Schon wieder ein Opfer des Vundo.... |
||
---|---|---|
#0
| ||
06.05.2008, 17:54
...neu hier
Beiträge: 5 |
||
|
||
06.05.2008, 18:08
Moderator
Beiträge: 5694 |
#2
Hallo dOmi
>> fixe mit HijacktHis Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintägen: Zitat O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\awtuuVOI.dllund wähle fix checked. + starte den Rechner neu. >> Wende Combofix an und poste das log http://virus-protect.org/artikel/tools/combofix.html Gruss Swiss Dieser Beitrag wurde am 06.05.2008 um 18:20 Uhr von Tonstudio editiert.
|
|
|
||
06.05.2008, 18:38
...neu hier
Themenstarter Beiträge: 5 |
#3
Hier die Logfile des ComboFix.
ComboFix 08-05-01.3 - Bored 2008-05-06 18:30:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.1619 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Bored\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awtuuVOI.dll C:\WINDOWS\system32\j7 C:\WINDOWS\system32\n4 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\t2 . ((((((((((((((((((((((( Dateien erstellt von 2008-04-06 bis 2008-05-06 )))))))))))))))))))))))))))))) . 2008-05-06 13:41 . 2008-05-06 13:41 <DIR> d-------- C:\VundoFix Backups 2008-05-05 14:35 . 2008-05-05 14:51 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2008-05-05 14:24 . 2008-05-05 14:26 <DIR> d-------- C:\Programme\Enigma Software Group 2008-05-05 14:20 . 2008-05-05 14:20 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-05-05 10:57 . 2008-05-06 13:43 <DIR> d-------- C:\WINDOWS\system32\oBL 2008-05-05 10:57 . 2008-05-05 10:58 <DIR> d-------- C:\Programme\winvi 2008-05-05 10:56 . 2008-05-06 13:42 <DIR> d-------- C:\WINDOWS\system32\bkEur01 2008-05-05 10:56 . 2008-05-06 18:15 <DIR> d-------- C:\Temp 2008-05-05 10:55 . 2008-05-05 10:55 280 --a------ C:\WINDOWS\game.ini 2008-05-05 10:36 . 2008-05-05 10:36 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-05-05 09:19 . 2008-05-05 09:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-05 09:19 . 2008-05-05 09:19 22,328 --a------ C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\PnkBstrK.sys 2008-05-05 09:18 . 2008-05-05 09:18 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-05-05 09:18 . 2008-05-05 09:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-05-05 09:18 . 2008-05-05 09:18 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-04-20 20:48 . 2008-04-20 20:48 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-04-14 16:01 . 2008-04-14 16:01 <DIR> d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\CyberLink 2008-04-14 16:01 . 2008-04-14 16:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink 2008-04-14 15:46 . 2008-04-14 15:46 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia 2008-04-14 15:42 . 2008-04-14 15:42 <DIR> d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\dvdcss 2008-04-12 12:29 . 2008-04-12 12:29 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Eigene Dateien 2008-04-08 18:09 . 2008-04-08 18:09 <DIR> d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\Nero 2008-04-06 16:12 . 2008-04-08 18:10 <DIR> d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\DivX 2008-04-06 15:57 . 2008-04-06 15:57 <DIR> d-------- C:\WINDOWS\Sun 2008-04-06 15:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-06 15:56 . 2008-04-06 15:57 <DIR> d-------- C:\Programme\Java 2008-04-06 15:56 . 2008-04-06 15:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java 3 Datei(en) . 22,446 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 16:28 --------- d-----w C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\Skype 2008-05-06 10:49 --------- d-----w C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\skypePM 2008-05-05 12:19 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-05 08:55 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-04-20 18:21 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-15 14:20 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe 2008-04-14 13:59 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-03-29 12:07 8,067 ----a-w C:\Dokumente und Einstellungen\Bored\mpr2.dat 2008-03-29 12:07 8,067 ----a-w C:\Dokumente und Einstellungen\Bored\mpr.dat 2008-03-27 15:33 --------- d-----w C:\Programme\Microsoft Works 2008-03-27 15:33 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-03-27 15:32 --------- d-----w C:\Programme\MSBuild 2008-03-27 15:31 --------- d-----w C:\Programme\Microsoft.NET 2008-03-27 15:29 --------- d-----w C:\Programme\Microsoft Visual Studio 8 2008-03-23 21:27 102,400 ----a-w C:\WINDOWS\EarthView.scr 2008-03-23 21:27 --------- d-----w C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\DeskSoft 2008-03-21 12:14 --------- d-----w C:\Programme\Design Science 2008-03-10 12:38 --------- d-----w C:\Programme\Gemeinsame Dateien\Nero 2008-03-10 12:38 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-17 10:23 