CiD fenster das nervt |
||
---|---|---|
#0
| ||
07.04.2008, 09:25
...neu hier
Beiträge: 7 |
||
|
||
07.04.2008, 09:54
Ehrenmitglied
Beiträge: 6028 |
#2
Hallo,
«« LOP-uninstall Download LOP-uninstall zum Desktop Fuehre bei “Uninstall verification“ die siebenstellige Zahl ein und klicke “Uninstall“ Klicke bei “Legal notice” ok Schliesse alle Fenster und klicke ok Warte…..und klicke bei “Uninstall complete for all users “ok «« ComboFix http://virus-protect.org/artikel/tools/combofix.html ComboFix und speichert es auf den Desktop! Alle Fenster schliessen und combofix.exe starten Folge den Instruktionen in das Fenster Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Hintergrundwächtern inklusive der Firewall + Antivirusprogramme müssen deaktiviert sein zusammen mit ein neuen log von HijackThis __________ MfG Argus |
|
|
||
07.04.2008, 10:18
...neu hier
Themenstarter Beiträge: 7 |
#3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:42, on 07.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Napster\napster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\explorer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\CF1221.exe C:\Windows\system32\chcp.com C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Blubster] C:\PROGRA~1\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB41D33-B7E9-445C-B98E-CFFEA578C4C6}: NameServer = 192.168.2.1,194.25.2.129 O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13470 bytes was er dann auch noch sagt ist....das system hat keinen meldungstext für die meldungsnummer 0x8 in der meldungsdatei system gefunden.....hmmm |
|
|
||
07.04.2008, 10:25
Ehrenmitglied
Beiträge: 6028 |
#4
Von Vista weiss ich wenig,aber ich hatte eigentlich zuerst ein log von ComboFix erwartet
__________ MfG Argus |
|
|
||
07.04.2008, 10:28
...neu hier
Themenstarter Beiträge: 7 |
#5
Hmmm das ist es ja, von ComboFix bekomme ich kein log...der schmeißt nix raus grübel :-(
gruß stefan |
|
|
||
07.04.2008, 10:36
Ehrenmitglied
Beiträge: 6028 |
#6
Was fuer ein Virenscanner wird eigentlich benutzt?
DSS http://virus-protect.org/artikel/tools/comboscan.html dss zum Desktop Doppelklick dss.exe Kopiere den Inhalt des Berichts C:/ main.txt und extra.txt in dein folgender Bericht Note: Es gibt Firewalls die warnen koennen das sigcheck.exe versucht das I-net zu erreichen,erlaube es Auch gibt es Virenscanner die versuchen DSS zu entfernen,schalte in diesen fall dein scanner mal eben aus __________ MfG Argus |
|
|
||
07.04.2008, 10:53
...neu hier
Themenstarter Beiträge: 7 |
#7
EXTRA.TXT
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: German CPU 0: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz Percentage of Memory in Use: 37% Physical Memory (total/avail): 2045.81 MiB / 1269.21 MiB Pagefile Memory (total/avail): 4309.68 MiB / 3349.31 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.39 MiB C: is Fixed (NTFS) - 104.33 GiB total, 61.45 GiB free. D: is Fixed (NTFS) - 111.79 GiB total, 111.7 GiB free. E: is Fixed (NTFS) - 7.46 GiB total, 2.28 GiB free. F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST9120822AS - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 104.33 GiB - C: \PARTITION1 - Installierbares Dateisystem - 7.46 GiB - E: \\.\PHYSICALDRIVE1 - ST9120822AS - 111.79 GiB - 1 partition \PARTITION0 - Installierbares Dateisystem - 111.79 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AS: Avira AntiVir PersonalEdition v 7.0.0.2 (Avira GmbH) [COLOR=RED]Outdated[/COLOR] AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD} Budenberg Software Einzelplatz 10/06 --> "c:\bbeinzel\unins000.exe" DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} ESU for Microsoft Vista --> MsiExec.exe /X{7968EB30-5580-4955-8925-4A17CD625118} FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409 HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68} HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A} HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A} HP User Guides 0056 --> MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B} HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8} ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll" Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 German Language Pack --> MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller MSCU for Microsoft Vista --> MsiExec.exe /X{194C14D5-3CB0-4977-8886-A79DFC00E820} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MySQL Servers and Clients 4.0.26 --> C:\Windows\IsUninst.exe -fC:\mysql\Uninst.isu Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x7 -removeonly Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} Nero 8 Trial --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1031} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI O&O SafeErase --> MsiExec.exe /X{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2} Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG PartyPoker --> "C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log" PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /uokerStars PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /uokerStars.net QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72} RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} SoulSeek Client 157 test 12 --> "C:\Program Files\Soulseek-Test\uninstall.exe" Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall UltraVnc v1.0.4 --> "C:\Program Files\UltraVnc\unins000.exe" VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409 VeriSoft Access Manager --> rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {0ABA40AF-288D-41F1-B735-C5155692CD7D} VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe" Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6} Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} WinRAR Archivierer --> C:\Program Files\WinRAR\uninstall.exe Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type21111 / Success Event Submitted/Written: 04/07/2008 10:32:17 AM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type21110 / Success Event Submitted/Written: 04/07/2008 10:32:16 AM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type21106 / Success Event Submitted/Written: 04/07/2008 10:31:25 AM Event ID/Source: 902 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde gestartet. Event Record #/Type21097 / Success Event Submitted/Written: 04/07/2008 10:30:08 AM Event ID/Source: 903 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde angehalten. Event Record #/Type21095 / Warning Event Submitted/Written: 04/07/2008 10:30:05 AM Event ID/Source: 1530 / profsvc Event Description: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1268900365-2420190324-3237476099-1000_Classes: Process 944 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1268900365-2420190324-3237476099-1000_CLASSES -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type89712 / Warning Event Submitted/Written: 04/07/2008 10:49:10 AM Event ID/Source: 3004 / WinDefend Event Description: Vom %Wolfi27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Wolfi27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Wolfi275 Scan-ID: {ECBD1B28-BD76-407D-AC18-709038C936A1} Benutzer: Wolfi\Stefan und Steffi Name: %Wolfi271 ID: %Wolfi272 Schweregrad-ID: %Wolfi273 Kategorie-ID: %Wolfi274 Gefundener Pfad: %Wolfi276 Warnungsart: %Wolfi278 Feststellungstyp: 1.1.1505.02 Event Record #/Type89711 / Warning Event Submitted/Written: 04/07/2008 10:49:10 AM Event ID/Source: 3004 / WinDefend Event Description: Vom %Wolfi27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Wolfi27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Wolfi275 Scan-ID: {7981549A-3721-41E5-B89D-62A106B875BA} Benutzer: Wolfi\Stefan und Steffi Name: %Wolfi271 ID: %Wolfi272 Schweregrad-ID: %Wolfi273 Kategorie-ID: %Wolfi274 Gefundener Pfad: %Wolfi276 Warnungsart: %Wolfi278 Feststellungstyp: 1.1.1505.02 Event Record #/Type89710 / Warning Event Submitted/Written: 04/07/2008 10:49:10 AM Event ID/Source: 3004 / WinDefend Event Description: Vom %Wolfi27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Wolfi27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Wolfi275 Scan-ID: {CB3C68F9-143B-476B-B618-9BA3EEA75841} Benutzer: Wolfi\Stefan und Steffi Name: %Wolfi271 ID: %Wolfi272 