Google verlinkt falsch...

#1 Hy,
ich habe bereits mehrere virenscanner etc. durchlaufen lassen! es blieb jedoch alles ohne erfolg

ich habe auch die suchfunktion genutzt und verschiedene threads gelesen die alle dieses thema hatten ! jedoch habe ich dennoch einen neuen eröffnet da mir die vorgehensweise in den anderen nicht zu 100% klar war...
...ich hoffe ihr versteht das

das eigentlich problem lässt der titel ja bereits durchschimmern. google verlinkt seit 3-4 wochen nicht auf die suchergebnisse sondern auf verschiedene ebay-seiten oder sonstigen müll

ich hofe auf baldige antwort

MFG

S1u'

#2 Hallo,

erstelle ein Log vom HijackThis + poste es hier
http://www.virus-protect.org/hjtkurz.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:55, on 28.03.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Allvulture\Desktop\QIP\qip_INF\infium.exe
C:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOKUME~1\ALLVUL~1\LOKALE~1\Temp\Rar$EX01.828\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20CE6D2A-08F2-4178-8D6D-5B8E70577A0C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6ACAA78-1D5E-4037-A737-B11E5989B4DE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D913001E-4DEE-4443-A613-086C741AA404}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD8155A-58F4-45DB-939F-2C7299019260}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{20CE6D2A-08F2-4178-8D6D-5B8E70577A0C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{20CE6D2A-08F2-4178-8D6D-5B8E70577A0C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8032 bytes

#4 wird umgeleitet auf:

Zitat

OpenDNS
OpenDNS Hostmaster
199 Fremont St.
12th Floor
San Francisco

1.
deaktiviere
Spybot - Search & Destroy\TeaTimer.ex

2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked

Zitat

O17 - HKLM\System\CCS\Services\Tcpip\..\{20CE6D2A-08F2-4178-8D6D-5B8E70577A0C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6ACAA78-1D5E-4037-A737-B11E5989B4DE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D913001E-4DEE-4443-A613-086C741AA404}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD8155A-58F4-45DB-939F-2C7299019260}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{20CE6D2A-08F2-4178-8D6D-5B8E70577A0C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{20CE6D2A-08F2-4178-8D6D-5B8E70577A0C}: NameServer = 208.67.220.220,208.67.222.222

3.
scanne mit Fixwareout, nach neustart poste hier den report
http://virus-protect.org/artikel/tools/fixwareout.html

4.
wende Combofix an + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Username "Allvulture" - 28.03.2008 20:20:04 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdeyj.exe"

Der DNS-Auflösungscache wurde geleert.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdeyj.ren 83456 02.04.2003

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"CTSysVol"="C:\\Programme\\Creative\\SB Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Zone Labs Client"="C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~




ComboFix 08-03-27.1 - Allvulture 2008-03-28 20:27:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1031.18.505 [GMT 1:00]
ausgeführt von:: D:\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\svchost.exe

.
((((((((((((((((((((((( Dateien erstellt von 2008-02-28 bis 2008-03-28 ))))))))))))))))))))))))))))))
.

2008-03-28 20:19 . 2008-03-28 20:24 <DIR> d-------- C:\fixwareout
2008-03-26 22:50 . 2008-03-26 22:50 31,744 --a------ C:\WINDOWS\system32\drivers\SSHDRV56.sys
2008-03-26 19:26 . 2008-03-26 19:26 32,304 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-15 21:14 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2008-03-15 21:14 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-03-15 00:38 . 2008-03-28 19:41 <DIR> d-------- C:\Dokumente und Einstellungen\Allvulture\Anwendungsdaten\HLSW
2008-03-14 15:07 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-14 15:05 . 2008-03-14 15:05 22,328 --a------ C:\Dokumente und Einstellungen\Allvulture\Anwendungsdaten\PnkBstrK.sys
2008-03-14 00:06 . 2008-03-14 00:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 18:23 . 2008-03-13 18:23 23,040 --a------ C:\SHwD.exe
2008-03-02 13:43 . 2008-03-02 13:43 <DIR> d-------- C:\Dokumente und Einstellungen\Allvulture\Anwendungsdaten\InstallShield