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-17 10:23 233,472 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-02-16 19:00 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat 2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\donj32drv.dll . ------- Sigcheck ------- 2004-08-10 02:30 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "NVIDIA nTune"="C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920] "SpybotSD TeaTimer"="F:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RCSystem"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152] "AudioDrvEmulator"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152] "CTHelper"="CTHELPER.EXE" [2005-08-08 00:10 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 00:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 15:06 262401] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 18:17 8527872] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 18:17 81920] "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="F:\Programme\Adobe\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:57 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuVOI] awtuuVOI.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\uTorrent\\uTorrent.exe"= "F:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "F:\\Heruntergeladenes\\ALIE_1.0.2.3\\alhlp.exe"= "F:\\Spiele\\Crysis Vollversion\\Bin32\\Crysis.exe"= "F:\\Programme\\Gamespy\\Comrade.exe"= "F:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "F:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "F:\\Spiele\\Call of duty 4\\iw3mp.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 23:54] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 18:33:20 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . F:\Programme\Ad aware\aawservice.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CTXFISPI.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe C:\Programme\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-05-06 18:36:35 - machine was rebooted [Bored] ComboFix-quarantined-files.txt 2008-05-06 16:36:32 9 Verzeichnis(se), 7,304,769,536 Bytes frei 14 Verzeichnis(se), 7,293,407,232 Bytes frei 175 |
|
|
||
06.05.2008, 18:45
Moderator
Beiträge: 5694 |
#4
Hallo DOmi
Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" « scanne mit Malwarebytes + poste den report http://virus-protect.org/artikel/tools/malwarebytes.html Gruss Swiss |
|
|
||
06.05.2008, 19:35
...neu hier
Themenstarter Beiträge: 5 |
#5
Hier die Logfile:
Datenbank Version: 724 Scan Art: Komplett Scan (C:\|E:\|F:\|) Objekte gescannt: 158514 Scan Dauer: 45 minute(s), 20 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 13 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: C:\Programme\winvi (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Programme\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\winvi\wupda.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuVOI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{35076320-4F00-4A86-B509-D90527F636F4}\RP92\A0007378.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{35076320-4F00-4A86-B509-D90527F636F4}\RP93\A0007708.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Programme\backups\backup-20080505-144453-420.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Programme\backups\backup-20080505-144509-878.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Programme\backups\backup-20080506-182423-989.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Programme\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Programme\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Programme\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Programme\winvi\dsktp\desktop.html (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Programme\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Programme\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully. |
|
|
||
06.05.2008, 20:37
Ehrenmitglied
Beiträge: 6028 |
#6
««
Start -- Ausführen -- schreib rein: cmd kopiere von hier aus rein: sc stop Schedule [klicke "enter"] und warte ein bisschen, dann kopiere rein: sc delete Schedule [klicke "enter"] ----------------------------------------------------------------- ComboFix neu laden Download ComboFix und speichert es auf den Desktop! Alle Fenster schliessen und combofix.exe starten Folge den Instruktionen in das Fenster Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner cfscript Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat Folder::CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen Combofix noch mal anwenden poste dann nach neustart das neue Log __________ MfG Argus |
|
|
||
07.05.2008, 02:25
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo d0mi
Virustotal http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\donj32drv.dll Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2008, 10:43