Schweregrad-ID: %Wolfi273 Kategorie-ID: %Wolfi274 Gefundener Pfad: %Wolfi276 Warnungsart: %Wolfi278 Feststellungstyp: 1.1.1505.02 Event Record #/Type89709 / Warning Event Submitted/Written: 04/07/2008 10:49:08 AM Event ID/Source: 3004 / WinDefend Event Description: Vom %Wolfi27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Wolfi27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Wolfi275 Scan-ID: {BF4EAA8F-0759-4172-8D33-85EACB771720} Benutzer: Wolfi\Stefan und Steffi Name: %Wolfi271 ID: %Wolfi272 Schweregrad-ID: %Wolfi273 Kategorie-ID: %Wolfi274 Gefundener Pfad: %Wolfi276 Warnungsart: %Wolfi278 Feststellungstyp: 1.1.1505.02 Event Record #/Type89708 / Warning Event Submitted/Written: 04/07/2008 10:49:08 AM Event ID/Source: 3004 / WinDefend Event Description: Vom %Wolfi27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %Wolfi27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen. Weitere Informationen finden Sie im Folgenden: %Wolfi275 Scan-ID: {10E77ADD-B322-4BDB-BF36-CE21427C0A97} Benutzer: Wolfi\Stefan und Steffi Name: %Wolfi271 ID: %Wolfi272 Schweregrad-ID: %Wolfi273 Kategorie-ID: %Wolfi274 Gefundener Pfad: %Wolfi276 Warnungsart: %Wolfi278 Feststellungstyp: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-04-07 10:51:23 ------------ MAIN.TXTDeckard's System Scanner v20071014.68 Run by Stefan und Steffi on 2008-04-07 10:42:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 13: 2008-04-07 06:04:15 UTC - RP260 - AntiVir PersonalEdition Classic - 07.04.2008 08:04 12: 2008-04-06 11:55:41 UTC - RP258 - Windows Update 11: 2008-04-05 21:19:18 UTC - RP257 - AntiVir PersonalEdition Classic - 05.04.2008 23:19 10: 2008-04-04 13:53:30 UTC - RP255 - Windows Update 9: 2008-04-02 18:14:41 UTC - RP254 - Windows Update -- First Restore Point -- 1: 2008-03-27 13:59:47 UTC - RP244 - Windows Update Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Stefan und Steffi.exe) ----------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:48:54, on 07.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Napster\napster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\wuauclt.exe C:\Users\Stefan und Steffi\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Stefan und Steffi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Blubster] C:\PROGRA~1\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB41D33-B7E9-445C-B98E-CFFEA578C4C6}: NameServer = 192.168.2.1,194.25.2.129 O20 - AppInit_DLLs: APSHook.dll O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13286 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module> S2 Automatisches LiveUpdate - Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing) S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module> S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons> S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0000 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0000 Service: tunnel -- Scheduled Tasks ------------------------------------------------------------- 2008-04-06 15:28:13 442 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{30F850B8-0F9A-4C3E-9D27-75C6065FED25}.job -- Files created between 2008-03-07 and 2008-04-07 ----------------------------- 2008-04-07 10:16:33 0 d-------- C:\Program Files\Trend Micro 2008-04-07 08:02:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-31 13:55:16 0 d-------- C:\Program Files\Circle Developement 2008-03-25 22:43:17 0 d-------- C:\Windows\system32\ebay 2008-03-20 20:09:54 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-16 20:29:09 0 d-------- C:\Program Files\Nero 2008-03-16 20:29:09 0 d-------- C:\Program Files\Common Files\Nero 2008-03-16 20:23:17 0 d-------- C:\Program Files\AskTBar 2008-03-16 17:22:23 0 d-------- C:\Program Files\Veoh Networks -- Find3M Report --------------------------------------------------------------- 2008-04-07 10:33:50 28475 --a------ C:\Users\Stefan und Steffi\AppData\Roaming\nvModes.dat 2008-04-07 10:33:50 28475 --a------ C:\Users\Stefan und Steffi\AppData\Roaming\nvModes.001 2008-04-07 08:02:56 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\Malwarebytes 2008-04-06 