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 18:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-28 18:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-28 16:58 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-28 15:56 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-03-28 13:56 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-03-26 20:04 --------- d-s---w C:\Programme\Xfire
2008-03-24 02:31 --------- d-----w C:\Dokumente und Einstellungen\Allvulture\Anwendungsdaten\Xfire
2008-03-21 00:47 --------- d-----w C:\Programme\Gamers.IRC
2008-03-18 23:47 --------- d-----w C:\Programme\ICQToolbar
2008-03-15 11:16 4,341,248 ----a-w C:\WINDOWS\Internet Logs\xDBE1.tmp
2008-03-15 11:16 2,977,280 ----a-w C:\WINDOWS\Internet Logs\xDBE2.tmp
2008-03-14 23:39 --------- d-s---w C:\Programme\HLSW
2008-03-14 14:09 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-02 12:40 --------- d-----w C:\Programme\ICQ6
2008-03-01 15:00 4,275,200 ----a-w C:\WINDOWS\Internet Logs\xDBDF.tmp
2008-03-01 15:00 2,922,496 ----a-w C:\WINDOWS\Internet Logs\xDBE0.tmp
2008-02-17 20:02 --------- d-----w C:\Programme\Risk
2008-02-16 13:13 --------- d-----w C:\Programme\ElsterFormular
2008-02-10 16:49 3,735,351 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-05 11:44 --------- d-----w C:\Dokumente und Einstellungen\Allvulture\Anwendungsdaten\teamspeak2
2008-01-27 23:17 4,168,192 ----a-w C:\WINDOWS\Internet Logs\xDBDD.tmp
2008-01-27 23:17 2,907,136 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
2008-01-20 19:24 98,304 ----a-w C:\WINDOWS\System32CmdLineExt.dll
2008-01-19 19:34 4,169,216 ----a-w C:\WINDOWS\Internet Logs\xDBDB.tmp
2008-01-19 19:34 3,097,088 ----a-w C:\WINDOWS\Internet Logs\xDBDC.tmp
2008-01-05 00:05 4,116,480 ----a-w C:\WINDOWS\Internet Logs\xDBD9.tmp
2008-01-05 00:05 1,246,208 ----a-w C:\WINDOWS\Internet Logs\xDBDA.tmp
2008-01-03 13:24 4,116,480 ----a-w C:\WINDOWS\Internet Logs\xDBD7.tmp
2008-01-03 13:24 14,336 ----a-w C:\WINDOWS\Internet Logs\xDBD8.tmp
2008-01-03 13:23 4,116,480 ----a-w C:\WINDOWS\Internet Logs\xDBD5.tmp
2008-01-03 13:23 3,011,072 ----a-w C:\WINDOWS\Internet Logs\xDBD6.tmp
2007-12-07 12:52 3,900,416 ----a-w C:\WINDOWS\Internet Logs\xDBD3.tmp
2007-12-07 12:52 3,169,792 ----a-w C:\WINDOWS\Internet Logs\xDBD4.tmp
2007-11-25 12:11 3,883,008 ----a-w C:\WINDOWS\Internet Logs\xDBD1.tmp
2007-11-25 12:11 2,871,808 ----a-w C:\WINDOWS\Internet Logs\xDBD2.tmp
2007-11-20 12:52 3,867,136 ----a-w C:\WINDOWS\Internet Logs\xDBCF.tmp
2007-11-20 12:52 3,059,200 ----a-w C:\WINDOWS\Internet Logs\xDBD0.tmp
2007-11-14 13:40 3,860,992 ----a-w C:\WINDOWS\Internet Logs\xDBCD.tmp
2007-11-14 13:40 1,912,320 ----a-w C:\WINDOWS\Internet Logs\xDBCE.tmp
2007-11-12 18:57 3,858,944 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp
2007-11-12 18:57 2,927,616 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp
2007-11-01 11:38 3,817,984 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp
2007-11-01 11:38 2,773,504 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2007-10-28 22:02 3,743,232 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp
2007-10-28 22:02 1,263,616 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp
2007-10-28 12:05 3,713,536 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp
2007-10-28 12:05 2,891,264 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp
2007-10-15 14:07 3,510,784 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp
2007-10-15 14:06 2,828,800 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp
2007-10-14 14:17 42,368 ----a-w C:\Dokumente und Einstellungen\Allvulture\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2007-10-12 13:08 3,490,304 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp
2007-10-12 13:08 3,065,856 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp
2007-10-01 13:07 3,460,096 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp
2007-10-01 13:07 2,975,232 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2007-09-27 15:47 3,428,864 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp
2007-09-27 15:47 1,877,504 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2007-09-25 11:49 3,428,864 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2007-09-25 11:49 2,967,552 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2007-09-14 11:29 3,394,560 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2007-09-14 11:29 2,677,248 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2007-09-11 14:27 970,240 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp
2007-09-11 14:27 3,391,488 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
2007-09-09 19:49 3,391,488 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2007-09-09 19:49 2,699,776 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2007-09-05 14:56 3,184,128 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp
2007-09-05 14:55 3,363,328 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp
2007-08-18 17:16 3,320,320 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp
2007-08-18 17:16 3,017,216 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp
2007-07-25 12:06 2,933,248 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2007-07-25 12:06 2,792,960 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp
2007-07-19 11:22 3,085,312 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2007-07-19 11:22 2,873,344 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2007-07-11 18:48 3,492,864 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2007-07-11 18:48 2,834,432 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2007-05-29 23:08 2,904,576 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2007-05-29 23:08 2,735,616 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2007-05-14 19:37 2,677,248 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2007-05-14 19:36 2,572,288 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2007-05-12 16:03 2,925,568 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2007-05-12 16:03 2,668,544 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2007-04-27 14:36 580,608 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2007-04-27 14:36 2,588,160 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2007-04-27 12:36 2,588,160 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2007-04-27 12:36 1,034,240 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2007-04-26 17:34 2,789,888 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2007-04-26 17:34 2,586,624 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2007-04-23 14:57 2,567,680 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2007-04-23 14:57 2,226,688 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2007-04-21 23:00 3,014,656 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2007-04-21 23:00 2,553,856 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2007-04-14 20:27 2,445,312 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2007-04-14 20:27 134,656 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2007-04-14 19:55 2,443,264 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2007-04-14 19:55 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2007-04-14 19:53 237,056 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2007-04-14 19:53 2,443,264 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2007-04-14 18:55 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2007-04-14 18:55 2,399,232 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2007-04-14 18:52 2,817,536 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2007-04-14 18:52 2,404,864 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"CTSysVol"="C:\Programme\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Zone Labs Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2005-06-03 05:43 935688]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-03-04 11:28 262184]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-07-20 21:07 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-02 13:00 13312]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-12 20:24:47 113664]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WlanUtility.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WlanUtility.lnk
backup=C:\WINDOWS\pss\WlanUtility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Allvulture^Startmenü^Programme^Autostart^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Dokumente und Einstellungen\Allvulture\Startmenü\Programme\Autostart\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Allvulture^Startmenü^Programme^Autostart^Xfire.lnk]
path=C:\Dokumente und Einstellungen\Allvulture\Startmenü\Programme\Autostart\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
--------- 2003-12-19 17:37 163840 C:\Programme\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Programme\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 19:33 5354792 C:\Programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 15:46 1460560 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\programme\valve\steam\steam.exe

