 17:16 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-03-04 17:16 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-03-04 17:12 --------- d-----w C:\Program Files\MagicDisc
2008-03-03 19:01 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\ICQ
2008-03-01 09:53 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Roxio
2008-02-24 19:04 --------- d-----w C:\Program Files\ICQ6
2008-02-18 16:29 96,256 ----a-w C:\Windows\system32\drivers\mcdbus.sys
2008-02-14 07:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 07:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 06:56 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 06:54 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 06:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 06:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 06:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 16:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 11:55 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\PC Tools
2008-02-10 11:55 --------- d-----w C:\Program Files\Google
2008-02-10 11:54 --------- d-----w C:\Program Files\Picasa2
2008-02-09 07:40 --------- d-----w C:\Program Files\USB Vibration
2008-01-30 17:02 --------- d-----w C:\Program Files\Studio 3
2008-01-29 22:30 1,049,790 ----a-w C:\Windows\Prison Tycoon 3 Uninstaller.exe
2008-01-27 17:38 --------- d-----w C:\Program Files\MumboJumbo
2008-01-27 15:26 21,504 ----a-w C:\Windows\jestertb.dll
2008-01-27 14:07 --------- d-----w C:\Program Files\ICQToolbar
2008-01-27 14:06 94,208 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\ezplay.sys
2008-01-27 14:06 47,360 ----a-w C:\Users\Home Of Freedom\AppData\Roaming\pcouffin.sys
2008-01-27 14:06 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Vso
2008-01-27 14:06 --------- d-----w C:\Program Files\AVSMedia
2008-01-27 11:06 --------- d-----w C:\Program Files\GedonSoft
2008-01-27 10:25 --------- d-----w C:\Users\Home Of Freedom\AppData\Roaming\Lionhead Studios
2008-01-27 10:24 --------- d-----w C:\Program Files\AdVantage
2008-01-27 10:21 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-27 10:07 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-25 19:05 --------- d-----w C:\Program Files\BitComet
2008-01-24 17:00 --------- d-----w C:\Program Files\rondomedia
2008-01-24 16:24 --------- d-----w C:\Program Files\ValuSoft
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-13 21:22 249896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19 1102848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"PhonostarTimer"=C:\Program Files\phonostar\ps_timer.exe
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"Comrade.exe"=C:\Program Files\GameSpy\Comrade\Comrade.exe
"MSServer"=rundll32.exe C:\Users\HOMEOF~1\AppData\Local\Temp\qopom.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ClipIncSrvTray"="C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
"AVMWlanClient"=C:\Program Files\avmwlanstick\FRITZWLANMini.exe
"SPC500NC_Monitor"=C:\Windows\Philips\SPC500NC\Monitor.exe
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D2ABB48B-AE98-469F-9B34-89279DF8A34E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F5F39849-11DF-4921-BE05-E09DE4A7B27D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DEB3CC9D-7D91-4581-BAA6-BBF437F84F69}D:\\utorrent 1.6\\utorrent.exe"= UDP;):\utorrent 1.6\utorrent.exe:utorrent
"UDP Query User{CD2949DE-13BB-44CC-8F4C-442D692E8F54}D:\\utorrent 1.6\\utorrent.exe"= TCP;):\utorrent 1.6\utorrent.exe:utorrent
"TCP Query User{7E826527-4F65-455F-87D7-B96F660FF254}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{274F8A73-456E-4AE8-A054-A563946C5D7D}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{AF93A2D9-AC9C-48A9-AD7A-32029FEF40CA}C:\\program files\\tobit clipinc\\player\\clipinc-player.exe"= UDP:C:\program files\tobit clipinc\player\clipinc-player.exe:ClipInc. Player
"UDP Query User{8D2247F1-BD4A-45CB-9960-36B44D8AF6C1}C:\\program files\\tobit clipinc\\player\\clipinc-player.exe"= TCP:C:\program files\tobit clipinc\player\clipinc-player.exe:ClipInc. Player
"TCP Query User{91D0A6F1-EDCC-4078-BCDF-B1C4731F9A8B}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{61629A8E-F8D3-4839-A3EB-5E6AEA8586AD}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{AAD3E8E9-A219-4959-93A6-C360408F142A}C:\\users\\home of freedom\\documents\\downloads\\ratio master 1.7.5\\ratiomaster-1.7.5\\ratiomaster.exe"= UDP:C:\users\home of freedom\documents\downloads\ratio master 1.7.5\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe
"UDP Query User{DFEF5809-8EAB-4409-99A6-9DC22140A1DD}C:\\users\\home of freedom\\documents\\downloads\\ratio master 1.7.5\\ratiomaster-1.7.5\\ratiomaster.exe"= TCP:C:\users\home of freedom\documents\downloads\ratio master 1.7.5\ratiomaster-1.7.5\ratiomaster.exe:ratiomaster.exe
"TCP Query User{557135C4-BF0B-4383-B4EB-887D298D350E}C:\\program files\\icq6\\icq.exe"= Disabled:UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{11D61B8C-19B6-4178-B846-CF42239AAD3F}C:\\program files\\icq6\\icq.exe"= Disabled:TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{E76421EB-F69F-434C-BCB0-C64CEE3945ED}C:\\program files\\mirc\\mirc.exe"= Disabled:UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{A9379F83-877E-4196-B1F6-AE7F4A488F7E}C:\\program files\\mirc\\mirc.exe"= Disabled:TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{3ED36127-2141-40DF-8891-5934538CB434}C:\\sims\\racer\\racer.exe"= Disabled:UDP:C:\sims\racer\racer.exe:racer
"UDP Query User{091E3E42-2F42-488A-A42C-37ED5F231779}C:\\sims\\racer\\racer.exe"= Disabled:TCP:C:\sims\racer\racer.exe:racer
"TCP Query User{CB6D22EC-8194-480B-B872-3C2E43482175}C:\\users\\home of freedom\\downloads\\racer\\racer.exe.exe"= Disabled:UDP:C:\users\home of freedom\downloads\racer\racer.exe.exe:racer.exe.exe
"UDP Query User{99D5E176-3B32-4F93-A3A3-1F90A30522AF}C:\\users\\home of freedom\\downloads\\racer\\racer.exe.exe"= Disabled:TCP:C:\users\home of freedom\downloads\racer\racer.exe.exe:racer.exe.exe
"TCP Query User{92BC7704-6843-456B-8D12-9E285B8C7DBC}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{F2BA6D12-4BFE-4B4F-A570-8CA21A2A182F}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{EF820C1F-9743-4FCF-8C1E-28544AFFD636}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{428DA238-955B-4A31-AA64-B6D7CCFCE019}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B4DCECC7-7C76-4DCD-9E31-54C0258EB1A0}C:\\program files\\poc\\poc2008\\poc3d2008.exe"= UDP:C:\program files\poc\poc2008\poc3d2008.exe:poc3D2008
"UDP Query User{20BC00A7-2960-4640-9C06-E893A5D6064B}C:\\program files\\poc\\poc2008\\poc3d2008.exe"= TCP:C:\program files\poc\poc2008\poc3d2008.exe:poc3D2008
"TCP Query User{C865FC56-9684-4CEC-91A8-57279A4BC2A3}C:\\users\\home of freedom\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\home of freedom\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{D648195C-5952-4004-B062-515F8C03FD2B}C:\\users\\home of freedom\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\home of freedom\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{46A87723-72CD-4AA1-BB51-52D0830AE39E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{61D2492B-F65C-4CB5-ACF5-CB5F15887F10}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{1E7ABA62-602E-4208-B27D-C9B0700C25FC}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{BF6F801D-758A-401A-A93B-6CD50A3F4A55}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{E36E046C-D623-48EE-B549-FBDABAE24AA4}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
"{71616449-4EEB-427A-816C-A7E152DC9C71}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
"{B2EA5E31-EDAF-445E-BA53-63B2537B68E1}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
"{48EC1ECD-E2C2-46B7-A0D6-5D09370D3C9F}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
"TCP Query User{60C10E6B-3FD0-4A57-9608-2CE36E985B7D}C:\\program files\\1c company\\you are empty\\you_are_empty.exe"= UDP:C:\program files\1c company\you are empty\you_are_empty.exe:ds2main
"UDP Query User{C3C0C984-1597-42D4-9383-E377C9B5FF35}C:\\program files\\1c company\\you are empty\\you_are_empty.exe"= TCP:C:\program files\1c company\you are empty\you_are_empty.exe:ds2main