17:43:42 0 d-------- C:\Program Files\Full Tilt Poker 2008-04-06 17:39:28 0 d-------- C:\Program Files\ICQToolbar 2008-04-06 01:24:05 0 d-------- C:\Program Files\PokerStars 2008-03-31 21:29:15 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-31 14:25:50 651350 --a------ C:\Windows\system32\perfh007.dat 2008-03-31 14:25:50 121114 --a------ C:\Windows\system32\perfc007.dat 2008-03-31 14:08:00 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-03-31 13:55:15 0 d-------- C:\Program Files\Messenger Plus! Live 2008-03-28 23:39:17 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\Orbit 2008-03-28 22:54:56 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\FrostWire 2008-03-28 22:01:05 88944 --a------ C:\Users\Stefan und Steffi\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-03-28 18:19:47 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-25 22:44:12 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\Ashampoo 2008-03-20 20:09:54 0 d-------- C:\Program Files\Common Files 2008-03-20 20:09:39 0 d-------- C:\Program Files\Windows Live 2008-03-16 22:12:31 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\Media Player Classic 2008-03-16 20:33:03 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\Nero 2008-03-16 19:34:31 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\DivX 2008-03-14 01:30:56 0 d-------- C:\Program Files\Windows Mail 2008-03-08 13:08:00 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\AVG7 2008-03-01 23:42:54 0 d-------- C:\Program Files\Soulseek-Test 2008-03-01 23:33:03 0 d-------- C:\Program Files\FrostWire 2008-03-01 23:10:56 0 d-------- C:\Users\Stefan und Steffi\AppData\Roaming\Shareaza 2008-03-01 22:55:39 0 d-------- C:\Program Files\DNA 2008-03-01 22:32:52 0 d-------- C:\Program Files\LimeWire 2008-03-01 19:37:10 0 d-------- C:\Program Files\Yahoo! 2008-01-25 23:52:42 12288 --a------ C:\Windows\impborl.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 13.12.2007 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [13.12.2007 18:49 1185120] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [17.10.2007 08:23] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [09.10.2006 22:43] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [13.01.2007 05:36] "RtHDVCpl"="RtHDVCpl.exe" [09.03.2007 19:50 C:\Windows\RtHDVCpl.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12.02.2007 16:37] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [24.04.2007 03:11] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13.02.2007 20:38] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12.03.2007 20:54] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01.03.2007 22:18] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [11.01.2007 01:12] "NvSvc"="C:\Windows\system32\nvsvc.dll" [01.05.2007 12:27] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01.05.2007 12:27] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01.05.2007 12:27] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 02:11] "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [22.12.2003 20:12] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [08.05.2007 16:24] "Blubster"="C:\PROGRA~1\Blubster\Blubster.exe" [13.04.2007 11:35] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01.09.2006 16:57] "NWEReboot"="" [] "ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [11.07.2006 12:15] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01.03.2007 15:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03.12.2007 15:21] "NapsterShell"="C:\Program Files\Napster\napster.exe" [13.01.2007 04:36] "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11.01.2008 20:29] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:35] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [22.02.2008 22:42] "@"="" [] "Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [02.11.2006 11:45] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 14:36] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13.12.2007 20:10] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 01:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableLockWorkstation"=0 (0x0) "DisableTaskMgr"=0 (0x0) "DisableChangePassword"=0 (0x0) "disableregistrytools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"=0 (0x0) "NoClose"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum Cognizance ASBroker ASChannel GPSvcGroup GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-07 10:51:23 ------------ extra.txt und main.txt!!! gruß stefan |