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\drivers\avgntmgr.sys [2006-12-17 16:35]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2006-12-17 16:35]
R1 SSHDRV56;SSHDRV56;C:\WINDOWS\System32\drivers\SSHDRV56.sys [2008-03-26 22:50]
S3 Cdacgenyadata;Cdacgenyadata;C:\WINDOWS\System32\drivers\swmidi.sys [2001-08-17 14:00]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Dokumente und Einstellungen\Allvulture\Desktop\hack\MoonLight Engine_1059.22\IlvMoney1059a.sys []
S3 ldiskl;ldiskl;C:\DOKUME~1\ALLVUL~1\LOKALE~1\Temp\ldiskl.sys [2003-08-21 11:46]
S3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\System32\DRIVERS\M2500.sys []

.
Inhalt des "geplante Tasks" Ordners
"2008-03-14 20:02:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 20:30:20
Windows 5.1.2600 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-03-28 20:31:01
ComboFix-quarantined-files.txt 2008-03-28 19:30:45
13 Verzeichnis(se), 1,581,101,056 Bytes frei
16 Verzeichnis(se), 1,570,902,016 Bytes frei

#6 wie so hast du IlvMoney auf dem Rechner....wozu ?
poste das neue log vom HjackThis
+
berichte, ob noch umgeleitet wird
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Es wird anscheinend nicht mehr umgeleitet vielen dank ....
...falls doch mnoch was sein sollte melde ich mich bald !

was is IlvMoney?? <----wäre nett wenn du es erklären könntest

#8 Um etwas raum auf dein HD zu schaffen mache folgendes:
cfscript
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

File::
C:\WINDOWS\Internet Logs\xDBE1.tmp
C:\WINDOWS\Internet Logs\xDBE2.tmp
C:\WINDOWS\Internet Logs\xDBDF.tmp
C:\WINDOWS\Internet Logs\xDBE0.tmp
C:\WINDOWS\Internet Logs\xDBDD.tmp
C:\WINDOWS\Internet Logs\xDBDE.tmp
C:\WINDOWS\Internet Logs\xDBDB.tmp
C:\WINDOWS\Internet Logs\xDBDC.tmp
C:\WINDOWS\Internet Logs\xDBD9.tmp
C:\WINDOWS\Internet Logs\xDBDA.tmp
C:\WINDOWS\Internet Logs\xDBD7.tmp
C:\WINDOWS\Internet Logs\xDBD8.tmp
C:\WINDOWS\Internet Logs\xDBD5.tmp
C:\WINDOWS\Internet Logs\xDBD6.tmp
C:\WINDOWS\Internet Logs\xDBD3.tmp
C:\WINDOWS\Internet Logs\xDBD4.tmp
C:\WINDOWS\Internet Logs\xDBD1.tmp
C:\WINDOWS\Internet Logs\xDBD2.tmp
C:\WINDOWS\Internet Logs\xDBCF.tmp
C:\WINDOWS\Internet Logs\xDBD0.tmp
C:\WINDOWS\Internet Logs\xDBCD.tmp
C:\WINDOWS\Internet Logs\xDBCE.tmp
C:\WINDOWS\Internet Logs\xDBCB.tmp
C:\WINDOWS\Internet Logs\xDBCC.tmp
C:\WINDOWS\Internet Logs\xDBC9.tmp
C:\WINDOWS\Internet Logs\xDBCA.tmp
C:\WINDOWS\Internet Logs\xDBC7.tmp
C:\WINDOWS\Internet Logs\xDBC8.tmp
C:\WINDOWS\Internet Logs\xDBC5.tmp
C:\WINDOWS\Internet Logs\xDBC6.tmp
C:\WINDOWS\Internet Logs\xDBC3.tmp
C:\WINDOWS\Internet Logs\xDBC4.tmp
C:\WINDOWS\Internet Logs\xDBC1.tmp
C:\WINDOWS\Internet Logs\xDBC2.tmp
C:\WINDOWS\Internet Logs\xDBBF.tmp
C:\WINDOWS\Internet Logs\xDBC0.tmp
C:\WINDOWS\Internet Logs\xDBBD.tmp
C:\WINDOWS\Internet Logs\xDBBE.tmp
C:\WINDOWS\Internet Logs\xDBBB.tmp
C:\WINDOWS\Internet Logs\xDBBC.tmp
C:\WINDOWS\Internet Logs\xDBB9.tmp
C:\WINDOWS\Internet Logs\xDBBA.tmp
C:\WINDOWS\Internet Logs\xDBB8.tmp
C:\WINDOWS\Internet Logs\xDBB7.tmp
C:\WINDOWS\Internet Logs\xDBB5.tmp
C:\WINDOWS\Internet Logs\xDBB6.tmp
C:\WINDOWS\Internet Logs\xDBB4.tmp
C:\WINDOWS\Internet Logs\xDBB3.tmp
C:\WINDOWS\Internet Logs\xDBB1.tmp
C:\WINDOWS\Internet Logs\xDBB2.tmp
C:\WINDOWS\Internet Logs\xDBAF.tmp
C:\WINDOWS\Internet Logs\xDBB0.tmp
C:\WINDOWS\Internet Logs\xDBAE.tmp
C:\WINDOWS\Internet Logs\xDBAD.tmp
C:\WINDOWS\Internet Logs\xDBAC.tmp
C:\WINDOWS\Internet Logs\xDBAB.tmp
C:\WINDOWS\Internet Logs\xDBAA.tmp
C:\WINDOWS\Internet Logs\xDBA9.tmp
C:\WINDOWS\Internet Logs\xDBA7.tmp
C:\WINDOWS\Internet Logs\xDBA8.tmp
C:\WINDOWS\Internet Logs\xDBA6.tmp
C:\WINDOWS\Internet Logs\xDBA4.tmp
C:\WINDOWS\Internet Logs\xDBA3.tmp
C:\WINDOWS\Internet Logs\xDBA1.tmp
C:\WINDOWS\Internet Logs\xDBA2.tmp
C:\WINDOWS\Internet Logs\xDBA0.tmp
C:\WINDOWS\Internet Logs\xDB9F.tmp
C:\WINDOWS\Internet Logs\xDB9D.tmp
C:\WINDOWS\Internet Logs\xDB9E.tmp
C:\WINDOWS\Internet Logs\xDB9C.tmp
C:\WINDOWS\Internet Logs\xDB9B.tmp
C:\WINDOWS\Internet Logs\xDB99.tmp
C:\WINDOWS\Internet Logs\xDB9A.tmp
C:\WINDOWS\Internet Logs\xDB97.tmp
C:\WINDOWS\Internet Logs\xDB98.tmp
C:\WINDOWS\Internet Logs\xDB96.tmp
C:\WINDOWS\Internet Logs\xDB95.tmp
C:\WINDOWS\Internet Logs\xDB94.tmp
C:\WINDOWS\Internet Logs\xDB93.tmp
C:\WINDOWS\Internet Logs\xDB92.tmp
C:\WINDOWS\Internet Logs\xDB91.tmp

CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen


Combofix noch mal anwenden
poste dann nach neustart das neue Log

Note:Es muss in ZoneAlarm ein funktion geben um diese "logging"auszuschalten aber wo....
__________
MfG Argus

#9 Hallo baord.protectus user.
Ich bin ganz neu in diesem Forum und habe von Trojaner, Viren etc. nicht viel Ahnung, aber vielleicht könnt ihr mir helfen.

Ich habe das gleiche Problem wie s1u. Ich benutze Firefox und als Suchmaschine Google. Jedes mal wenn ich etwas Suche, und das Suchergebniss anklicke, bring mich das auf ne ganz falsche Seite.