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 pe3akdnc;You Are Empty Environment Driver (pe3akdnc);C:\Windows\system32\drivers\pe3akdnc.sys [2007-04-19 10:50]
R0 ps6akdnc;You Are Empty Synchronization Driver (ps6akdnc);C:\Windows\system32\drivers\ps6akdnc.sys [2007-04-19 10:50]
R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 01:34]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 15:49]
R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 09:19]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:53]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-07-23 11:48]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-07-23 12:01]
R3 SPC500NC;SPC 500NC Laptop Camera;C:\Windows\system32\DRIVERS\SPC610NC.SYS [2007-01-19 17:14]
R3 VUALFDrv;SONIX Audio Filter Driver;C:\Windows\System32\Drivers\VUALFDrv.sys [2007-02-01 16:51]
S2 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-07-23 11:48]
S2 pr2akdnc;You Are Empty Drivers Auto Removal (pr2akdnc);C:\Windows\system32\pr2akdnc.exe svc []
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys [2006-12-28 00:02]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;C:\Windows\system32\Drivers\dsltestSp5.sys [2007-09-12 17:24]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-12-28 00:02]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
S3 TDslMgrService;DSL-Manager;"C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe" [2007-11-26 14:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\Windows\System32\TuneUpDefragService.exe [2007-12-16 13:08]
S4 SessionLauncher;SessionLauncher;C:\Users\HOMEOF~1\AppData\Local\Temp\DX9\SessionLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
\shell\AutoRun\command - Q:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41895dc1-c9cb-11dc-b31e-001a4f4b46b0}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f82d8d0-b707-11dc-8410-001a4f4b46b0}]
\shell\AutoRun\command - L:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727b6e7f-ccf0-11dc-8c2b-001a4f4b46b0}]
\shell\AutoRun\command - N:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60f2784-a356-11dc-9fd7-001d60343c28}]
\shell\AutoRun\command - Q:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f701c8dd-ccbf-11dc-b506-001a4f4b46b0}]
\shell\AutoRun\command - O:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fca5e627-b30f-11dc-9309-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-03-07 16:22:37 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-21 16:29:06 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 12:04:19
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-24 12:04:42
ComboFix-quarantined-files.txt 2008-03-24 11:04:40
.
2008-03-21 11:35:21 --- E O F ---
Seitenanfang Seitenende
24.03.2008, 12:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 Trojan1984

mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\HOMEOF~1\AppData\Local\Temp\yayww.dll,#1

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
««
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

»»
poste ein neues LOG vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.03.2008, 12:24
...neu hier

Themenstarter

Beiträge: 7
#9 also ich weiss ja nciht aber bei mir fehlen im hijackthis einige einträge die du mir aufgeführt hast



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:44, on 24.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Users\Home Of Freedom\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EBB8B61-AC07-423C-AAAD-0C43ADD5D6C4}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\Windows\system32\pr2akdnc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 11321 bytes
Seitenanfang Seitenende
24.03.2008, 12:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Hallo,

fixe mit HijackThis + PC neustarten

Zitat

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
scanne mit Bitdefender + poste den Report
http://board.protecus.de/t8642.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.03.2008, 12:45
...neu hier

Themenstarter

Beiträge: 7
#11 bitdefender online scan funktioniert bei mir nicht

das schreibt mir die site

Could not load the Online Scanner! Service Pack 2 was detected on this computer.Click on the information bar and select "Install ActiveX Control...".Click here for other possible fixes.

machs jetzt mit kaspersky online scanner
--------------------------------------------------------------------------------
Seitenanfang Seitenende
24.03.2008, 12:48
Moderator

Beiträge: 5694
#12 Dann nimm Ewido
http://board.protecus.de/t8642.htm

und dann noch Malwarebyt - poste den report hier
http://www.virus-protect.org/artikel/tools/malwarebytes.html
Seitenanfang Seitenende
24.03.2008, 13:11
...neu hier

Themenstarter

Beiträge: 7
#13 das kann aber einiges an zeit in anspruch nehmen,also meld ich mich später wieder mit der log von kaspersky online scanner


also kaspersky hat ncihts gefunden weder infiziert noch sonst was ich versuchs nochmal mit nem anderen scanner


so jetzt geht auch der bitdefender aber dauert halt seine zeit.liegt noch bei 8 std.
Dieser Beitrag wurde am 24.03.2008 um 14:04 Uhr von Trojan1984 editiert.
Seitenanfang Seitenende
24.03.2008, 15:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 na dann...bis später ;) ...........
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: