Trojaner gefunden&System läuft sehr langsam.Bitte um Log auswertung. |
||
---|---|---|
#0
| ||
24.04.2008, 21:15
Member
Beiträge: 81 |
||
|
||
25.04.2008, 00:04
Ehrenmitglied
Beiträge: 6028 |
||
|
||
25.04.2008, 00:35
Member
Themenstarter Beiträge: 81 |
#3
Hallo,
sorry hab den Bericht von spybot vergessen...... Was macht bearshare da bei mir,ich kenne das zwar,habe es aber nicht aufm rechner und nutze es schon gar nicht....... Gruß dreamei --- Report generated: 2008-04-24 20:13 --- Stud.A: [SBI $C8D697BF] Benutzereinstellungen (Registrierungsdatenbank-Wert, fixed) HKEY_USERS\S-1-5-21-1370159335-4017819814-1180011304-1006\Software\Microsoft\Internet Explorer\Main\WebPrefix Ask.MyGlobalSearch: [SBI $4DAB2DF8] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, fixed) HKEY_USERS\S-1-5-21-1370159335-4017819814-1180011304-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404} Bearshare: [SBI $C3478522] Root class (Registrierungsdatenbank-Schlüssel, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RunMSC.Loader Bearshare: [SBI $619E5F05] Root class (Registrierungsdatenbank-Schlüssel, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RunMSC.Loader.1 Bearshare: [SBI $A1687BAF] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare WebTrends live: Verfolgender Cookie (Firefox: default) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-04-24 unins000.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-04-16 Includes\Adware.sbi (*) 2008-04-17 Includes\AdwareC.sbi (*) 2008-04-17 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-04-17 Includes\DialerC.sbi (*) 2008-04-17 Includes\HeavyDuty.sbi (*) 2008-03-19 Includes\Hijackers.sbi (*) 2008-04-17 Includes\HijackersC.sbi (*) 2008-02-27 Includes\Keyloggers.sbi (*) 2008-04-17 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-03-26 Includes\Malware.sbi (*) 2008-04-17 Includes\MalwareC.sbi (*) 2008-03-26 Includes\PUPS.sbi (*) 2008-04-17 Includes\PUPSC.sbi (*) 2008-04-17 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-04-17 Includes\SecurityC.sbi (*) 2008-04-16 Includes\Spybots.sbi (*) 2008-04-17 Includes\SpybotsC.sbi (*) 2008-04-16 Includes\Spyware.sbi (*) 2008-04-17 Includes\SpywareC.sbi (*) 2007-11-06 Includes\Tracks.uti 2008-04-16 Includes\Trojans.sbi (*) 2008-04-17 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- Report generated: 2008-04-24 20:04 --- Stud.A: [SBI $C8D697BF] Benutzereinstellungen (Registrierungsdatenbank-Wert, nothing done) HKEY_USERS\S-1-5-21-1370159335-4017819814-1180011304-1006\Software\Microsoft\Internet Explorer\Main\WebPrefix Ask.MyGlobalSearch: [SBI $4DAB2DF8] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_USERS\S-1-5-21-1370159335-4017819814-1180011304-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404} Bearshare: [SBI $C3478522] Root class (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RunMSC.Loader Bearshare: [SBI $619E5F05] Root class (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RunMSC.Loader.1 Bearshare: [SBI $A1687BAF] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare WebTrends live: Verfolgender Cookie (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-04-24 unins000.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-04-16 Includes\Adware.sbi (*) 2008-04-17 Includes\AdwareC.sbi (*) 2008-04-17 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-04-17 Includes\DialerC.sbi (*) 2008-04-17 Includes\HeavyDuty.sbi (*) 2008-03-19 Includes\Hijackers.sbi (*) 2008-04-17 Includes\HijackersC.sbi (*) 2008-02-27 Includes\Keyloggers.sbi (*) 2008-04-17 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-03-26 Includes\Malware.sbi (*) 2008-04-17 Includes\MalwareC.sbi (*) 2008-03-26 Includes\PUPS.sbi (*) 2008-04-17 Includes\PUPSC.sbi (*) 2008-04-17 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-04-17 Includes\SecurityC.sbi (*) 2008-04-16 Includes\Spybots.sbi (*) 2008-04-17 Includes\SpybotsC.sbi (*) 2008-04-16 Includes\Spyware.sbi (*) 2008-04-17 Includes\SpywareC.sbi (*) 2007-11-06 Includes\Tracks.uti 2008-04-16 Includes\Trojans.sbi (*) 2008-04-17 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll 24.04.2008 19:42:45 - ##### check started ##### 24.04.2008 19:42:45 - ### Version: 1.5.2 24.04.2008 19:42:45 - ### Date: 24.04.2008 19:42:45 24.04.2008 19:42:46 - ##### checking bots ##### 24.04.2008 19:43:09 - found: Stud.A Benutzereinstellungen 24.04.2008 19:51:26 - found: Ask.MyGlobalSearch Benutzereinstellungen 24.04.2008 19:51:27 - found: Bearshare Root class 24.04.2008 19:51:27 - found: Bearshare Root class 24.04.2008 19:51:27 - found: Bearshare Einstellungen 24.04.2008 20:04:47 - found: WebTrends live Verfolgender Cookie (Firefox: default) 24.04.2008 20:04:48 - ##### check finished ##### |
|
|
||
25.04.2008, 00:47
Ehrenmitglied
Beiträge: 6028 |
#4
Ueber P2P Programme folgendes http://malwareremoval.com/p2pindex.php
Scanne dein Rechner mit AVG AntiSpyware http://virus-protect.org/ewido.html Edit Fixe in Hijack This O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - ****://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=***://****.ebay.de (file missing) __________ MfG Argus |
|
|
||
25.04.2008, 02:33
Member
Themenstarter Beiträge: 81 |
#5
Hallo,
ich benutze solch Programme gar nicht,seltsam. Der Scan hat nichts ergeben.... Den Eintrag hab ich gefixt. Was kann ich noch tun? Gruß dreamei Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:38:48, on 25.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\bcmwltry.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.6.0_04\bin\jusched.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Spocky2\Desktop\hjt\hjt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Removecpl] removecpl.exe O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1370159335-4017819814-1180011304-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SPOCKY') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098702224421 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130693228109 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/de/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4953/mcfscan.cab O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Unknown owner - C:\Programme\0190 Warner\w0svc.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8116 bytes |
|
|
||
26.04.2008, 01:41
Member
Themenstarter Beiträge: 81 |
#6
Hallo,
nochmaliger scan mit spybot und wieder was gefunden....... :-( Was kann ich noch tun? Gruß dreamei --- Report generated: 2008-04-26 01:42 --- Adviva: Verfolgender Cookie (Firefox: default) (Cookie, fixed) DoubleClick: Verfolgender Cookie (Firefox: default) (Cookie, fixed) Tradedoubler: Verfolgender Cookie (Firefox: default) (Cookie, fixed) Tradedoubler: Verfolgender Cookie (Firefox: default) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-04-24 unins000.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-04-16 Includes\Adware.sbi (*) 2008-04-17 Includes\AdwareC.sbi (*) 2008-04-17 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-04-17 Includes\DialerC.sbi (*) 2008-04-17 Includes\HeavyDuty.sbi (*) 2008-03-19 Includes\Hijackers.sbi (*) 2008-04-17 Includes\HijackersC.sbi (*) 2008-02-27 Includes\Keyloggers.sbi (*) 2008-04-17 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-03-26 Includes\Malware.sbi (*) 2008-04-17 Includes\MalwareC.sbi (*) 2008-03-26 Includes\PUPS.sbi (*) 2008-04-17 Includes\PUPSC.sbi (*) 2008-04-17 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-04-17 Includes\SecurityC.sbi (*) 2008-04-16 Includes\Spybots.sbi (*) 2008-04-17 Includes\SpybotsC.sbi (*) 2008-04-16 Includes\Spyware.sbi (*) 2008-04-17 Includes\SpywareC.sbi (*) 2007-11-06 Includes\Tracks.uti 2008-04-16 Includes\Trojans.sbi (*) 2008-04-17 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll |
|
|
||
26.04.2008, 02:38
Ehrenmitglied
Beiträge: 6028 |
#7
klick Start -> Ausführen>> schreibe rein: Services.msc und Klick OK!
Suche "0190/0900 Warner Überwachungsdienst " "Eigenschaften" >> klick "Stop" >> Starttyp "deaktiviert" Mach dasselbe mit „NMIndexingService“ Entferne cookies zuerst mit z.b CleanUp und benutze dan Spybot s&d __________ MfG Argus |
|
|
||
26.04.2008, 13:57
Member
Themenstarter Beiträge: 81 |
#8
Hallo,
Cookis hab ich entfernt über CCleaner. Die beiden "Projekte" hab ich gestoppt und deaktiviert. Nochmaliger spybot scan. Ist mein Rechner jetzt sauber? Gruß dreamei --- Report generated: 2008-04-26 13:09 --- DoubleClick: Verfolgender Cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Verfolgender Cookie (Firefox: default) (Cookie, nothing done) Tradedoubler: Verfolgender Cookie (Firefox: default) (Cookie, nothing done) Tradedoubler: Verfolgender Cookie (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8.8) 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-04-24 unins000.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-04-16 Includes\Adware.sbi (*) 2008-04-17 Includes\AdwareC.sbi (*) 2008-04-17 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-04-17 Includes\DialerC.sbi (*) 2008-04-17 Includes\HeavyDuty.sbi (*) 2008-03-19 Includes\Hijackers.sbi (*) 2008-04-17 Includes\HijackersC.sbi (*) 2008-02-27 Includes\Keyloggers.sbi (*) 2008-04-17 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-03-26 Includes\Malware.sbi (*) 2008-04-17 Includes\MalwareC.sbi (*) 2008-03-26 Includes\PUPS.sbi (*) 2008-04-17 Includes\PUPSC.sbi (*) 2008-04-17 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-04-17 Includes\SecurityC.sbi (*) 2008-04-16 Includes\Spybots.sbi (*) 2008-04-17 Includes\SpybotsC.sbi (*) 2008-04-16 Includes\Spyware.sbi (*) 2008-04-17 Includes\SpywareC.sbi (*) 2007-11-06 Includes\Tracks.uti 2008-04-16 Includes\Trojans.sbi (*) 2008-04-17 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:09:50, on 26.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\bcmwltry.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Dokumente und Einstellungen\Spocky2\Desktop\hjt\hjt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Removecpl] removecpl.exe O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1370159335-4017819814-1180011304-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SPOCKY') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098702224421 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130693228109 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/de/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7053 bytes Dieser Beitrag wurde am 26.04.2008 um 14:01 Uhr von dreamei editiert.
|
|
|
||
nachdem ich spybot bei mir durchlaufen lassen habe kamen einige Trojaner zum vorschein! Habe diese gelöscht.
Allerdings läuft mein System sehr langsam zur Zeit!
Wer kann mir helfen?
Danke im vorraus!
Gruß dreamei
ComboFix 08-04-22.5 - ***** 2008-04-24 21:02:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.120 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\****\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((( Dateien erstellt von 2008-03-24 bis 2008-04-24 ))))))))))))))))))))))))))))))
.
2008-04-24 19:40 . 2008-04-24 19:40 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-04-24 19:40 . 2008-04-24 20:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-04-24 19:22 . 2008-04-24 19:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 19:22 . 2008-04-24 19:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-24 19:21 . 2008-04-24 19:22 <DIR> d-------- C:\Programme\iTunes
2008-04-24 19:21 . 2008-04-24 19:21 <DIR> d-------- C:\Programme\iPod
2008-04-09 01:14 . 2008-04-09 01:14 <DIR> d-------- C:\GSWIN
2008-04-09 01:14 . 2003-02-11 18:20 121,344 --a------ C:\WINDOWS\system32\gsbest32.dll
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:18 --------- d-----w C:\Programme\QuickTime
2008-04-24 17:13 --------- d-----w C:\Programme\Apple Software Update
2008-04-24 17:07 --------- d-----w C:\Programme\Java
2008-04-24 17:01 --------- d-----w C:\Programme\a-squared Free
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 14:33 --------- d-----w C:\Dokumente und Einstellungen\Spocky2\Anwendungsdaten\Apple Computer
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 15:16 --------- d-----w C:\Programme\CCleaner
2008-02-27 14:55 --------- d-----w C:\Dokumente und Einstellungen\Spocky2\Anwendungsdaten\ATI
2008-02-26 23:02 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-26 20:44 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-07-04 22:38 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-12-04 19:18 64000 C:\WINDOWS\SOUNDMAN.EXE]
"Removecpl"="removecpl.exe" [2003-01-16 11:33 24576 C:\WINDOWS\system32\RemoveCpl.exe]
"bcmwltry"="bcmwltry.exe" [2003-07-17 16:40 483328 C:\WINDOWS\system32\bcmwltry.exe]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 17:34 249896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-09-19 16:02 406016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
S2 0190_0900_Warner_MonitorService;0190/0900 Warner Überwachungsdienst;C:\Programme\0190 Warner\w0svc.exe []
S3 AVMUNET;AVM FRITZ!Box;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-04-18 17:15]
S3 Cap7134;Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-04-21 21:38]
S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-04-21 22:12]
*Newly Created Service* - IPOD_SERVICE
.