|
|
||
07.04.2008, 11:05
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo,
so ein schlecht gepflegter Rechner...vollgeknallt mit P2P-Proggies und dann obendrauf noch einen Messi laden, der nicht koscher ist, zusammen mit dem CID-Trojaner, welcher die Popups hervorruft Messenger Plus! Live & Sponsor (CiD) 1. wende CID-Uninstaller an http://virus-protect.org/artikel/tools/cid-uninstaller.html 2. http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe Kopiere rein: im linken Fenster ,wo steht: Paste Standard List of Files/Folders to be Move Zitat C:\Program Files\AskTBarKlicke auf den Roten MoveIt! ------------------ 3. scanne mit Counterspy, lasse rigeros alles entfernen, was angezeigt wird, ohne Rücksicht auf Verluste.... http://virus-protect.org/counterspy1.html 4. wende Vistascan an + poste den kompletten Report hier http://virus-protect.org/artikel/tools/windowsscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2008, 11:13
Ehrenmitglied
Beiträge: 6028 |
#9
@Sabina
Download LOP-uninstall zum Desktop und wende CID-Uninstaller an sind gleich __________ MfG Argus |
|
|
||
07.04.2008, 12:52
...neu hier
Themenstarter Beiträge: 7 |
#10
Die 30 neuesten Dateien im Ordner Windows:
***** ***** ***** ***** ***** ***** Scanning C:\Windows ***** ***** ***** ***** ***** ***** 07.04.2008 WindowsUpdate.log 11 27:1.347.789 07.04.2008 bootstat.dat 11 22:67.584 07.04.2008 PFRO.log 10 31:180.060 20.03.2008 DPINST.LOG 20 11:28.838 16.03.2008 Irremote.ini 21 45:0 16.03.2008 DirectX.log 20 27:26.915 05.03.2008 win.ini 13 57:314 14.02.2008 setupact.log 11 31:32.263 25.01.2008 impborl.dll 23 52:12.288 13.12.2007 wininit.ini 23 44:182 13.12.2007 mozver.dat 23 10:3.942 13.12.2007 UNNeroMediaHome.exe 20 09:972.072 11.12.2007 _MSRSTRT.EXE 23 00:2.560 07.12.2007 SwSys2.bmp 21 02:0 07.12.2007 SwSys1.bmp 21 02:0 04.12.2007 UNRecode.exe 10 59:972.072 04.12.2007 msoffice.ini 10 52:2 27.11.2007 MEMORY.DMP 13 18:299.247.741 15.11.2007 explorer.exe 08 48:2.923.520 30.10.2007 nsreg.dat 20 59:335 18.10.2007 msxml4-KB941833-enu.LOG 07 58:257.050 17.10.2007 WindowsShell.Manifest 10 26:749 17.10.2007 msxml4-KB936181-enu.LOG 08 12:259.688 16.10.2007 ODBC.INI 17 19:400 26.09.2007 DtcInstall.log 22 38:4.155 26.09.2007 TSSysprep.log 22 35:5.767 22.06.2007 SETUPAPI.LOG 13 54:574 Die 50 neuesten Dateien im Ordner Windows\system32: ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32 ***** ***** ***** ***** ***** ***** 07.04.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 12 22:3.072 07.04.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 12 22:3.072 07.04.2008 SBFC.dat 11 50:0 07.04.2008 SBRC.dat 11 50:0 31.03.2008 perfh009.dat 14 25:618.470 31.03.2008 perfc009.dat 14 25:107.614 31.03.2008 perfh007.dat 14 25:651.350 31.03.2008 perfc007.dat 14 25:121.114 31.03.2008 PerfStringBackup.INI 14 25:1.488.910 25.03.2008 MsiExec.exe.log 22 38:188 05.03.2008 mrt.exe 18 30:19.148.408 14.02.2008 WebClnt.dll 11 14:194.560 14.02.2008 wpd_ci.dll 11 14:613.888 14.02.2008 clfs.sys 11 14:224.824 14.02.2008 cfgmgr32.dll 11 14:19.456 14.02.2008 drvinst.exe 11 14:101.888 14.02.2008 umpnpmgr.dll 11 14:221.696 14.02.2008 dpx.dll 11 14:260.096 14.02.2008 kbd106n.dll 11 14:6.656 14.02.2008 oleaut32.dll 11 14:558.080 14.02.2008 setupapi.dll 11 14:1.585.664 14.02.2008 f3ahvoas.dll 11 14:7.168 14.02.2008 batt.dll 11 14:12.800 14.02.2008 dispci.dll 11 14:35.328 14.02.2008 winresume.exe 11 14:905.400 14.02.2008 winload.exe 11 14:943.800 14.02.2008 nshhttp.dll 11 14:23.552 14.02.2008 lodctr.exe 11 14:39.424 14.02.2008 unlodctr.exe 11 14:32.256 14.02.2008 loadperf.dll 11 14:115.200 14.02.2008 prflbmsg.dll 11 14:17.408 14.02.2008 schedsvc.dll 11 14:595.456 14.02.2008 ntkrnlpa.exe 11 12:3.504.696 14.02.2008 ntoskrnl.exe 11 12:3.470.392 14.02.2008 netcfg.exe 11 11:24.064 14.02.2008 tcpipcfg.dll 11 11:167.424 14.02.2008 netiougc.exe 11 11:22.016 14.02.2008 GameUXLegacyGDFs.dll 11 11:4.247.552 14.02.2008 gameux.dll 11 11:1.686.528 14.02.2008 ieui.dll 11 09:180.736 14.02.2008 ieframe.dll 11 09:6.066.176 14.02.2008 mshtmled.dll 11 09:478.208 14.02.2008 mshtml.dll 11 09:3.592.192 14.02.2008 mshtml.tlb 11 09:1.383.424 14.02.2008 pngfilt.dll 11 09:44.544 14.02.2008 advpack.dll 11 09:124.928 14.02.2008 wininet.dll 11 09:824.832 ***** ***** ***** ***** ***** ***** Scanning C:\Windows\system32\drivers\etc\hosts ***** ***** ***** ***** ***** ***** # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost ::1 localhost ***** ***** ***** ***** ***** ***** Scanning Processe ***** ***** ***** ***** ***** ***** Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 28 K System 4 Services 0 6.396 K smss.exe 460 Services 0 560 K csrss.exe 524 Services 0 4.432 K wininit.exe 572 Services 0 3.328 K csrss.exe 584 Console 1 8.932 K services.exe 616 Services 0 5.212 K lsass.exe 628 Services 0 2.212 K lsm.exe 636 Services 0 3.728 K svchost.exe 772 Services 0 5.648 K svchost.exe 812 Services 0 8.880 K svchost.exe 856 Services 0 6.516 K svchost.exe 888 Services 0 18.704 K svchost.exe 936 Services 0 10.140 K svchost.exe 960 Services 0 68.832 K svchost.exe 976 Services 0 20.748 K audiodg.exe 1056 Services 0 14.312 K winlogon.exe 1088 Console 1 4.624 K svchost.exe 1128 Services 0 4.020 K SLsvc.exe 1144 Services 0 3.616 K svchost.exe 1192 Services 0 9.024 K svchost.exe 1304 Services 0 17.384 K spoolsv.exe 1532 Services 0 6.952 K svchost.exe 1604 Services 0 8.388 K dwm.exe 1336 Console 1 44.756 K asghost.exe 1832 Console 1 20.576 K MSASCui.exe 2044 Console 1 10.268 K sm56hlpr.exe 564 Console 1 4.248 K SynTPEnh.exe 2156 Console 1 5.020 K RtHDVCpl.exe 2172 Console 1 5.416 K IAAnotif.exe 2196 Console 1 4.788 K QPService.exe 2208 Console 1 10.040 K QLBCTRL.exe 2220 Console 1 5.932 K HPWAMain.exe 2240 Console 1 4.968 K WiFiMsg.exe 2248 Console 1 4.036 K rundll32.exe 2276 Console 1 4.068 K jusched.exe 2296 Console 1 3.092 K hpwuSchd2.exe 2324 Console 1 3.080 K qttask.exe 2340 Console 1 3.252 K napster.exe 2380 Console 1 3.752 K sidebar.exe 2388 Console 1 8.612 K ehtray.exe 2396 Console 1 2.120 K VeohClient.exe 2408 Console 1 21.256 K rundll32.exe 2444 Console 1 5.320 K ehmsas.exe 2636 Console 1 4.248 K CLCapSvc.exe 2968 Services 0 11.828 K IAANTmon.exe 3048 Services 0 5.240 K LSSrvc.exe 3156 Services 0 2.952 K svchost.exe 3264 Services 0 3.608 K svchost.exe 3304 Services 0 4.968 K svchost.exe 3384 Services 0 1.792 K SearchIndexer.exe 3436 Services 0 34.352 K hpqwmiex.exe 3488 Services 0 4.444 K HijackThis.exe 3680 Console 1 9.260 K taskeng.exe 1272 Services 0 5.452 K WmiPrvSE.exe 2988 Services 0 6.076 K taskeng.exe 3808 Console 1 11.464 K wmpnscfg.exe 4020 Console 1 4.416 K msnmsgr.exe 3744 Console 1 9.560 K HpqToaster.exe 2272 Console 1 5.932 K ieuser.exe 3340 Console 1 21.392 K WLLoginProxy.exe 760 Console 1 8.872 K HPHC_Service.exe 4328 Services 0 11.376 K wuauclt.exe 5000 Console 1 5.740 K explorer.exe 3840 Console 1 37.772 K taskeng.exe 5476 Console 1 9.512 K iexplore.exe 2500 Console 1 111.932 K OTMoveIt2.exe 2724 Console 1 10.804 K SBCSSvc.exe 2788 Services 0 24.984 K SBCSTray.exe 2032 Console 1 6.120 K CounterSpy.exe 5852 Console 1 40.340 K usnsvc.exe 1888 Services 0 3.576 K SearchProtocolHost.exe 4860 Services 0 6.128 K VSSVC.exe 4680 Services 0 12.624 K svchost.exe 4848 Services 0 6.740 K FlashUtil9e.exe 5628 Console 1 5.428 K WinRAR.exe 3832 Console 1 13.272 K conime.exe 3180 Console 1 4.200 K SearchFilterHost.exe 4348 Services 0 6.496 K WinRAR.exe 2120 Console 1 13.832 K cmd.exe 5320 Console 1 3.092 K tasklist.exe 2228 Console 1 4.968 K WmiPrvSE.exe 5700 Services 0 5.912 K Microsoft Windows [Version 6.0.6000] http://www.paules-pc-forum.de ***** Malware Team ***** ***** Ende des Scans 07.04.2008 um 12:51:49,06 *** |
|
|
||
07.04.2008, 12:58
Ehrenmitglied
Beiträge: 29434 |
#11
wenn du jetzt noch mit dem Counterspy in Windows + Registry aufräumst, sollte das Problem der Vergangenheit angehören.