...neu hier
Themenstarter Beiträge: 5 |
#8
hmm... hab glaub ich grad nen fehler gemacht.... verdammt... also Arnodls Anweisung kann ich nicht umsetzen weil combofix zwar startet jedoch nur noch ein blinkender Strich zu sehen ist... hab ich wohl irgendwas verbockt... und sabinas anweisung geht nicht mehr weil ich die Datei mitlerweile mit antivir gelöscht habe jetzt kann ichse nicht hochladen.... hab ich wohl auch verbockt.... sorry
|
|
|
||
07.05.2008, 10:57
Ehrenmitglied
Beiträge: 29434 |
#9
Hallo,
http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\VundoFix BackupsKlicke auf den Roten MoveIt! Text im rechten Fenster / Results Mit rechtem Mausklick abkopieren und im Forenbeitrag mit rechtem Mausklick "einfügen" »» wende comboscan an + poste hier die 2 Logs, die estellt werden http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.05.2008, 11:22
...neu hier
Themenstarter Beiträge: 5 |
#10
OTMoveIT:
C:\VundoFix Backups moved successfully. C:\WINDOWS\system32\oBL moved successfully. C:\WINDOWS\system32\bkEur01 moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05072008_111805 Comboscan: main.txt: Deckard's System Scanner v20071014.68 Run by Bored on 2008-05-07 11:19:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 94: 2008-05-07 09:19:33 UTC - RP94 - Deckard's System Scanner Restore Point 93: 2008-05-06 16:29:33 UTC - RP93 - ComboFix created restore point 92: 2008-05-05 12:20:28 UTC - RP92 - Installed Ad-Aware 2007 91: 2008-05-05 08:45:03 UTC - RP91 - Installiert Call of Duty(R) 4 - Modern Warfare(TM) 90: 2008-05-05 08:43:49 UTC - RP90 - Installiert Call of Duty(R) 4 - Modern Warfare(TM) -- First Restore Point -- 1: 2008-02-16 18:32:12 UTC - RP1 - Systemprüfpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Bored.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:20:04, on 07.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe F:\Programme\Ad aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe F:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe F:\Programme\ICQ6\ICQ.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Bored\Desktop\OTMoveIt2.exe C:\Dokumente und Einstellungen\Bored\Desktop\dss.exe F:\PROGRA~1\Bored.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programme\Adobe\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutorunsDisabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll O20 - Winlogon Notify: awtuuVOI - awtuuVOI.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programme\Ad aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8663 bytes -- HijackThis Fixed Entries (F:\PROGRA~1\backups\) ----------------------------- backup-20080505-144338-901 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install backup-20080505-144338-819 O4 - HKLM\..\RunServices: [Driver32] Overwritten when removing W32/Sircam-A, please delete. backup-20080505-144338-598 O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background backup-20080505-144338-993 O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background backup-20080505-144338-808 O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab backup-20080505-144340-847 O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll backup-20080505-144436-941 O4 - HKLM\..\Run: [autoload] C:\Dokumente und Einstellungen\Bored\cftmon.exe backup-20080505-144453-420 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\awtuuVOI.dll backup-20080505-144509-878 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\awtuuVOI.dll backup-20080506-125437-158 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php backup-20080506-174055-635 O20 - Winlogon Notify: awtuuVOI - C:\WINDOWS\SYSTEM32\awtuuVOI.dll backup-20080506-174102-948 O20 - Winlogon Notify: awtuuVOI - C:\WINDOWS\SYSTEM32\awtuuVOI.dll backup-20080506-182423-989 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\awtuuVOI.dll backup-20080506-182423-769 O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe backup-20080506-182423-164 O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe backup-20080506-182423-978 O4 - HKCU\..\Run: [autoload] C:\Dokumente und Einstellungen\Bored\cftmon.exe backup-20080506-182423-801 O20 - Winlogon Notify: awtuuVOI - C:\WINDOWS\SYSTEM32\awtuuVOI.dll backup-20080506-182423-130 O23 - Service: Taskplaner (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing) -- File Associations ----------------------------------------------------------- [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 giveio - c:\windows\system32\giveio.sys R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R1 AsIO - c:\windows\system32\drivers\asio.sys R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 nTuneService (nTune Service) - c:\programme\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4 Manufacturer: Marvell Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4 Service: yukonwxp Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: RTL8187_Wireless Device ID: USB\VID_0BDA&PID_8187\0015AF0D17D9 Manufacturer: Name: RTL8187_Wireless PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0D17D9 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM-Bus-Controller Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB Manufacturer: Name: SM-Bus-Controller PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB Service: -- Files created between 2008-04-07 and 2008-05-07 ----------------------------- 2008-05-07 10:39:53 0 d-------- C:\ComboFixb 2008-05-06 18:29:16 68096 --a------ C:\WINDOWS\zip.exe 2008-05-06 18:29:16 49152 --a------ C:\WINDOWS\VFind.exe 2008-05-06 18:29:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-06 18:29:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-06 18:29:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-06 18:29:16 98816 --a------ C:\WINDOWS\sed.exe 2008-05-06 18:29:16 80412 --a------ C:\WINDOWS\grep.exe 2008-05-06 18:29:16 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-06 13:07:52 0 d-------- C:\WINDOWS\pss 2008-05-05 14:24:48 0 d-------- C:\Programme\Enigma Software Group 2008-05-05 10:56:57 0 d-------- C:\Temp 2008-05-05 10:36:07 0 d--hs---- C:\WINDOWS\ftpcache 2008-05-05 09:18:42 669184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-04-20 20:48:31 0 d-------- C:\WINDOWS\system32\URTTEMP 2008-04-14 15:46:09 0 d-------- C:\Programme\Gemeinsame Dateien\AVSMedia 2008-04-14 15:46:08 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-04-14 15:46:08 524288 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-04-14 15:46:08 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec> 2008-04-14 15:46:08 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4> -- Find3M Report --------------------------------------------------------------- 2008-05-07 11:14:36 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\Skype 2008-05-07 10:35:29 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\skypePM 2008-05-06 18:48:42 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\Malwarebytes 2008-05-05 14:19:54 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-05 10:55:25 0 d--h----- C:\Programme\InstallShield Installation Information 2008-05-01 14:17:56 0 d-------- C:\Programme\Gemeinsame Dateien 2008-04-20 20:48:52 415454 --a------ C:\WINDOWS\system32\perfh007.dat 2008-04-20 20:48:52 75186 --a------ C:\WINDOWS\system32\perfc007.dat 2008-04-15 16:20:53 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe 2008-04-15 15:11:05 56 --a------ C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\AVSDVDPlayer.m3u 2008-04-14 16:01:51 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\CyberLink 2008-04-14 15:42:21 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\dvdcss 2008-04-08 18:10:09 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\DivX 2008-04-08 18:09:07 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\Nero 2008-04-06 15:57:30 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\Sun 2008-04-06 15:57:18 0 d-------- C:\Programme\Java 2008-04-06 15:56:05 0 d-------- C:\Programme\Gemeinsame Dateien\Java 2008-03-27 17:33:05 0 d-------- C:\Programme\Microsoft Works 2008-03-27 17:32:54 0 d-------- C:\Programme\MSBuild 2008-03-27 17:31:51 0 d-------- C:\Programme\Microsoft.NET 2008-03-27 17:29:58 0 d-------- C:\Programme\Microsoft Visual Studio 8 2008-03-23 23:27:32 102400 --a------ C:\WINDOWS\EarthView.scr 2008-03-23 23:27:32 0 d-------- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\DeskSoft 2008-03-21 14:14:56 0 d-------- C:\Programme\Design Science 2008-03-10 14:38:52 0 d-------- C:\Programme\Gemeinsame Dateien\Nero 2008-02-21 04:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 04:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-02-21 04:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-02-21 04:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-02-21 04:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 04:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 04:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 04:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-02-17 12:23:31 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2008-02-16 20:50:44 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-02-16 20:26:03 0 -rahs---- C:\MSDOS.SYS 2008-02-16 20:26:03 0 -rahs---- C:\IO.SYS 2008-02-16 20:26:03 0 --a------ C:\CONFIG.SYS 2008-02-16 20:26:03 0 --a------ C:\AUTOEXEC.BAT 2008-02-16 20:22:55 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-02-16 20:15:25 62 --ahs---- C:\Dokumente und Einstellungen\Bored\Anwendungsdaten\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RCSystem"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [16.06.2005 19:25] "AudioDrvEmulator"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [16.06.2005 19:25] "CTHelper"="CTHELPER.EXE" [08.08.2005 00:10 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [08.08.2005 00:10 C:\WINDOWS\system32\CTXFIHLP.