Inhalt des "geplante Tasks" Ordners
"2008-04-18 15:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2008\OneClick.exe
"2008-04-24 17:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, ***://*****.gmer.net
Rootkit scan 2008-04-24 21:04:28
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-04-24 21:05:58
ComboFix-quarantined-files.txt 2008-04-24 19:05:41
14 Verzeichnis(se), 5,826,183,168 Bytes frei
18 Verzeichnis(se), 6,221,283,328 Bytes frei
96 --- E O F --- 2008-04-11 19:52:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:42, on 24.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_04\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Spocky2\Desktop\hjt\hjt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Removecpl] removecpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1370159335-4017819814-1180011304-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SPOCKY')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - ****://adfarm.mediaplex.com/ad/ck/707-1170-5704-22?mpre=***://****.ebay.de (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - ****://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - ***://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - ****://****.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - ***://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098702224421
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - ***://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - ***://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130693228109
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - ****://****.ca.com/de/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} - ***://****.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - ****://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - ****://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - ****://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4953/mcfscan.cab
O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Unknown owner - C:\Programme\0190 Warner\w0svc.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 8359 bytes
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 10AB-1A05
Verzeichnis von C:\WINDOWS\system32
24.04.2008 19:07 6.642 jupdate-1.6.0_05-b13.log
24.04.2008 19:00 2.206 wpa.dbl
17.04.2008 15:08 488.022 perfh009.dat
17.04.2008 15:08 88.548 perfc009.dat
17.04.2008 15:08 520.342 perfh007.dat
17.04.2008 15:08 106.208 perfc007.dat
17.04.2008 15:08 1.217.860 PerfStringBackup.INI
10.04.2008 21:17 267.800 FNTCACHE.DAT
06.04.2008 07:56 19.836.024 MRT.exe
28.03.2008 23:37 90.112 QuickTimeVR.qtx
28.03.2008 23:37 57.344 QuickTime.qts
20.03.2008 10:03 1.845.376 win32k.sys
01.03.2008 18:24 3.591.680 mshtml.dll
01.03.2008 14:54 826.368 wininet.dll
01.03.2008 14:54 233.472 webcheck.dll
01.03.2008 14:54 105.984 url.dll
01.03.2008 14:54 1.159.680 urlmon.dll
01.03.2008 14:54 44.544 pngfilt.dll
01.03.2008 14:54 193.024 msrating.dll
01.03.2008 14:54 102.912 occache.dll
01.03.2008 14:54 671.232 mstime.dll
01.03.2008 14:54 478.208 mshtmled.dll
01.03.2008 14:53 459.264 msfeeds.dll
01.03.2008 14:53 52.224 msfeedsbs.dll
01.03.2008 14:53 27.648 jsproxy.dll