Berichte, ob noch Popups kommen (nach der ganzen Reinigungsprozedur) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.04.2008, 13:01
...neu hier
Themenstarter Beiträge: 7 |
#12
ok ich danke euch nochmal für eure super hilfe danke schön
|
|
|
||
28.05.2008, 21:57
...neu hier
Beiträge: 2 |
#13
Guten Abend,
leider bin auch ich ein opfer des CID-Pop ups geworden, und brauch e nun dringend eure Hilfe. Ich habe hier mal die Hijackfile. Logfile of HijackThis v1.99.1 Scan saved at 21:57:08, on 28.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\Lexmark 2200 Series\lxbvbmgr.exe C:\Programme\Winamp\winampa.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\system32\keyhook.exe C:\Programme\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\aon\aonMessageCenter\aonMessageCenter.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\aon\aonUpdate\aonUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\notepad.exe C:\Dokumente und Einstellungen\arman zupcevic\Desktop\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.party-xxl.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [aonUpdate] C:\Programme\aon\aonUpdate\aonUpdate.exe /tray O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-AT/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C92E8858-B4C3-405C-92D1-1752432306E9}: NameServer = 195.3.96.67 195.3.96.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{E575B87E-9B70-40AD-9225-52A4A7FC070A}: NameServer = 195.3.96.67,195.3.96.68 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Ein großes Danke schon im voraus. |
|
|
||
28.05.2008, 22:15
Ehrenmitglied
Beiträge: 6028 |
#14
Download Deljob.exe zum Desktop
Doppelklick: Deljob.exe Ein logfile wird sich oeffnen (logit.txt) Kopiere den Inhalt des Berichts “ logit.txt"in diesen Thread __________ MfG Argus |
|
|
||
29.05.2008, 09:18
...neu hier
Beiträge: 2 |
#15
--------------------------------------------------------
No LOP job-files found -------------------------------------------------------- Files in Windows Tasks folder AppleSoftwareUpdate.job -------------------------------------------------------- Export App Data folders -------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 102D-E2B5 Verzeichnis von C:\Dokumente und Einstellungen\air\Anwendungsdaten 28.05.2008 21:48 <DIR> . 28.05.2008 21:48 <DIR> .. 30.06.2006 14:06 <DIR> Adobe 30.01.2006 22:02 <DIR> AdobeUM 07.03.2006 18:13 <DIR> Ahead 05.03.2007 21:08 <DIR> APPLEC~1 Apple Computer 01.02.2008 17:45 <DIR> Ebner 04.09.2006 11:01 <DIR> Google 23.02.2006 21:10 <DIR> Help 22.03.2008 17:24 <DIR> ICQLite 26.01.2006 16:59 <DIR> IDENTI~1 Identities 30.01.2006 15:21 <DIR> MACROM~1 Macromedia 05.05.2006 14:54 <DIR> MAGICS~1 Magic Set Editor 07.03.2006 17:51 <DIR> MEDIAP~1 Media Player Classic 06.02.2008 10:35 <DIR> MICROS~1 Microsoft 31.10.2007 20:33 <DIR> NCHSWI~1 NCH Swift Sound 14.09.2007 16:00 <DIR> Nokia 14.09.2007 16:00 <DIR> NOKIAM~1 Nokia Multimedia Player 09.09.2007 16:30 <DIR> PCSUIT~1 PC Suite 01.02.2008 17:44 <DIR> SecuROM 27.05.2008 12:07 <DIR> Skype 22.04.2006 21:25 <DIR> Sun 26.01.2006 17:01 <DIR> ULEADS~1 Ulead Systems 22.10.2007 15:27 <DIR> WinRAR 0 Datei(en) 0 Bytes 24 Verzeichnis(se), 10.058.448.896 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 102D-E2B5 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Application Data 09.04.2007 21:23 <DIR> . 