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 02:00] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [17.04.2008 15:06] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25.10.2007 18:17] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25.10.2007 18:17] "GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 01:47] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25] "Adobe Reader Speed Launcher"="F:\Programme\Adobe\Reader\Reader_sl.exe" [11.01.2008 22:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:57] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [01.02.2008 18:22] "NVIDIA nTune"="C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [04.09.2007 20:25] "SpybotSD TeaTimer"="F:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuVOI] awtuuVOI.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" -- End of Deckard's System Scanner: finished at 2008-05-07 11:20:42 ------------ extra.txt: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz CPU 1: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz Percentage of Memory in Use: 22% Physical Memory (total/avail): 2047.04 MiB / 1585.45 MiB Pagefile Memory (total/avail): 3943.5 MiB / 3555.98 MiB Virtual Memory (total/avail): 2047.88 MiB / 1933.14 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.99 GiB total, 6.39 GiB free. D: is CDROM (No Media) E: is Fixed (NTFS) - 19.53 GiB total, 4.19 GiB free. F: is Fixed (FAT32) - 72.25 GiB total, 34.61 GiB free. \\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 3 partitions \PARTITION0 (bootable) - Installierbares Dateisystem - 19.99 GiB - C: \PARTITION1 - Erweitert mit Int 13 (erweitert) - 91.8 GiB - E: - F: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FirstRunDisabled is set. AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) [COLOR=RED]Disabled[/COLOR] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "F:\\Programme\\ICQ6\\ICQ.exe"="F:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "F:\\Heruntergeladenes\\ALIE_1.0.2.3\\alhlp.exe"="F:\\Heruntergeladenes\\ALIE_1.0.2.3\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program" "F:\\Spiele\\Crysis Vollversion\\Bin32\\Crysis.exe"="F:\\Spiele\\Crysis Vollversion\\Bin32\\Crysis.exe:*:Enabled:Crysis" "F:\\Programme\\Gamespy\\Comrade.exe"="F:\\Programme\\Gamespy\\Comrade.exe:*:Enabled:Comrade" "F:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="F:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "F:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="F:\\Spiele\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB" "F:\\Spiele\\Call of duty 4\\iw3mp.exe"="F:\\Spiele\\Call of duty 4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\Bored\Anwendungsdaten CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=I-F1CD1CE9C3894 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\Bored LOGONSERVER=\\I-F1CD1CE9C3894 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Programme\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Programme PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\Bored\LOKALE~1\Temp TMP=C:\DOKUME~1\Bored\LOKALE~1\Temp USERDOMAIN=I-F1CD1CE9C3894 USERNAME=Bored USERPROFILE=C:\Dokumente und Einstellungen\Bored windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Bored (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER --> F:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7 /remove --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Ai Booster --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x7 ASUS DH Remote --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\setup.exe" -l0x7 µTorrent --> "C:\Programme\uTorrent\uTorrent.exe" /UNINSTALL Avira AntiVir Personal – Free Antivirus --> C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407 Call of Duty(R) 4 - Modern Warfare(TM) Demo --> C:\Programme\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409 Canon iP5200 --> C:\WINDOWS\system32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll" Canon Setup Utility 2.0 --> "C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini Canon Utilities Easy-PhotoPrint --> C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE CD-LabelPrint --> "C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application CleanUp! --> F:\Programme\cleanup\uninstall.exe Creative-Systeminformationen --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove Creative Media Toolbox --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x7 /remove Creative MediaSource --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x7 /remove DivX Codec --> F:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> F:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> F:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> F:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> F:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN EarthView V3.8.0 --> F:\Programme\EarthView\Uninstall.exe Easy-WebPrint --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "F:\Programme\HijackThis.exe" /uninstall ICQ6 --> C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Malwarebytes' Anti-Malware --> "F:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} MathPlayer --> C:\Programme\Design Science\MathPlayer\Setup.exe -u Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Nero 8 Micro 8.2.8.0 --> "F:\Programme\Nero\unins000.exe" Norton PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI NVIDIA nTune --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1031 Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664} PC Probe II --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x7 PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u Real Alternative 1.7.5 --> "F:\Programme\Real Alternative\unins000.exe" Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7 -removeonly S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] --> "F:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe" Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove SpeedFan (remove only) --> "F:\Programme\SpeedFan\uninstall.exe" Spybot - Search & Destroy --> "F:\Programme\Spybot - Search & Destroy\unins000.exe" VideoLAN VLC media player 0.8.6d --> F:\Programme\VLC\uninstall.exe Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR --> C:\Programme\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type1982 / Warning Event Submitted/Written: 05/07/2008 10:41:02 AM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Drop.Agent.65536C:\WINDOWS\system32\donj32drv.dll Event Record #/Type1981 / Warning Event Submitted/Written: 05/07/2008 10:40:55 AM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Drop.Agent.65536C:\WINDOWS\system32\donj32drv.dll Event Record #/Type1980 / Warning Event Submitted/Written: 05/07/2008 10:39:51 AM Event ID/Source: 4113 / Avira AntiVir Event Description: SPR/Tool.PVC:\327882R2FWJFW\pv.cfexe Event Record #/Type1979 / Warning Event Submitted/Written: 05/07/2008 10:39:27 AM Event ID/Source: 4113 / Avira AntiVir Event Description: SPR/Tool.PVC:\327882R2FWJFW\pv.cfexe Event Record #/Type1973 / Warning Event Submitted/Written: 05/06/2008 06:59:47 PM Event ID/Source: 4113 / Avira AntiVir Event Description: DR/Nsis.StartPage.C.18C:\System Volume Information\_restore{35076320-4F00-4A86-B509-D90527F636F4}\RP93\A0007762.exe -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4562 / Error Event Submitted/Written: 05/06/2008 06:27:07 PM Event ID/Source: 7000 / Service Control Manager Event Description: Der Dienst "Taskplaner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Event Record #/Type4534 / Error Event Submitted/Written: 05/06/2008 04:43:04 PM Event ID/Source: 7000 / Service Control Manager Event Description: Der Dienst "Taskplaner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Event Record #/Type4508 / Error Event Submitted/Written: 05/06/2008 00:28:24 PM Event ID/Source: 7000 / Service Control Manager Event Description: Der Dienst "Taskplaner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Event Record #/Type4485 / Error Event Submitted/Written: 05/05/2008 06:29:50 PM Event ID/Source: 7000 / Service Control Manager Event Description: Der Dienst "Taskplaner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Event Record #/Type4452 / Error Event Submitted/Written: 05/05/2008 02:15:37 PM Event ID/Source: 7000 / Service Control Manager Event Description: Der Dienst "Taskplaner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 -- End of Deckard's System Scanner: finished at 2008-05-07 11:20:42 ------------ |
|
|
||
07.05.2008, 11:58
Ehrenmitglied
Beiträge: 29434 |
#11
1.
deaktiviere den TeaTimer.exe 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked Zitat O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe3. scanne im abgesicherten Modus + poste nach Neustart den Report http://virus-protect.org/artikel/tools/sdfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:21, on 06.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Programme\Ad aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
F:\Programme\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\awtuuVOI.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programme\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Dokumente und Einstellungen\Bored\cftmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: awtuuVOI - C:\WINDOWS\SYSTEM32\awtuuVOI.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Programme\Ad aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Taskplaner (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
--
End of file - 8811 bytes