01.03.2008 14:53 1.831.424 inetcpl.cpl
01.03.2008 14:53 267.776 iertutil.dll
01.03.2008 14:53 44.544 iernonce.dll
01.03.2008 14:53 6.066.176 ieframe.dll
01.03.2008 14:53 384.512 iedkcs32.dll
01.03.2008 14:53 133.120 extmgr.dll
01.03.2008 14:53 63.488 icardie.dll
01.03.2008 14:53 383.488 ieapfltr.dll
01.03.2008 14:53 214.528 dxtrans.dll
01.03.2008 14:53 230.400 ieaksie.dll
01.03.2008 14:53 153.088 ieakeng.dll
01.03.2008 14:53 124.928 advpack.dll
01.03.2008 14:53 347.136 dxtmsft.dll
29.02.2008 10:54 70.656 ie4uinit.exe
22.02.2008 12:00 13.824 ieudinit.exe
22.02.2008 02:33 139.264 javaws.exe
22.02.2008 02:33 69.632 javacpl.cpl
22.02.2008 01:23 135.168 javaw.exe
22.02.2008 01:23 135.168 java.exe
20.02.2008 08:50 282.624 gdi32.dll
20.02.2008 07:33 148.992 dnsapi.dll
20.02.2008 07:33 45.568 dnsrslvr.dll
15.02.2008 07:44 161.792 ieakui.dll
07.02.2008 13:42 0 SBFC.dat
07.02.2008 13:42 0 SBRC.dat
05.02.2008 22:06 6.074 jupdate-1.6.0_04-b12.log
02.02.2008 20:49 2.550 Uninstall.ico
02.02.2008 20:49 1.406 Help.ico
02.02.2008 20:49 30.590 pavas.ico
29.01.2008 12:02 107.368 GEARAspi.dll
2303 Datei(en) 554.855.859 Bytes
0 Verzeichnis(se), 5.902.782.464 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 10AB-1A05
Verzeichnis von C:\DOKUME~1\Spocky2\LOKALE~1\Temp
24.04.2008 20:53 113.236 datfind.txt
24.04.2008 19:22 305 GEARInstall.log
24.04.2008 19:20 5.407 QTInstallCode.log
24.04.2008 19:19 3.884 qtplugin.log
24.04.2008 19:08 5.571 jusched.log
24.04.2008 19:07 500 java_install_reg.log
24.04.2008 19:07 0 java_install.log
24.04.2008 19:06 8.242 jinstall.cfg
09.03.2008 19:43 890 LastScan.txt
27.02.2008 18:11 61.069.244 nvcbin.def.6B48292D.TMP
03.02.2008 02:16 643 wmsetup.log
13 Datei(en) 61.911.429 Bytes
0 Verzeichnis(se), 5.902.794.752 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 10AB-1A05
Verzeichnis von C:\WINDOWS
24.04.2008 20:05 1.868.062 WindowsUpdate.log
24.04.2008 19:22 1.409 QTFont.for
24.04.2008 19:22 54.156 QTFont.qfn
24.04.2008 18:02 4.052 ModemLog_Smart Link 56K Modem.txt
24.04.2008 18:02 2.048 bootstat.dat
19.04.2008 01:48 23.924 SchedLgU.Txt
20.03.2008 02:12 714 win.ini
28.02.2008 12:08 243 system.ini
06.02.2008 19:02 922 Recorder.reg
06.02.2008 15:50 48 S9A5A41C3.tmp
06.02.2008 12:23 0 ativpsrm.bin
28.01.2008 13:52 311 tm.ini
28.01.2008 13:52 35 tdf.dii
20.01.2008 02:52 13.706 mozver.dat
111 Datei(en) 22.186.855 Bytes
0 Verzeichnis(se), 5.902.778.368 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 10AB-1A05
Verzeichnis von C:\WINDOWS\temp
24.04.2008 19:00 409 WGANotify.settings
24.04.2008 19:00 255 WGAErrLog.txt
11.04.2008 21:51 65.220 dd_dotnetfx20install.txt
11.04.2008 21:51 1.536 uxeventlog.txt
11.04.2008 21:51 10.668.028 dd_NET_Framework20_Setup57EE.txt
11.04.2008 21:50 5.158 ASPNETSetup_00000.log
11.04.2008 21:47 21.364 dd_depcheck_NETFX20_EXP_35.txt
7 Datei(en) 10.761.970 Bytes
0 Verzeichnis(se), 5.902.782.464 Bytes frei
.
.
.
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 10AB-1A05
Verzeichnis von C:\WINDOWS\Downloaded Program Files
04.02.2008 21:14 496.117 vet.da1
54 Datei(en) 59.843.930 Bytes
0 Verzeichnis(se), 5.902.778.368 Bytes frei
.
.
.