Ein Scan mir dem Programm HijackThis wäre sinnvol hier reinzustellen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 20.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Programme\Avast4\aswUpdSv.exe
G:\Programme\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Programme\Bonjour\mDNSResponder.exe
G:\WINDOWS\system32\drivers\CDAC11BA.EXE
G:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
G:\WINDOWS\system32\lkcitdl.exe
G:\WINDOWS\system32\lkads.exe
G:\WINDOWS\system32\lktsrv.exe
G:\Programme\National Instruments\MAX\nimxs.exe
G:\WINDOWS\system32\nipalsm.exe
G:\Programme\National Instruments\Shared\Security\nidmsrv.exe
G:\WINDOWS\system32\nisvcloc.exe
G:\Programme\National Instruments\Shared\Tagger\tagsrv.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\nipalsm.exe
G:\Programme\Avast4\ashMaiSv.exe
G:\Programme\Avast4\ashWebSv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\Avast4\ashDisp.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Programme\iTunes\iTunesHelper.exe
G:\Programme\Veoh Player\Veoh\VeohClient.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
G:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
G:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
G:\Programme\iPod\bin\iPodService.exe
G:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\Programme\ATI Technologies\ATI.ACE\cli.exe
G:\PROGRA~1\MOZILL~1\FIREFOX.EXE
G:\Programme\Mozilla Thunderbird\thunderbird.exe
G:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - G:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: VirtualNetwork module - {6C517674-DE1C-4493-977C-34A1BFAB35BA} - G:\Programme\VirtualNetwork\VirtualNetwork.dll
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Programme\Veoh Player\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "G:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "G:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Veoh] "G:\Programme\Veoh Player\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = G:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - G:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - G:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Programme\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Programme\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - G:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - G:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - G:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - G:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - G:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - G:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - G:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - G:\Programme\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - G:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - G:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - G:\Programme\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - G:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - G:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - G:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - G:\Programme\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - G:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - G:\Programme\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - G:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8642 bytes

Ich hoffe ihr könnt mir helfen.

#10 Hallo, Petey Pablo

««
lade avz , anhaken, wie erklärt auf der Seite + poste hier den report
http://virus-protect.org/artikel/tools/avz.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Hallo Sabine !!!
Jetzt habe ich den report gemacht.

Attention !!! Database was last updated 06.04.2008 it is necessary to update the bases using automatic updates (File/Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 23.06.2008 08:53:54
Database loaded: signatures - 157571, NN profile(s) - 2, microprograms of healing - 55, signature database released 06.04.2008 17:09
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 70476
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=0846E0)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 8055B6E0
KiST = 80503940 (284)
Function NtClose (19) intercepted (805BAF64->9B84E588), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtCreateKey (29) intercepted (80622104->9B84E444), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtDeleteValueKey (41) intercepted (80622764->9B84E922), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtDuplicateObject (44) intercepted (805BC940->9B84E01C), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtOpenKey (77) intercepted (8062349A->9B84E51E), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtOpenProcess (7A) intercepted (805C9CFE->9B84DF5C), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtOpenThread (80) intercepted (805C9F8A->9B84DFC0), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtQueryValueKey (B1) intercepted (806201BE->9B84E63E), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtRestoreKey (CC) intercepted (8062050C->9B84E5FE), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Function NtSetValueKey (F7) intercepted (806207C4->9B84E77E), hook G:\WINDOWS\System32\Drivers\aswSP.SYS
Functions checked: 284, intercepted: 10, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
2. Scanning memory
Number of processes found: 51
Number of modules loaded: 585
Scanning memory - complete
3. Scanning disks
Direct reading G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments\Shared Memory\MXSEventSharedMemory.tmp
Direct reading G:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments\Shared Memory\NI-SMSL LPCSockets Shared Memory.tmp
Direct reading G:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\fla1F.tmp
Direct reading G:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\nix13.tmp
Direct reading G:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp\~DFA926.tmp
G:\Programme\Solid Edge V17\Custom\DynAttrib\DynAtrrib.exe >>> suspicion for Worm.Win32.Collo.b ( 0044FB75 003996F1 00117095 00227362 24576)
File quarantined succesfully (G:\Programme\Solid Edge V17\Custom\DynAttrib\DynAtrrib.exe)
G:\Programme\Solid Edge V17\Program\checkwebsite.exe >>> suspicion for Trojan.Win32.ShareAll.c ( 003D519D 001B74A5 00191CB0 00231194 24576)
File quarantined succesfully (G:\Programme\Solid Edge V17\Program\checkwebsite.exe)
G:\Programme\Solid Edge V17\Program\UpdateOneT.exe >>> suspicion for Trojan.Win32.StartPage.aib ( 00465307 0027FAA8 0018335E 000C4EC8 40960)
File quarantined succesfully (G:\Programme\Solid Edge V17\Program\UpdateOneT.exe)
G:\Programme\Solid Edge V17\SDK\Samples\Viewing\PrintDFT\PrintDft.exe >>> suspicion for Trojan-Downloader.Win32.Adload.l ( 004376B6 0034D2D5 0013DD44 00231064 24576)
File quarantined succesfully (G:\Programme\Solid Edge V17\SDK\Samples\Viewing\PrintDFT\PrintDft.exe)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
G:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL --> Suspicion for Keylogger or Trojan DLL
G:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL>>> Behavioural analysis
Behaviour typical for keyloggers not detected
File quarantined succesfully (G:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL)
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> Abnormal SCR files association
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 324635, extracted from archives: 282348, malicious software found 0, suspicions - 4
Scanning finished at 23.06.2008 09:21:29
Time of scanning: 00:26:32
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