09.04.2007 21:23 <DIR> .. 26.01.2006 20:36 <DIR> MIMARS~1 MimarSinan 09.04.2007 16:25 <DIR> {13124~1 {13124874-D067-4458-B459-EE33F26A5188} 09.04.2007 16:26 <DIR> {5907B~1 {5907B9DF-703D-4FD5-977E-4DDDDFBBD0ED} 09.04.2007 16:27 <DIR> {BF5A9~1 {BF5A9BF5-E080-4035-B590-58AF4D383BD7} 09.04.2007 16:27 <DIR> {E540F~1 {E540FEC7-CC61-4E6D-867E-98C3338C1249} 09.04.2007 16:26 <DIR> {FB764~1 {FB764C74-B24A-410F-8CC9-10F07016C576} 0 Datei(en) 0 Bytes 8 Verzeichnis(se), 10.058.448.896 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 102D-E2B5 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 28.05.2008 21:48 <DIR> . 28.05.2008 21:48 <DIR> .. 29.01.2006 11:31 <DIR> Adobe 29.05.2008 09:13 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic 05.03.2007 21:02 <DIR> APPLEC~1 Apple Computer 09.11.2006 20:54 <DIR> BVRPSO~1 BVRP Software 04.09.2006 10:32 <DIR> Google 07.09.2007 12:56 <DIR> INSTAL~1 Installations 14.01.2008 22:50 <DIR> MESSEN~1 Messenger Plus! 03.12.2006 21:38 <DIR> MICROS~1 Microsoft 26.01.2006 20:37 <DIR> mquadr.at 24.10.2007 18:55 <DIR> NCHSWI~1 NCH Swift Sound 07.09.2007 13:06 <DIR> PCSUIT~1 PC Suite 26.07.2006 16:53 <DIR> QUICKT~1 QuickTime 02.07.2006 12:39 <DIR> Skype 09.04.2007 15:28 <DIR> SPYBOT~1 Spybot - Search & Destroy 28.05.2008 22:02 <DIR> TEMP 26.01.2006 13:42 <DIR> ULEADS~1 Ulead Systems 20.09.2006 20:17 <DIR> WINDOW~1 Windows Genuine Advantage 13.09.2007 21:48 <DIR> WINDOW~2 Windows Live Toolbar 0 Datei(en) 0 Bytes 20 Verzeichnis(se), 10.058.444.800 Bytes frei -------------------------------------------------------- All User Accounts -------------------------------------------------------- All Users Privat Air Büro -------------------------------------------------------- |
|
|
||
Scan saved at 09:12:06, on 07.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Stefan und Steffi\Downloads\HiJackThis202.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Blubster] C:\PROGRA~1\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TickBarb] "C:\ProgramData\STOPMEALMEAL.9ka90vc"
O4 - HKCU\..\Run: [warn default inter for] "C:\ProgramData\itch soft idol.0985f29"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-de.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB41D33-B7E9-445C-B98E-CFFEA578C4C6}: NameServer = 192.168.2.1,194.25.2.129
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13679 bytes
hallo, poste heute zum ersten mal hier. bekomme seit tagen immer diese CiD fenster bekomme sie aber nicht weg habe mit antivir gescannt der zeigt mir aber nichts an. habe nun mal die logfile erstellt und hier rein gestellt. hoffe es bringt was und ihr könnt mir helfen wäre echt super...langsam geht einem das aufn keks :-) danke schonmal om vorraus....