MfG

Petey Pablo

#12 Hallo, Petey Pablo

berichte, ob nach Anwendung von avz noch umgeleitet wird...

1.
wende cleaner an und lösche alle temporären Dateien (die cookies nicht mit anhaken)
http://www.ccleaner.de/?protecus.de

2.
wende fixwareout an + poste nach Neustart hier den report
http://virus-protect.org/artikel/tools/fixwareout.html

3.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit "Speichern unter" auf dem Desktop. Gebe bei Dateityp "Alle Dateien" an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "G:\WINDOWS\Downloaded Program Files" >>files.txt
dir "G:\Programme\Common Files" >>files.txt
dir "G:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "G:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temp" >>files.txt
dir "G:\WINDOWS\Temp" >>files.txt
dir "G:\Temp" >>files.txt
dir "G:\Programme" >>files.txt
dir "G:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#13 Hallo Sabine !!!
Ich habe alle drei Schritte durchgeführt.

Jedoch ist das Problem mit Google nicht behoben.

Hier der Report mit fixwareout :

Username "Peter" - 24.06.2008 16:48:38 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Der DNS-Auflösungscache wurde geleert.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"G:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"avast!"="G:\\PROGRA~1\\Avast4\\ashDisp.exe"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"G:\\Programme\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"G:\\Programme\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"G:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="\"G:\\Programme\\Veoh Player\\Veoh\\VeohClient.exe\" /VeohHide"
"ctfmon.exe"="G:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~



Bei dem 3. Schritt zeigt mir die Datei Listen das gleiche an was du angehängt hast.

Danke

#14 du musst die listen.bat unter Dateityp alle Dateien abspeichern, nicht als txt-Datei, dann klappt ws auch
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Hallo bitte helfen habe das gleich problem:

Was kann ich tun ?

Hier meine Log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:10:33, on 26.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\ArcorOnline\AOButler.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O3 - Toolbar: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Programme\TRELLIAN\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [soundmanager] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVWINNT] C:\WINDOWS\xZ0HZ1rv.exe
O4 - HKLM\..\Run: [MSN Messenger] msn32.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Winsock2 driver] MMTASK9.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunServices: [MSN Messenger] msn32.exe
O4 - HKCU\..\Run: [MSN Messenger] msn32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\RunServices: [MSN Messenger] msn32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU)
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for ¸æÆ: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/7cf573c7/enter.cab
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://212.175.206.228/xplug.ocx
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/138f6ef34c72cf273b20/netzip/RdxIE601_de.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129891428593
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} - http://secure.aconti.net/acontix/acontix.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1342.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.bosporus-istanbul.de/e107_plugins/coppermine_menu/albums/userpics/normal_%A9hagia-sophia2006b.jpg

--
End of file - 9563 bytes